Join Lisa Bock for an in-depth discussion in this video Determining what to audit, part of IT Security Foundations: Operating System Security (2015).
- Auditing allows an administrator the ability…to track users or processes and what they accessed…or tried to access.…We can audit many different things.…I'm here in Windows 7 Operating System,…and I'm going to go to Search and Local Security Policy.…I'll open this up and we'll take a look at the audit policy.…As you can see, there are many different events…we can audit. Let's take a look at three of them.…
Audit Log On Events. This security setting determines…whether the operating system audits each time the computer…validates and accounts credentials.…Audit Log On Events. This security settings determines…whether the operating system audits each instance of a user…attempting to log on or log off this computer.…Audit System Events. This security system determines…whether the operating system audits any of several events,…including attempted system time change.…
Planning is a critical step in the auditing process.…All and any activity on a system can be logged, however,…it really wouldn't be a good idea to log everything…
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Apply security principles to create a strong password.
- Define RADIUS.
- Describe how permissions work.
- Review how to save and secure audit files.
- Explain hardening, updates, and patches.
- Identify ways to protect the email server.