ALL >> Business >> View Article
Auditing Considerations
When analyzing auditing requirements, consider the following:
Auditing requirements 220-701(http://www.aplus-220-701.com) are different based on computer role. Choose an auditing policy that provides the information necessary for each computer role.
Auditing provides little value unless events are reviewed. A policy should be established to review security logs.
Auditing requirements can change over time. One example would be when specific users are suspected of unauthorized file access, tampering, or improper
access. In this situation, you could set up auditing on sensitive files for these users or the groups that they are in, record security events, and then analyze the information. When the information needed is accumulated, you would remove the
auditing requirements.
Centralizing the collection of auditing events is essential to sound security event record management and might be required by regulations or industry rules.
Auditing process activity is not a good idea, in general, for production servers. It is a sound strategy for periodic use on test systems.
Recording privilege ...
... access events will also generate a large number of events.
Weigh the need to manage logs that this will create comptia security+( www.securityplus-sy0-201.com) , and determine whether this is a worthwhile event.
Setting object access auditing on files, folders, registry keys, and Active Directory objects can be affected by inheritance rules. When setting object auditing, you can set the requirements on a parent object and require that audit settings are pushed to subobjects by inheritance. You can also prevent the inheritance of SACLs by clearing the Allow Inheritable Auditing Entries from the Parent to Propagate to This Object and All Child Objects. Include These With Entries Explicitly Defined Here check box. Figure 9-24 illustrates this concept. The Marketing folder has inheritance blocked. Setting auditing for parent folders will have no affect on the Marketing folders.
Example of Taking Ownership By default, administrators have the user right to take ownership. To protect confidential information, data owners might request that the IT administrator not have access privileges on sensitive files. This can easily be done by removing the administrator's group access permissions on the files. However, the admin-istrator can take ownership of the file and give herself any access she wants. Nothing can prevent her from doing so. However, you can audit files that are configured to block administrator access CompTIA(http://www.certtopper.com) by auditing for this event and tracking object access events.
Add Comment
Business Articles
1. Fitatoo Smile Eco Raglan Hoodie Sustainable Streetwear In The UkAuthor: Fitatoo
2. Bridging Knowledge Gaps In Hse Through Interactive E-learning
Author: Jane
3. Role Of Quick Lime In The Pulp And Paper Industry: Uses And Benefits
Author: Shaurya Minerals
4. Top 5 Mistakes Homeowners Make When Hiring A Builder In Chennai And How To Avoid Them
Author: bharathi
5. Bpo Projects For Startup Company: Grow With Zoetic Bpo Services
Author: mohan
6. Scorpio Technologies – The Leading Responsive Web Design Company In Chennai
Author: scorpiotechnologies
7. Scorpio Technologies: The Best Web Design Service In Chennai
Author: scorpiotechnologies
8. Latest Indo Western Dress – Elegant Fusion Fashion
Author: le concept
9. Top Logo Designer In Ahmedabad: Crafting Unique Brand Identities That Speak Volumes
Author: Kymin Creation
10. What Types Of Noise Barriers Are Used To Lessen Noise Pollution?
Author: O'Neill Engineered Systems, Inc
11. Why Are Container Inspections Important For Safety?
Author: TIC
12. 10 Essential Tips For During Production Inspection
Author: TIC
13. What Is A Pre Production Inspection And Why Is It Important?
Author: TIC
14. How Does Quality Inspection Impact Product Quality?
Author: TIC
15. 8 Benefits Of Regular Quality Inspections
Author: TIC