ALL >> Business >> View Article
Auditing Considerations
When analyzing auditing requirements, consider the following:
Auditing requirements 220-701(http://www.aplus-220-701.com) are different based on computer role. Choose an auditing policy that provides the information necessary for each computer role.
Auditing provides little value unless events are reviewed. A policy should be established to review security logs.
Auditing requirements can change over time. One example would be when specific users are suspected of unauthorized file access, tampering, or improper
access. In this situation, you could set up auditing on sensitive files for these users or the groups that they are in, record security events, and then analyze the information. When the information needed is accumulated, you would remove the
auditing requirements.
Centralizing the collection of auditing events is essential to sound security event record management and might be required by regulations or industry rules.
Auditing process activity is not a good idea, in general, for production servers. It is a sound strategy for periodic use on test systems.
Recording privilege ...
... access events will also generate a large number of events.
Weigh the need to manage logs that this will create comptia security+( www.securityplus-sy0-201.com) , and determine whether this is a worthwhile event.
Setting object access auditing on files, folders, registry keys, and Active Directory objects can be affected by inheritance rules. When setting object auditing, you can set the requirements on a parent object and require that audit settings are pushed to subobjects by inheritance. You can also prevent the inheritance of SACLs by clearing the Allow Inheritable Auditing Entries from the Parent to Propagate to This Object and All Child Objects. Include These With Entries Explicitly Defined Here check box. Figure 9-24 illustrates this concept. The Marketing folder has inheritance blocked. Setting auditing for parent folders will have no affect on the Marketing folders.
Example of Taking Ownership By default, administrators have the user right to take ownership. To protect confidential information, data owners might request that the IT administrator not have access privileges on sensitive files. This can easily be done by removing the administrator's group access permissions on the files. However, the admin-istrator can take ownership of the file and give herself any access she wants. Nothing can prevent her from doing so. However, you can audit files that are configured to block administrator access CompTIA(http://www.certtopper.com) by auditing for this event and tracking object access events.
Add Comment
Business Articles
1. Repair And Maintenance Guide For Garden FencingAuthor: Vikram kumar
2. Lucintel Forecasts The Global Palatant Market To Grow With A Cagr Of 5% From 2024 To 2030
Author: Lucintel LLC
3. Choosing The Right Gas Regulator In Florida: A Complete Guide
Author: Technico
4. Why Deer Park Learners Trust Local Driving Instructors
Author: Aintree Driving School
5. How To Properly Install And Uninstall Your Air Conditioner System With A Low Budget
Author: Neha Jain
6. What Is The Role Of Pdca In Iso 50001?
Author: William Charles
7. Step-by-step Instructions On How To Generate Inventory Reports Quickbooks?
Author: Jack Edwards
8. How To Track Employee Work Hours Efficiently With Trackhr
Author: TrackHr App
9. From Grounded To Global: 4 Ceos Rewiring India’s Aviation Sky
Author: Skyone
10. The Role Of Automation In Modern Cloud Migration Methodology
Author: Netscribes
11. Master Photo Retouching | Steps To Become A Photo Editing Expert
Author: ukclippingpath
12. Great Dependability And Performance Are The Reasons For Extensive Use Of Hydro Pneumatic Press
Author: David Camp
13. Best Lasik Eye Surgery For A Spectacle-free Life
Author: Anil Eye Hospital
14. Industrial Oven Manufacturers In Coimbatore
Author: Heatcon Sensors
15. Plumbing In North Salt Lake: Your Guide To Reliable Services
Author: Brown Jones