Re: Training for Juinior IT Auditor,

From: verukins@xxxxxxxxx
Date: Tue, 12 Feb 2008 00:36:09 -0800 (PST)

an extension of what you've mentioned...

what events to audit (eg file access, logon events etc) - which should
be set via group policy, and some of which is AD anyway.
Identifying dead user/computer accounts within AD i would class as
quiet important
patching - and using tools susch as SCCM/WSUS to automate (and
reporting of current patch status)
basic port scanning etc (i realise isnt directly windows - but its a
rich tapestry and all that stuff)
DNS
secured entry points (obviously firewall, but also spam/virus scanning
of incoming mail etc)
backup security (where tapes are stored etc)

it's hard to keep it to windows only... easier to think of it as
anything that will touch your windows boxes.
.

References:
- Training for Juinior IT Auditor,
  - From: Sulaiman

Prev by Date: Windows 2003 enterprise CA issues - RPC server is unavailable.
Next by Date: Re: Deðiþen Ntfs izinleri
Previous by thread: Training for Juinior IT Auditor,
Next by thread: Windows 2003 enterprise CA issues - RPC server is unavailable.
Index(es):
- Date
- Thread

Relevant Pages

Re: Authentication Auditing
... What may be happening is that another Group Policy has auditing defined for ... logon events such as at the Organizational Unit Level. ... see what it is for auditing and change it to suit your needs. ... >> Then try clearing the current security log to make sure it is not full ...
(microsoft.public.win2000.security)
Re: Who is Logged On?
... enable auditing of account logon events in Domain Controllers Security ... > I am new to Windows and have been on Netware too long, ... > is an intruder, but I cannot tell who is logged on now. ...
(microsoft.public.win2000.security)
Re: Audit Logs
... This doesn't repro on Windows .NET Server. ... > Audit Account Logon events - Success & Failure ... > entries are placed into the audit log. ...
(microsoft.public.win2000.security)
Re: Notification of Logins
... Might I suggest that you use EventQuery.pl from the Windows 2000 Resource ... You can query the event log for logon events, output as CSV, and then ... I find Microsoft's whole implementation of login auditing to ... >> example using the windows 2000 server resource kit utility DUMPEL to ...
(microsoft.public.win2000.security)
Re: NT4 & w2k autiding tools needed...
... Windows has built in auditing. ... Account logon is probably most useful for domain controllers or ... logon events record attempts of a user to access network resources. ...
(microsoft.public.security)