E-Mail:
Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

Creating Audit Policies In Windows Server 2003 Part I

Wednesday, August 15th, 2007
by Diana Huggins

  • No Related Post

Network administrators are always concerned about security. Many companies have even hired specialists who are dedicated to network security and protecting confidential company information.

Operating systems include numerous different features that administrators can take advantage of when securing data. However, with all the security measures in place, how can you be sure that your confidential data really is secure? One way is by implementing an audit policy.

What is auditing?
Auditing is a general tool that has been around since the days of Windows NT. Auditing is very similar to Performance Monitor, in that it waits for a specific event to occur, and then reports on it within the Event Viewer. The events can be performed by users, servers or applications. An example of such an event is a user logging in to the network. Depending on how you configure auditing, a record of each logon can be recorded every time one occurs.

Now that you are familiar with what auditing is, you need to start thinking about how to make it useful. If you audit every user and every system event, it’s possible that the server will log hundreds of events every minute. There are many disadvantages to logging all events. The log will fill up very quickly, possibly logging hundreds of events every minute. Once the log reaches its maximum size, no additional events are logged until it is cleared.

Excessive logging can also cause performance problems for the server since logging consumes disk and processor time. Another downside to logging every event is that the logs cease to be meaningful. If you suspect that a security breach may have occurred, locating a record of it can be like looking for the proverbial needle in a haystack.

Therefore, to make logging effective, you should monitor meaningful events rather than every event. Start by identifying those events that could potentially cause a security breach, such as unauthorized users accessing confidential information.

[tags]windows server 2003, audit policy, audit policies[/tags]

Tags
Categories

What Do You Think?

 

Posted Recently

Cloud Computing: Myths And Realities With Paul Greenberg

eMachines - A Mac-Like Form Factor

IE9 - Perhaps Not So Much

User Account Control Group Policy Settings In Windows 7

SFO - Stocks, Futures And Options Magazine

The Most Reliable Notebooks - Not HP

Live In New York: Web 2.0 Expo

Susan Bradley Patches Our Machines With Windows Server Update Services

User Account Control Notification Levels In Windows 7

VoIP Can Save Your Small Business Thousands Of Dollars

New And Updated Apps For November 18th, 2009

Still No Chrome OS

Adobe Flash On The Mobile Scene

10% Gnomie Discount For WinPatrol

User Account Control In Windows 7

Force.com White Paper: Create And Run Any Application In The Cloud

New Applications For November 17th, 2009

AT&T And The Windows 7 Notebook

DatAdmin Personal v3.4.1

jQuery Cookbook

Restrict Applications In Windows 7 With AppLocker

The Embedded Processor For An Embedded World

New And Updated Apps For November 16th, 2009

AT&T Responds To Verizon With EDGE Coverage?

Friends With Benefits: A Social Media Marketing Handbook

Windows 7 Upgrade Paths

FierceVoIP

New And Updated Apps For November 13th, 2009

Design Of Windows 7 - Does This Really Matter?

Blockbuster Finally Catching Up To Redbox?

Tokyo Cabinet In One Hour - Free Webcast, November 17th

Andy Malone Is Securing Social Networking

Tips For Scheduling Meetings

PCMag.com’s Newsletter

Hackintoshes Still Work

A VIPRE For Safekeeping

Debug It!

WirelessKeyView v1.30

Deliver Great Presentations With These Quick Tips

Phone+

41 queries / 0.523 seconds.