Understand the concepts of auditing.
The final section of this chapter focuses on auditing. Auditing, or accounting as it is sometimes called, is the process of tracking users and their actions on the network. The types of activities that can be audited include users doing the following:
Logging on or off the network
Reading, writing, deleting, or modifying files
Using network services such as DNS, WINS, Terminal Services, and so on
Using remote access services (dial-in or VPN services)
When setting up auditing, we can give you only the basics in advice. Auditing is a very precise behavior that should be built around goals and policies developed by the security team. Plan, plan, plan! Without effective planning and well-defined ...