Understand Audit Policies LESSON 2.4 98-367 Security Fundamentals.

Slides:

Advertisements

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Advertisements

Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Lesson 17: Configuring Security Policies

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 4: Implementing User, Group, and Computer Accounts

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Administering Active Directory

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Maintaining and Updating Windows Server 2008

Understanding Active Directory

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Module 8: Implementing Administrative Templates and Audit Policy.

Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

CONTENTS:-  What is Event Log Service ?  Types of event logs and their purpose.  How and when the Event Log is useful?  What is Event Viewer?  Briefing.

Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.

Windows Security Mechanisms Al Bento - University of Baltimore.

1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.

Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.

Working with Workgroups and Domains

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Module 5: Managing Public Folders. Overview Managing Public Folder Data Managing Network Access to Public Folders Publishing an Outlook 2003 Form Discussion:

Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Designing Active Directory for Security

Configuring Encryption and Advanced Auditing

Designing Group Security Designing security groups Designing user rights.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Module 7: Fundamentals of Administering Windows Server 2008.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Module 3: Managing a Microsoft ® Windows ® Small Business Server Environment.

Module 8: Implementing an Active Directory Domain ® Services Monitoring Plan.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 10: Implementing Administrative Templates and Audit Policy.

Understand Permissions LESSON Security Fundamentals.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Windows Server 2003 群組原則設定與管理林寶森

L Identify the “out-of-the-box” audit settings l Identify recommended minimum audit settings l Configure security event log settings to meet recommendations.

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

Configuring and Managing Resource Access Lecture 5.

Maintaining and Updating Windows Server 2008 Lesson 8.

6/19/2016 أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 4.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.

Configuring the User and Computer Environment Using Group Policy Lesson 8.

Lesson 14: Configuring File and Folder Access MOAC : Configuring Windows 8.1.

MONITORING MICROSOFT WINDOWS SERVER 2003

Lesson 16-Windows NT Security Issues

Bethesda Cybersecurity Club

Presentation transcript:

Understand Audit Policies LESSON Security Fundamentals

LESSON 2.4 In this lesson, you will learn:  About audit plans  Security logs  Success and failure events  Auditing settings

Security Fundamentals LESSON 2.4 Anticipatory Set You can use Windows ® security and system logs to record and store collected security events so that you can track key system and network activities to monitor potentially harmful behaviors and to mitigate those risks. You can customize system log events by configuring auditing. List the different “categories of security events” in Windows Server ® 2008 or Windows 7

Security Fundamentals LESSON 2.4 Create an Audit Plan  Before implementing an audit policy you should decide what type of information you want to gain by collecting audit events.  Decide what type of information you want to gain by collecting audit events.  If you are interested in intrusion detection (tracking the attempts of users to gain access to areas for which they are not authorized), you can collect failure audits. o But enabling failure audits can be a risk to your organization. If users attempt to access a resource for which they are not authorized, they can create so many failure audits that the security log becomes full, and the computer cannot collect any more audits.

Security Fundamentals LESSON 2.4 Create an Audit Plan (Continued)  If you are interested in forensics (using the audit log to determine exactly what happens in your organization), you can collect a combination of success and failure audits.  Consider the resources that you have available for collecting and reviewing an audit log o Audit events take up space on your computers, and they take up your time and the time of people in your organization. Do not audit events that do not really interest you.

Security Fundamentals LESSON 2.4 Collect and Archive Security Logs across Your Organization  If an intrusion occurs, isolate and preserve the security log entries. These entries can be valuable during an investigation of the intrusion.  An audit trail can contain information about changes that are made to your computer or to other computers on the network.  If intruders gain administrator rights and permissions, or if administrators abuse their rights and permissions, they can clear the security log, leaving you without a trail of their actions.  If you use a tool that regularly collects and saves security log entries across your organization, even if intruders or administrators clear the local security log, you are more likely to be able to trace the actions of intruders or administrators. Microsoft ® Operations Manager is an example of such a tool.

Security Fundamentals LESSON 2.4 Audit Success and Failure Events in the System Event Category  By auditing success and failure events in the system event category, you can notice unusual activity that may indicate that an intruder is attempting to gain access to your computer or your network.  The number of audits that are generated when this setting is enabled tends to be relatively low, and the quality of information that is gained from the events tends to be relatively high.

Security Fundamentals LESSON 2.4 Windows Server 2008 Active Directory Auditing and FGPP Interview  Hear about Windows Server 2008 AD auditing and FGPP directly from the source! In this interview with Siddharth Bhai, the program manager (PM) for this AD functionality, he gives us a bunch of great information.

Security Fundamentals LESSON 2.4 Auditing Settings on Objects Each object has a set of security information, or security descriptor, attached to it. Part of the security descriptor specifies the groups or users that can access an object and the types of access (permissions) that are granted to those groups or users. This part of the security descriptor is known as a discretionary access control list (DACL). A security descriptor for an object also contains auditing information. This auditing information is known as a system access control list (SACL). More specifically, a SACL specifies the following: The group or user accounts to audit when they access the object The operations to be audited for each group or user, for example, modifying a file A Success or Failure attribute for each access event, based on the permissions that are granted to each group and user in the object's DACL

Security Fundamentals LESSON 2.4 Class Activity  There are nine different kinds of events for which you can specify Audit Policy settings. If you audit any of these kinds of events, Windows records the events in the Security log, which you can find in Event Viewer. 1. Account logon events 2. Account management 3. Directory services access 4. Logon events 5. Object access 6. Policy change 7. Privilege use 8. Process tracking 9. System events

Security Fundamentals LESSON 2.4 Lesson Review  Establishing an organizational computer system audit policy is an important facet of information security.  Configuring audit policy settings that monitor the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach. Summarize the importance of auditing