Chapter Overview - PowerPoint PPT Presentation

Chapter overview
Download
1 / 21

Chapter Overview. Planning an Audit Policy Implementing an Audit Policy Using Event Viewer. Auditing. Auditing is a network security tool that lets you track User activities Microsoft Windows XP Professional events Windows XP Professional can record events in the security log.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentationdownload

Chapter Overview

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Chapter overview l.jpg

Chapter Overview

  • Planning an Audit Policy

  • Implementing an Audit Policy

  • Using Event Viewer


Auditing l.jpg

Auditing

  • Auditing is a network security tool that lets you track

    • User activities

    • Microsoft Windows XP Professional events

  • Windows XP Professional can record events in the security log.

    • Valid and invalid logon attempts

    • Events related to creating, opening, or deleting files or other objects


Using an audit policy l.jpg

Using an Audit Policy

  • An audit policy defines the types of events recorded in the security log.

  • Windows XP Professional writes events to the security log on the computer where the event occurs.

  • You can set up an audit policy for a computer to

    • Track the success and failure of events

    • Minimize the risk of unauthorized use of resources


Determining what to audit l.jpg

Determining What to Audit

  • Determine which computers need auditing.

    • Auditing is turned off by default.

  • Plan what to audit on each computer.


Selecting events to audit l.jpg

Selecting Events to Audit

  • Accessing files and folders

  • Logging on and off

  • Shutting down and restarting a computer

  • Changing user accounts and groups

  • Attempting to make changes to objects in the Active Directory service


Auditing successful events and failed events l.jpg

Auditing Successful Events and Failed Events

  • Tracking successful events

    • Tells you how often Windows XP Professional or users access objects

    • Helps you plan resources

  • Tracking failed events

    • Alerts you to security breaches

    • Identifies frequent failed logon attempts


Auditing policy guidelines l.jpg

Auditing Policy Guidelines

  • Determine if you need to track system usage trends.

  • Review security logs frequently.

  • Define a useful, meaningful, and manageable audit policy.


Configuring auditing l.jpg

Configuring Auditing

  • Auditing requirements

    • You must have the Manage Auditing And Security Log user right.

    • The files and folders to be audited must be on NT file system (NTFS) volumes.

  • Setting up auditing is a two-part process.

    • Set the audit policy.

    • Enable auditing of specific resources.


Setting an audit policy l.jpg

Setting an Audit Policy


Auditing access to files and folders l.jpg

Auditing Access to Files and Folders

  • If security breaches are an issue, set up auditing for files and folders on an NTFS volume.

  • Set up your audit policy to audit object access, and then

    • Enable auditing for specific files and folders

    • Specify which types of access to audit


Events that can be audited for files and folders l.jpg

Events That Can Be Audited for Files and Folders


Auditing access to printers l.jpg

Auditing Access to Printers

  • Audit access to printers to track access to sensitive printers.

  • Set your audit policy to audit object access.

  • Enable auditing for specific printers.

    • Specify the type of access to audit.

    • Specify which users will have access.


Printer events that can be audited l.jpg

Printer Events That Can Be Audited


Understanding windows xp professional logs l.jpg

Understanding Windows XP Professional Logs

  • Use Event Viewer to view Windows XP Professional logs.

  • By default, Event Viewer contains three logs:

    • Application log

    • Security log

    • System log


Viewing security logs l.jpg

Viewing Security Logs

  • Type column: shows successful events (with a key icon) and unsuccessful events (with a lock icon)

  • Date column: shows the date the event occurred

  • Time column: shows the time the event occurred

  • Source column: shows the software that recorded the event (it can be an application or a component of the system)

  • Category column: shows the type of event, such as object access, account management, directory service access, or logon events

  • Event column: shows the EventID

  • User column: lists the user who succeeded or failed in the security access attempt

  • Computer column: shows the computer the event occurred on


Locating events l.jpg

Locating Events


Managing logs l.jpg

Managing Logs

  • You can control the maximum size of the logs.

    • The default size is 512 KB.

    • The maximum size is 64 KB to 4 GB.

  • You can specify what to do when a log is full.

    • Overwrite events as needed.

    • Overwrite events older than x days.

    • Do not overwrite events.


Archiving logs l.jpg

Archiving Logs

  • Keep logs for a specified period to track security-related information over time.

  • Configure logs in Event Viewer.

    • Archive the log.

    • Clear the log.

    • View an archived log.


Chapter summary l.jpg

Chapter Summary

  • Auditing helps ensure that your network is secure by tracking user activities and system-wide events.

  • Windows XP Professional records audited events in the security log.

  • In planning an audit policy, you must decide on which computers to set up auditing and what to audit on each one.

  • After you set your audit policy to audit object access, you can enable auditing for specific files, folders, and printers and specify which types of access to audit.


Chapter summary cont l.jpg

Chapter Summary (Cont.)

  • You must have the Manage Auditing And Security Log user right for the computer on which you want to configure an audit policy or review an audit log.

  • You use the Group Policy snap-in to set audit policies.

  • You use Event Viewer to view the contents of the Windows XP Professional logs.

  • Windows XP Professional has the following three logs by default: the application log, the security log, and the system log.


Chapter summary cont21 l.jpg

Chapter Summary (Cont.)

  • You use the Filter and Find commands in Event Viewer to easily locate specific events or types of events.

  • You view the security log on a remote computer by opening the MMC console and pointing Event Viewer to the remote computer.

  • You manage the Windows XP Professional logs by archiving them (to allow you to track trends over time) and by controlling the size of the log files.


ad
  • Login