5.3. Task 5.3: Auditing Logons

It is important to know when users are authenticating on your network. This could reveal such events as a user authenticating at unexpected times of the day or week, or users failing to correctly authenticate. The latter indicates a possibility that a user account is being used in a brute-force logon attack (when an attacker is trying to guess a user's password by attempting multiple logons so that the attacker can gain unauthorized access to system resources).

Two settings are related to the auditing of logons. The first, Audit Account Logon Events, identifies when a user attempts to authenticate against a domain controller. In other words, a user is attempting to log on as a domain user. This event gets recorded ...

Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.