RE: Windows/Exchange security auditing tool

• Previous message: Vic Blasutta: "RE: Windows/Exchange security auditing tool"
• Maybe in reply to: Rod Dickerson: "Windows/Exchange security auditing tool"
• Next in thread: Harlan Carvey: "Re: Windows/Exchange security auditing tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 2 Sep 2004 07:44:27 +0200
To: "Rod Dickerson" <rod.dickerson@us.logicalis.com>, <focus-ms@securityfocus.com>

You can improve on the types of info that you get by adding additional security logging options in group policy (even for stand alone machines), this will let you know when a user changes a setting. You can also turn on auditing for "everyone" on your hard drives. There is a small performance loss but it is well worth it in many situations (even for debugging applications).

For a good backend log processor, you should look a CA's eTrust Security Command Center. It will cost you a lot, but is really great value for money. It can really cut through the data overload you will get if you have all the options I have mentioned enabled.

Also to enable specific data logging, you could look at WMI scripting. That is cheap and effective.

Regards, YY

-----Original Message-----
From: Rod Dickerson [mailto:rod.dickerson@us.logicalis.com]
Sent: Wednesday, September 01, 2004 0:36
To: focus-ms@securityfocus.com
Subject: Windows/Exchange security auditing tool

Anyone have experience with 3rd party auditing/monitoring software for Windows/Exchange/SQL/etc? This is needed when the security auditing features of the OS are inadequate. I have found it difficult to find the "middle ground" of auditing on Windows servers; either not enough logged or too much. Also, the logging doesn't seem to be as detailed as needed to show true audit trails, for example "user X changed setting Y on server Z at this time." This may be a holy grail search, I realize that. Any help would be appreciated. Thanks.

Rod

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Vic Blasutta: "RE: Windows/Exchange security auditing tool"
• Maybe in reply to: Rod Dickerson: "Windows/Exchange security auditing tool"
• Next in thread: Harlan Carvey: "Re: Windows/Exchange security auditing tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]