Abstract
Auditing is the process of analyzing gathered data for the purpose or intent of determining a possible problem or, in the security arena, an attack or exploit. Auditing is best used on any system that can generate some type of log file that one can save, refer to, and analyze over time. This chapter outlines the importance of auditing in the process of configuring and managing configuration. The considerations of configuring and managing auditing include Windows events, Internet formation services, firewall log files, network monitor log, and remote access service log files. Understanding the auditing process and intrusion detection in general helps a person determine who is—or was-responsible for an attack and when the attack was carried out. The chapter also explains the methods of managing audit log retention and managing distributed audit logs by using EventComb. Using these methods can help find patterns of attack, the time of attack, how the attack was carried out, and how to log that attack and analyze it.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network (Exam 70-214)
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
