9.1. Task 9.1: Configuring an Audit Policy for Object Access
Auditing is an integral component of security for any system or network. Auditing is the tracking and recording of events in a log. What events? Well, that's up to you. An audit policy can be set on individual systems, or configured for groups of systems, or configured for every system in the enterprise.
Auditing must be set up in advance. If you don't have auditing turned on before the event, you won't have any information recorded about the event. You will place a more elaborate audit policy on systems that are more exposed, on your most critical infrastructure systems, and on systems that hold your most sensitive information assets.
When you implement an audit policy, you should ...
Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.