1 introduction to auditing auditing allows you to track user activities. microsoft windows 2000...
TRANSCRIPT
![Page 1: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/1.jpg)
1
Introduction to Auditing
• Auditing allows you to track
• User activities.• Microsoft Windows 2000 activities.
• Windows 2000 records events in the security log.
• The security log maintains a record of
• Valid and invalid logon attempts.• Events related to creating, opening, or deleting
files or other objects.
![Page 2: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/2.jpg)
2
Using an Audit Policy
• An audit policy defines the types of security events recorded.
• An event is written to the security log on the computer where it occurs.
• An audit policy for a computer can• Track the success and failure of events.• Minimize the risk of unauthorized use of
resources.
![Page 3: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/3.jpg)
3
Audit Policy Guidelines
• Determine which computers need auditing.
• Auditing is turned off by default.
• Plan what to audit on each computer.
![Page 4: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/4.jpg)
4
Events You Can Audit
• Accessing files and folders
• Logging on and off
• Shutting down and restarting a computer
• Changing user accounts and groups
• Attempting to make changes to objects in directory services
![Page 5: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/5.jpg)
5
Auditing Successful Events, Failed Events, or Both
• Tracking successful events helps you determine• How often Windows 2000 or users gain access
to specific objects• Resource planning
• Tracking failed events helps you determine • Security breaches• Attempted security breaches
![Page 6: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/6.jpg)
6
Additional Audit Policy Guidelines
• Determine if you need to track trends of system use.
• Plan frequent security log reviews.
• Define a useful and meaningful audit policy.
• Audit resource access by using the Everyone group.
![Page 7: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/7.jpg)
7
Configuring Auditing
• Auditing requirements• You must have the Manage Auditing And
Security Log user right.• The files and folders to be audited must be on
NTFS volumes.
• Setting up auditing• Set the audit policy.• Enable auditing of specific resources.
![Page 8: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/8.jpg)
8
Setting an Audit Policy
![Page 9: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/9.jpg)
9
The Local Security Policy Dialog Box
![Page 10: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/10.jpg)
10
Auditing Access to Files and Folders
• Security breaches are an issue.
• After you set up your audit policy to audit object access• Enable auditing for specific files and folders.• Specify which types of access to audit.
![Page 11: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/11.jpg)
11
Events That Can Be Audited for Files and Folders
![Page 12: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/12.jpg)
12
Auditing Access to Printers
• Track sensitive printers.
• Set your audit policy to audit object access.
• Enable auditing for specific printers.• Specify which users will have access.• Specify which type of access to audit.
![Page 13: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/13.jpg)
13
Printer Events That Can Be Audited
![Page 14: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/14.jpg)
14
Understanding Windows 2000 Logs
• Use Event Viewer to view Windows 2000 logs.
• By default, Event Viewer has three logs:• Application log.• Security log.• System log.
![Page 15: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/15.jpg)
15
Viewing Security Logs
![Page 16: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/16.jpg)
16
Locating Events
![Page 17: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/17.jpg)
17
Managing Audit Logs
• You can control the size of the event log.• The size of each log can be from 64 KB to 4 GB.• The default size of a log is 512 KB.
• You can specify what to do when the log is full.• Overwrite Events As Needed.• Overwrite Events Older Than X Days.• Do Not Overwrite Events (Clear Log Manually).
![Page 18: 1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security](https://reader036.vdocuments.us/reader036/viewer/2022083011/5697bfc31a28abf838ca52d6/html5/thumbnails/18.jpg)
18
Archiving Logs
• Keep logs for a specified period of time to track security-related information.
• Configure archived logs in Event Viewer.• Save Log File As• Clear All Events• New Log View