Chapter overview
Download
1 / 21

ch12 191.0K - PowerPoint PPT Presentation


  • 239 Views
  • Uploaded on

Chapter Overview. Planning an Audit Policy Implementing an Audit Policy Using Event Viewer. Auditing. Auditing is a network security tool that lets you track User activities Microsoft Windows XP Professional events Windows XP Professional can record events in the security log.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ch12 191.0K' - Donna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter overview l.jpg
Chapter Overview

  • Planning an Audit Policy

  • Implementing an Audit Policy

  • Using Event Viewer


Auditing l.jpg
Auditing

  • Auditing is a network security tool that lets you track

    • User activities

    • Microsoft Windows XP Professional events

  • Windows XP Professional can record events in the security log.

    • Valid and invalid logon attempts

    • Events related to creating, opening, or deleting files or other objects


Using an audit policy l.jpg
Using an Audit Policy

  • An audit policy defines the types of events recorded in the security log.

  • Windows XP Professional writes events to the security log on the computer where the event occurs.

  • You can set up an audit policy for a computer to

    • Track the success and failure of events

    • Minimize the risk of unauthorized use of resources


Determining what to audit l.jpg
Determining What to Audit

  • Determine which computers need auditing.

    • Auditing is turned off by default.

  • Plan what to audit on each computer.


Selecting events to audit l.jpg
Selecting Events to Audit

  • Accessing files and folders

  • Logging on and off

  • Shutting down and restarting a computer

  • Changing user accounts and groups

  • Attempting to make changes to objects in the Active Directory service


Auditing successful events and failed events l.jpg
Auditing Successful Events and Failed Events

  • Tracking successful events

    • Tells you how often Windows XP Professional or users access objects

    • Helps you plan resources

  • Tracking failed events

    • Alerts you to security breaches

    • Identifies frequent failed logon attempts


Auditing policy guidelines l.jpg
Auditing Policy Guidelines

  • Determine if you need to track system usage trends.

  • Review security logs frequently.

  • Define a useful, meaningful, and manageable audit policy.


Configuring auditing l.jpg
Configuring Auditing

  • Auditing requirements

    • You must have the Manage Auditing And Security Log user right.

    • The files and folders to be audited must be on NT file system (NTFS) volumes.

  • Setting up auditing is a two-part process.

    • Set the audit policy.

    • Enable auditing of specific resources.



Auditing access to files and folders l.jpg
Auditing Access to Files and Folders

  • If security breaches are an issue, set up auditing for files and folders on an NTFS volume.

  • Set up your audit policy to audit object access, and then

    • Enable auditing for specific files and folders

    • Specify which types of access to audit



Auditing access to printers l.jpg
Auditing Access to Printers

  • Audit access to printers to track access to sensitive printers.

  • Set your audit policy to audit object access.

  • Enable auditing for specific printers.

    • Specify the type of access to audit.

    • Specify which users will have access.



Understanding windows xp professional logs l.jpg
Understanding Windows XP Professional Logs

  • Use Event Viewer to view Windows XP Professional logs.

  • By default, Event Viewer contains three logs:

    • Application log

    • Security log

    • System log


Viewing security logs l.jpg
Viewing Security Logs

  • Type column: shows successful events (with a key icon) and unsuccessful events (with a lock icon)

  • Date column: shows the date the event occurred

  • Time column: shows the time the event occurred

  • Source column: shows the software that recorded the event (it can be an application or a component of the system)

  • Category column: shows the type of event, such as object access, account management, directory service access, or logon events

  • Event column: shows the EventID

  • User column: lists the user who succeeded or failed in the security access attempt

  • Computer column: shows the computer the event occurred on



Managing logs l.jpg
Managing Logs

  • You can control the maximum size of the logs.

    • The default size is 512 KB.

    • The maximum size is 64 KB to 4 GB.

  • You can specify what to do when a log is full.

    • Overwrite events as needed.

    • Overwrite events older than x days.

    • Do not overwrite events.


Archiving logs l.jpg
Archiving Logs

  • Keep logs for a specified period to track security-related information over time.

  • Configure logs in Event Viewer.

    • Archive the log.

    • Clear the log.

    • View an archived log.


Chapter summary l.jpg
Chapter Summary

  • Auditing helps ensure that your network is secure by tracking user activities and system-wide events.

  • Windows XP Professional records audited events in the security log.

  • In planning an audit policy, you must decide on which computers to set up auditing and what to audit on each one.

  • After you set your audit policy to audit object access, you can enable auditing for specific files, folders, and printers and specify which types of access to audit.


Chapter summary cont l.jpg
Chapter Summary (Cont.)

  • You must have the Manage Auditing And Security Log user right for the computer on which you want to configure an audit policy or review an audit log.

  • You use the Group Policy snap-in to set audit policies.

  • You use Event Viewer to view the contents of the Windows XP Professional logs.

  • Windows XP Professional has the following three logs by default: the application log, the security log, and the system log.


Chapter summary cont21 l.jpg
Chapter Summary (Cont.)

  • You use the Filter and Find commands in Event Viewer to easily locate specific events or types of events.

  • You view the security log on a remote computer by opening the MMC console and pointing Event Viewer to the remote computer.

  • You manage the Windows XP Professional logs by archiving them (to allow you to track trends over time) and by controlling the size of the log files.


ad