Computer security Question:
Download Job Interview Questions and Answers PDF
By default, all auditing in Windows NT is turned off. You have to manually turn on auditing on whatever object you want audited. First off, you should have a policy for
Answer:
By default, all auditing in Windows NT is turned off. You have to manually turn on auditing on whatever object you want audited. First off, you should have a policy for
* what to log (user behaviors, changes on files or processes)
* for how long to keep the logs
* whether or not you should turn on auditing on all your machines, or if you only turn on logging on the servers
Then you should configure the auditing. You should also remember that it is hard to have a good use of auditing (or any use at all), if you don't have good tools and a good suite of policies on how to handle the logs.
You have to remember that cranking up auditing might give you performance degradation. The trick is to find the balance between how much to log without getting problem.
Remember that Windows NT saves the logs locally on disk. If someone can take control over the machine, it is quite likely that the logs might be manipulated as well. A better solution might be to send away the logs to one or more protected, centralized log-servers.
* what to log (user behaviors, changes on files or processes)
* for how long to keep the logs
* whether or not you should turn on auditing on all your machines, or if you only turn on logging on the servers
Then you should configure the auditing. You should also remember that it is hard to have a good use of auditing (or any use at all), if you don't have good tools and a good suite of policies on how to handle the logs.
You have to remember that cranking up auditing might give you performance degradation. The trick is to find the balance between how much to log without getting problem.
Remember that Windows NT saves the logs locally on disk. If someone can take control over the machine, it is quite likely that the logs might be manipulated as well. A better solution might be to send away the logs to one or more protected, centralized log-servers.
Download Computer security Interview Questions And Answers
PDF
Previous Question | Next Question |
There are several security issues related to ODBC usage | What is CryptoAPI? |