Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

what to audit for best practice

Status
Not open for further replies.
mrmoneymatters

mrmoneymatters

MIS
Joined
Jul 27, 2004
Messages
397
Location
US
What do you all like to audit and where? I assume you have different audit policies on the domain controllers ou, and for file servers, and what about desktops? Does everyone audit at all these levels, and what do you audit at each level?

Thanks,

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
 
Sort by date Sort by votes
Does anyone here audit anything?

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
 
Upvote 0 Downvote
Your question is rather broad ranged and it’s hard to just give "best practice" audit policies without knowing a lot more.

For instance if you are looking for security practices it depends on what your organization needs to protect and what it needs to prevent. What sort of government regulations must you adhere to? Like I am in the banking industry and we have tons of regulations that we have to follow that do not apply to a lot of other industries. We have to audit at least two times a year and have at least one government audit. They audit things like our OU policies, password policies, lockout policies, software policies, patch policies, user access policies, backup policies, firewall policies, Internet access policies, email policies, screensaver’s, logout policies, documentation and a ton of other things.

If you are talking about a general audit just to know what sort of hardware and software your users have on desktops etc you can use a software that will audit pretty much all of that for you and keep it in a nice DB for future reference. Once software that we run is called Track-It by intuit.

If you are talking about just a base security scanner that will audit your network for vulnerabilities you can use the free baseline security scanner from Microsoft (which works very well) or do like we did and purchase something like Retina security scanner by eEye Digital or languard by GFI LANguard. (We bought a scanner just because of the reporting features)

Two sites I recommend taking a look at are and Cert has a ton of information about security practices.
 
Upvote 0 Downvote
Upvote 0 Downvote
Sorry I wasn't clear enough.

ShughesPB, I am in the banking industry too. We just had an audit not too long ago, and I know what you are talking about as far as the policies are concernced.

The information I am looking for is what events to audit on your AD network and Windows boxes.

For instance, do you audit failed and successful logon attempts or just failed? Do you do this on the entire domain or just the domain controllers ou? Do you audit who accesses each and every file? Basically I want to know what events are you auditing and what level.

Sorry I wasn't clear enough at first and thanks for everyones help.

mlichstein - thanks for the link, I am checking it out.

Network Admin
A+, Network+, MCSA 2000, MCSE 2000
 
Upvote 0 Downvote
We audit failed and successful login attempts. We are also required to keep them for up to 3 years so we have a program that we created that copy them out to a file that we backup daily. We are only required to audit that on the domain level because users can only login to servers and PC's using their domain passwords so it will be logged on the DC. No users have user ID's or passwords setup on any local server or PC.

We don’t audit file access (when a users access’s a file) because we have all the permissions set so only users only get access to their files. We have done away with the everyone group on everything and replaced it with specific users or the Authenticated Users group. We do audit file permissions on all the servers but not on the desktop level. We also audit user access level on the domain. We use a program called Retina to do both of those things. As long as you can show that you have that program or one like it and the permissions are set to what you say they are you will be ok without having to audit file access.

Something I highly recommend you do because it is pretty much going to become the norm for bank audits is to hire an outside consultant that will audit your network for you before the Fed auditors come into town. They audit everything for you and point out your weaknesses so you can get them fixed. What really is a great thing about doing that is they are there to help you so they work with you really closely unlike the Fed auditors that will shut you down if you are not in compliance. They will show you exactly what you need to internally log and monitor to pass your Fed audit with flying colors.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
Abdullah Al Maruf
  • Locked
  • Question Question
Telnet help for
Replies
2
Views
1K
gbaughma
gbaughma
mangentle
  • Locked
  • Question Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
DTGMI
  • Locked
  • Question Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
779
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
979
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top