Determining What To Audit And Analyzing Audit Records

tags In this practice, you will develop a list of audit specifications for a fictitious firm, and then analyze frequent MCSE 2003 exams(http://www.mcsa-70-291.com) records identified in the security log. Comprehensive the workouts that comply with. If you are unable to answer a query, review the lesson supplies and try the question once again. You can discover answers to the queries in the “Inquiries and Answers” section at the end of the chapter.
Physical exercise 1: Determining What to Audit
Read the following situation and then answer the query that follows.
Scenario You are an IT auditor at Wingtip Toys. You are asked to specify the audit needs for a file server in the investigation division. The file server will shop confidential research data. Files are protected by EPS encryption. Communications between researchers’ workstations and the file server are protected by IPSec. Only the researchers and their workstations are permitted to access the file server.
Figure 9-23 shows the configuration for auditing for use of the Take MCSE study guides cost-free download(http://www.examshots.com/certification/MCSE-2003-50.html) Ownership permission. To make sure that the administrator is caught, you should also audit for privilege use. Two feasible events can be recorded. If the administrator attempts access although logged on interactively to the server on which the file resides, the Se_TakeownershipPrivilege, event 578, is recorded. This is a privilege usage occasion. Nonetheless, if she takes ownership remotely, the file Take Ownership permission (Write_OWNER) is employed. This is object access event 560. With all this noted, remember that administrators can also delete audit logs, either in their entirety or by person events. If you have untrustworthy administrators, the only remedy is to not allow them to be administrators.
Also To stop an administrator from reading a file, you can encrypt the file. However, if you do so, make confident the administrator is not the file recovery agent. To learn why and what you can do to stop administrators from reading sensitive files, see Lesson 5, “Designing a File Encryption and Decryption Method” CCNA exam(http://www.upcert.com) later in the chapter.