Concept of “Auditing”

0

Auditing

Auditing is a security measure that tracks user and operating system activities by recording selected types of events in a log. The security audit log enables you to establish a baseline of normal operations, maintain a record of system activity, and detect and respond to attempts to breach computer security. In Windows, security auditing is enabled in two steps; first, you must enable auditing for a particular type of object or event. Then, if you want to audit access to individual objects such as folders, you must specify what to audit about the specific objects.

Auditing

Figure: Audit entries in a log.

Common Events to Audit

The most common types of events to audit are:

  • Access attempts on objects, such as files or folders.
  • Account management activities on user accounts and group accounts.
  • User logons and logoffs.

Security Log Entries

Security logs contain audit entries that record:

  • The action that was performed.
  • The user who performed the action.
  • When the event occurred.
  • The success or failure of the event.
  • Additional information, such as the name or IP address of the computer where the event occurred.

You can view security log entries in Event Viewer. You can also archive logs to track trends in the use of printers, access to files, and unauthorized attempts to access resources.

Benefits of Auditing

Auditing enables you to:

  • Create a baseline of normal network and computer operations.
  • Track the success and failure of events, such as attempts to log on, attempts by a particular user to read a specific file, changes to a user account or group membership, and changes to security settings.
  • Minimize the risk of unauthorized use of resources.
  • Detect attempts to breach the security of the network or computer.
  • Determine what systems and data have been compromised during or after a security incident.
  • Prevent further damage to networks or computers after an attacker has penetrated the network.
  • Maintain a record of user and administrator activity.

                                                                                   ————————– Thanks everyone

Share.

About Author

TN365

Leave A Reply

Powered by themekiller.com