auditing user access
- From: cpu <cpu@xxxxxxxxxxxxxxx>
- Date: Thu, 13 Sep 2007 22:37:38 +1000
How do I go about auditing users on the network? We have file servers, database servers and web application servers. The last time I enabled auditing for logons, object and file access, it generated a mess of output in the Event Viewer Security log that was basically indecipherable... in other words, it was useless.
Are there any commercial tools for Windows that allow a sysadmin to see when a user logs on what objects (files,printers,servers he accesses? A single entry for each user and each object.
The act of logging on and accessing a single file on a system generates hundreds of events in the Windows Event Viewer Security log... which is next to impossible to read.
BTW, how would you prevent privilege escalation? Use 2 factor authentication?
The company I work for has been audited. I've been asked to look in to the following risk area
<quote>
Risk Area:
Lack of audit log of privileged user activities and contrls to prevent privilege escalation on critical systems
Observation:
There is no control to prevent privilege escalation if user has knowledge of the system admin password. Furthermore, user accountability can not be established without user activity audit logs"
Improvement Opportunity:
Use system function / tools to prevent privilege escalation and establish user activity accountability
</quote>
What's the point of preventing privilege escalation? If you've been given the privilege to do something, and its prevented, then you don't have the privilege at all... huh?
.
- Follow-Ups:
- Re: auditing user access
- From: jwgoerlich
- Re: auditing user access
- Prev by Date: Re: Best practices regarding anti-virus software on production webserver
- Next by Date: Re: auditing user access
- Previous by thread: IPSec
- Next by thread: Re: auditing user access
- Index(es):
Relevant Pages
|
|
