Limited-time offer! Save up to 50% Off | Solutions starting at $6 each  

Audit logs in IT security PDF

Added on - 23 Nov 2021

Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 3 of 9 pages
Running Head: Audit logs1
Audit logs
Professor’s Name
Affiliate Institution
Date
Audit logs2
Describe what information was contained in the logs and what value they might
have in a security investigation.
Audit logs in IT security are the data in which the computer stores them so that in case of
any security issue in the information system, these logs can be referenced. The information
which are contained in the logs are files pertaining all the transactions being undertaken in the
computer system. This logs can be attempts such as login success or failure or files access failure
or success. They are able to show the threats which are attempting to log into the system without
permission.
Think about the challenges of getting all of the Active Directory audit policy settings
right. For an infrastructure administrator, how important are these types of settings?
Active directory in the audit logs information system is where the users of the computer
system are assigned the permission and privileges through which they can use to access the
system. (Song, Shi, Fischer & Shankar, 2012)The challenges of getting all the active directory
settings is that it requires an expert to do all the setting policies concerning the audit logs. To
access these logs requires a skilled personnel to both set policies and extract the logs.
What are the risks associated with logging too little data or not auditing the correct
events?
Logging too little data is a security threat to an information system. Logging is like
making the information system data safe and secure. Therefore by not auditing the correct events
or logging all the data in the information system, is that whenever there are attackers trying to
Audit logs3
hack into the system. Without the audit logs, we are not able to see that there are logon failures
or file access failures which enables us to build a strong and secure system.(Tianfield, 2012,
October).
What are the risks associated with logging too many events?
Logging too many events is also very risky. This is because when a lot of events are
logged in the information computer system. At some point, we might forget some details about a
particular event in the system. This event is so crucial and needed to be used. This means that for
you to access the event, you need to repair the whole system which may cause some other events
to get lost.
When the default configuration is to create audit logs, what impact can this have on
security incident investigations?
When default configuration is used to create audit logs, data are not that secure since
some setting are not set in the right way. (Er, Low & Ganesh, 2012).This is because, in default
configurations, the setting are for general usage, whereby certain privileges have not been set so
that it can meet the standards of logging the events in the information system.
This was just a single domain with two systems on a local LAN. How much more
complicated would auditing and log management be for 100 computers? What about an
enterprise with 10,000 computers in several domains on their LAN/WAN?
In this system was a domain with two computers associated with network. Mostly this
work was done on the server site to ensure that logs are created on the user computers. The
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document