Question:1
Auditing is the process of evaluating the objects to determine if they meet the security standards. Object can be anything it can be the user, process, organization, and a thing. The collection of this information over a period of time is compared against the standard information to determine if the system has breached the security standards or not.
In Computer environment, security audit is referred to comparing the configuration and performance information over the standard or baseline security policy to ensure that the computer complies with the security policies. In general, baseline is nothing but the collection of configuration settings. Security baseline is referred to as the collection of security settings. The configuration and performance information are collected through the log files. Security audit is very important as it makes the system comply with the security standards, reduce data breaches, reduce the risk of unauthorized access and any unnecessary changes to the system. It also helps to rollback the system from unnecessary changes.
The common windows security process includes the following activities:
· Collecting information
· Creating baselines
· Identifying configuration changes
· Analyze changes
· Verify compliance with security policy
Microsoft provides Microsoft Security Compliance Toolkit to obtain security configuration baselines for windows. The main system activities useful for logging are logon and logoff events, Active Directory changes, Registry changes, server access and logins, account management and policy changes. These events can be used by the system administrator to determine if the environment or OS is reaching the baseline. Once a baseline is breached, it is important that we know the root cause behind the breach and document the precautions. Rollback is performed.
References:
· Solomon, M. G. (2014). Security Strategies in Windows Platforms and Applications ; Second Edition. Jones and Bartlett Learning.
· DulceMontemayor. (n.d.). Windows security baselines. Retrieved from https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines
· What is Windows Auditing? (n.d.). Retrieved from https://www.beyondtrust.com/resources/glossary/windows-auditing
Answer:
I want 250 words explanation on this paragraph with 3 reference, your sentence must be start from, I like your post, I would like to add some more details on your discussion..
Question:2
Windows auditing is known to be file integrity monitoring sometimes., which helps to detect the changes within the systems, SQL, files systems and Active directories. By Windows auditing the organizations will be complaint based on the protection of data and other threat requirements or unwanted changes which will reduce the risks of the data breach in any organization. These auditing tools help in the rollback of changes with desirable configuration.
Through the windows security and auditing one will understand the events that they want to log. For instance, when the audit policy says the employee needs to log any kind of remote access to their system or machine, but you might not need to do it on the business premises. Auditing will generate more volume of data; it pays off the important information that one needs to gather security policy decisions.
Any organization that are related to financial ,health or government sectors face threats. They differ from each other based on the type of organization . One thing which any organization has a common motive is to protect their devices and the information in them. They are set to have security standards that the organization have set to them. Baseline security group has recommended config settings which are based on Microsoft security engineering teams, customers, groups and partners.
These are needed by an organization because they bring in expertise in knowledge of customers ,partners from Microsoft. Each security config settings have their own impact.( Andres Mariano Gorzelany 2018).In modern companies or organizations security threats have been increasing vastly day by day .The policy makers need to keep them in mind along with the security threats and help them change the settings so that they can avoid the risks and data breaches. To make all of this easier by managing windows, Microsoft provides security baselines which are in consumable formats which are known as Group Policy Object backups.
If an environment is not reaching a baseline one should make sure that further action needs to be taken care and the security configuration settings need to be applied and implemented by the company.
References:-
1.Liza Poggemeyer ,Andres Mariano Gorzelany ( June 2018)., Windows security baselines.,’
2.Mark Beblow., (March 11,2019).,Audting Microsoft Security Compliance Baselines
3. Windows Auditing https://www.beyondtrust.com/resources/glossary/windows-auditing
Answer:
I want 250 words explanation on this paragraph with 3 reference, your sentence must be start from, I like your post, I would like to add some more details on your discussion..