L Identify the “out-of-the-box” audit settings l Identify recommended minimum audit settings l Configure security event log settings to meet recommendations.

Slides:

Advertisements

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Lesson 17: Configuring Security Policies

Module 4: Implementing User, Group, and Computer Accounts

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Introduction To Windows NT ® Server And Internet Information Server.

Window NT Workstation and Server. Windows NT refers to two products workstation server can act as both a client and server in a network environment.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Module 8: Implementing Administrative Templates and Audit Policy.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Windows Security Mechanisms Al Bento - University of Baltimore.

Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.

Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.

Securing Windows Servers Using Group Policy Objects

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

Module 6: Designing Active Directory Security in Windows Server 2008.

C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.

Designing Active Directory for Security

ESCOP ™ System Center Operations Portal Expanding SCOM 2007 Data Warehouse and ACS Function.

Configuring Encryption and Advanced Auditing

Module 12: Auditing Active Directory Domain Services Changes.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.

Module 14: Configuring Server Security Compliance

Module 7: Fundamentals of Administering Windows Server 2008.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.

Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

11 WORKING WITH PRINTERS Chapter 10. Chapter 10: WORKING WITH PRINTERS2 TERMINOLOGY PrinterLogical object Print DevicePhysical object Printer DriversSoftware.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 8: Implementing an Active Directory Domain ® Services Monitoring Plan.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.

1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security.

Module 10: Implementing Administrative Templates and Audit Policy.

Understand Audit Policies LESSON Security Fundamentals.

Windows Server 2003 群組原則設定與管理林寶森

Module 7: Auditing Active Directory Domain Services Changes.

Configuring and Managing Resource Access Lecture 5.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

ITMT 1371 – Window 7 Configuration 1 ITMT Windows 7 Configuration Chapter 8 – Managing and Monitoring Windows 7 Performance.

Module 8: Implementing Group Policy. Overview Multimedia: Introduction to Group Policy Implementing Group Policy Objects Implementing GPOs on a Domain.

1 Administering a Security Configuration Security Configuration Overview Auditing Using Security Logs User Rights Using Security Templates Security Configuration.

Configuring the User and Computer Environment Using Group Policy Lesson 8.

11 CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY Chapter 8.

Troubleshooting Tools

Module Overview Installing and Configuring a Network Policy Server

Configuring Windows Firewall with Advanced Security

Module 10: Managing and Monitoring Network Access

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY

Lesson 16-Windows NT Security Issues

This is a typical Windows user desktop

Manage Security Settings with Group Policy

SYSTEM ACTIVITY MONITORING

Module 8: Implementing Group Policy

Presentation transcript:

l Identify the “out-of-the-box” audit settings l Identify recommended minimum audit settings l Configure security event log settings to meet recommendations l Use the event log to detect security problems Module 8 Overview:

l Audit Policy l Auditing l Audit Logs General Auditing Information

Auditing System Event Security Event Application Event Event Log Service Event Logs Event Viewer FILES:: APPEVENT.EVT SYSEVENT.EVT SECEVENT.EVT

l Default Settings l What Should Be Set? Logins/Logoffs Security Policy Changes File and Object Auditing Auditing

l Auditing Policy Changes l Audit Categories Auditing

Auditing

Auditing

l Event Filtering By l Success l Failure l Source l Primary ID l Client ID Auditing

l Information Windows NT tracks within a process access token. (Also used for auditing) l The security ID of the user account used to log on l The group security IDs and corresponding attributes of groups to which the user is assigned membership l The names of the privileges assigned to and used by the user, and their corresponding attributes l Authentication ID, assigned when the user logs on Auditing

Auditing

Auditing

l Settings For Auditing Settings For Event Log Reading And Backing Up The Event Log Auditing

l Auditing