Access auditing: It's a good thing

All journalled operating systems, such as Windows and Unix, have the ability to audit access to a folder (directory) or file. Essentially the system writes the occurrence of an access event to a log file. When you check the log file, you can see who's doing what in your network. In Windows, for example, when you enable auditing of file access for NTFS volumes, you'll get entries written into the Security log.

In Windows 2003 Server you can enable auditing by right clicking on the file or folder, selecting Properties, and then clicking on the Security tab. Then click on the Advanced tab, uncheck the Allow Inheritable Entries from Parent to Propagate check box. Enable the feature by clicking the Add button to add users and groups. For all users, that is the Everyone group (but realize the dangers of using the Everyone group). The Auditing Properties page lets you select what type of access you audit. OK out of the dialog boxes, making sure to check the Replace Auditing Entries on All Child Object box before you leave the Advanced page.

To audit potential suspicious behavior, consider creating one or more dummy files or folders with enticing names such as "Corporate Salary Structure", "Annual Audit Results", "Sales Report", "HR Findings" or the like and place them in the location you want to monitor. You may find people accessing these files from either internal or external sources that will help you close some important security breaches before the offenders

    Requires Free Membership to View

are able to create real problems.

Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

This was first published in August 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.