Friday, June 11, 2010

Optimal Security Logging Strategies

If you're a Windows Admin, you know what a security log is, and if you're a good Windows admin, you know how important it is to keep your security logged optimal.

By keeping the log optimal, I'm of course referring to the fact that you're doing what you need to do to ensure that only the minimal essential set of security events are being logged in your security log and that you have a strategy in place that ensures that you're able to archive all your log events before your log rolls over.

Then there are some other essentials such as collecting and collating security event logs from all your domain controllers into one single database so you can get the complete view of what's really happening in your domain.

In this blog, I intend on sharing optimal logging strategies and other relevant aspects of security logging that could help improve your security logging strategies as well.

Thanks,
Will.

2 comments:

  1. Hello Will,

    What are your thoughts about the security implications of outsourcing the management of critical IT services like DNS, DHCP, Active Directory, email (Exhange) etc. to outsourced providers. I think outsourcing of Microsoft's Active Directory technology impacts global security but I would like to hear your thoughts on the same.

    Thanks,
    Rajiv.

    ReplyDelete
  2. Hello Will,

    In my experience as an IT analyst, I have found that while many organizations use Active Directory so extensively, most of them don't seem to be aware of the various Active Directory Risks that exist today, and how these risks impact Active Directory Security. This is concerning because Active Directory is so widely deployed today and I worry that it may be vulnerable, whether to Kerberos-to-NTLM downgrade attacks, or other kinds of attacks such as Active Directory Privilege Escalation which it seems could be launched by insiders as well.

    Best wishes,
    Andrew

    ReplyDelete