Information Technology Reference
In-Depth Information
The Windows Server 2012 R2 operating system and Active Directory offer you the
ability to audit a wide range of actions. In the following sections, you'll see how to
implement auditing for Active Directory.
Overview of Auditing
The act of
auditing
relates to recording specific actions. From a security standpoint, audit-
ing is used to detect any possible misuse of network resources. Although auditing does not
necessarily prevent resources from being misused, it does help determine when security vio-
lations have occurred (or were attempted). Furthermore, just the fact that others know that
you have implemented auditing may prevent them from attempting to circumvent security.
You need to complete several steps in order to implement auditing using Windows Server
2012 R2:
1.
Configure the size and storage settings for the audit logs.
2.
Enable categories of events to audit.
3.
Specify which objects and actions should be recorded in the audit log.
Note that there are trade-offs to implementing auditing. First, recording auditing
information can consume system resources. This can decrease overall system performance
and use up valuable disk space. Second, auditing many events can make the audit log
impractical to view. If too much detail is provided, system administrators are unlikely to
scrutinize all of the recorded events. For these reasons, you should always be sure to find a
balance between the level of auditing details provided and the performance-management
implications of these settings.
Implementing Auditing
Auditing is not an all-or-none type of process. As is the case with security in general, sys-
tem administrators must choose specifically which objects and actions they want to audit.
The main categories for auditing include the following:
■
Audit account logon events
■
Audit account management
■
Audit directory service access
■
Audit logon events
■
Audit object access
■
Audit policy change
■
Audit privilege use
■
Audit process tracking
■
Audit system events
In this list of categories, four of the categories are related to Active Directory. Let's discuss
these auditing categories in a bit more detail.
Search WWH ::
Custom Search