Auditing Windows Server 2012

Auditing Windows Server 2012

Current business modeling relies heavily on the virtualization of its network. Many transactions and interactions are now carried out by employees and contractors using mobile devices. Doctors and nurses are no longer relying solely on paper-based note recording and filing, making full use of tablets and laptops to handle patient information. Trade, salespeople and contractors are now processing payments while on location instead of waiting to invoice, skyrocketing levels of productivity.

Auditing Windows Server 2012All this traffic of sensitive data needs monitoring and appropriate security applied to comply with governance expectations. Leading IT professionals look to Microsoft Windows Server 2012 to assist them with the management of the ever-evolving hybrid IT infrastructure. Auditing is an absolute must for your business, offering protection to you, your customers and clients’ interests. If you store patient information and/or handle credit/debit card transactions, you must comply with industry specific requirements.

Major retailer Target fell prey to a cybercriminal attack in December. The hackers successfully gathered customer’ credit card details and other personal information at point of sale terminals. It’s no wonder compliance regulations are so stringent. Security firm Seculert was able to spot when the malware infection occurred and track its movements. This is a perfect example of how the use of the right auditing tactics was useful in providing transparency.

Auditing Tactics with Windows Server 2012

Expression based auditing

Windows server 2012 allows you to audit a number of security elements to your server’s infrastructure. Log collection, critical file changes and user-level activity auditing all need to be implemented effectively to get the results your business needs. With Windows Server 2012, you can script the auditing policies you want to focus on, whether expression or resource-based.

Expression-based policies provides filed log results to answer questions such as: “Who is accessing sensitive data?” or “Was there an unauthorized attempt to access restricted data?” Expression based security audit policies log only when specific events occurred outside of the allowed parameters. Recording when an attempt is made to Protect Against Hackersaccess documents by a user working on an unrelated project, or if sensitive data was sought by someone without the appropriate clearance. By auditing just that activity, you only log file results that are relevant.

The New Yorker recently reported on how social network Snapchat’s failure to act on an exploitable weakness in their interface, led to research-hackers communicating with the company’s server. Once in, the professional hackers operating as Gibson security were able to harvest large amounts of user data. Considering Gibson had warned the company about this weakness, it is a testament to how failure to comply with the results of an audit – regardless of how it was achieved – can result in public shame and loss of customer confidence.

File access and change auditing

Another security audit you can run with Windows Server 2012 is the monitoring of when critical system files or content is accessed and or altered. Tim White, global head of government and intelligence for data analytics firm YarcData rightfully stated that: “Winning at cybersecurity today isn’t necessarily about collecting more data. It is about unleashing the information in the data that’s already there.” Such an audit monitors not only who accessed the file, but what the attributes of that file were.

Connecting the dots may unearth a relevant pattern in the type of file that was accessed or altered; one that will be useful when it comes to filtering the attributes upon investigation of a threat. In the event of such a security breach, the server audit will tell you exactly who accessed what file; not just when and where the breach occurred. With that you can assign accountability accordingly.

The fabric of a modern successful enterprise is a patchwork of remote, on-site and international workers all making use of the same operating system. Windows server 2012 allows administrators to configure the audit policy to monitor those accessing devices with removable storage. The server can create a success audit whenever a successful attempt is made to read or alter files, as well as create failure files for unsuccessful attempts on a removable storage device.

Windows Server 2012 provides a host of flexible auditing features to assist your organization in achieving the level of transparency required to comply with legislation. It protects your company by informing  relevant staff when a breach to your security occurs and enabling you to follow its path.

Of course, a layered approach to security is always the best and Windows Server 2012 will never be enough to protect a company by itself. The network should be protected by firewalls (preferably hardware) and antivirus suites, as well as a monitoring system that can dig a little bit deeper if something suspicious is flagged.


Photo Credits: Photo Credit: Apple |  Image by Lane Fournerat

William Thompson is the Marketing Manager at Power Admin, a server monitoring software business in the Kansas City area. You can find him on Google+ and Twitter. William has been a professional in website design, digital marketing and 3D/graphic design for over 20 years.



, , , ,