Security auditing is a process by which one can create an audit trail of all the actions
taken on sceurable resources in an enterprise. Before I discuss security audit and security audit
softwares lets look into a very simple example of auditing that you may be doing everyday. Everytime
you have some serious problem in your software application, one of the important trouble shooting step
is to look into Event Log of your machine. And in event viewer one of the nodes is Security. If you have
enabled some auditing options in Local Security Policy or Domain Security Policy you will notice
a lot of messages in the security event log letting you know about failed or successful authentication attempts
that took place.
I just presented a very simple auditing that almost all of us do on day to day basis for troubleshooting some
application issue or other issues. A real security audit is little more than this. File security, data security,
email security and network security are becoming a major concern for all users irrespective if you are home user or an
enterprise user. To proctect resources every enterprise employs security auditing to nip the problem right in the bud. What this
means is that companies do not wait for the crime to take place to perform security audit or forensics, they want to
keep an eye on day to day resource access activities and employ some policy based softwares that can alert them if something
fishy happens. Sometime companies hires outside agencies to conduct security audit for them before they launch an application or
deploy some network configuration. They will pay some high profile hackers to get through their security nets and gain access
to critical resources. This process serves multiple purposes for them. One it exposes any security holes if resources get compromised. They
can plug those holes beore going live. Second it tests effectiveness of the audit and notification softwares in place. Third the
process can act as a fire drill to check how effective their IT staff in responding to audit alters and taking ncessary actions
immediately before problem spreads.
Security audit afters require a lot of data gathering to analyze and generate some meaningful reports. The analysis
of the gathered data can generate reports that can help answer very useful security related questions. Some of the
questions can be
- Is some user trying to connect to a share which he is not supposed to?
- Does some user have more previleges than he really needs?
- Who are the users who have access to critical resources and is there some unathorized user trying to access those resources. That user
may not have accesses those resources but contonous attempts is a matter of convern?
- Are than any ports open on the network that should not be?
- Are there any applications running with higher previleges unnecessarily?
This is a very small list of question to just give you some idea. So if you are person responsible for security
of resources in your company then it is very important that you get some more information about security audit
softwares and get your network audited at regular intervals. Few bucks and hours spent to take preventative
measures are worth the time and money.