Speaking of networks as “living entities,” records of all events taking place in your environment are being logged right now into event logs and Syslog files across your servers, workstations and networking devices. Has somebody gained unauthorized to key enterprise information –such as customer credit card data, employees, patient or financial records or others? Is your compliance officer asking for SOX-centric reports? The best way to react and respond is by collecting, archiving, analyzing, alerting and reporting on key information entries stored in your log files. Compliance standards such as SOX, Basel II, HIPAA, GLB, FISMA, PCI DSS, and NISPOM require this.
Log management is a truly daunting task because log files can come from many different sources, in various formats, and in large quantities. Just consider that one single Windows server can generate 1GB of log data in just one single day! In order to stay on top of this deluge of info, you really need to build the right log management strategy.
Here at WhatsUp Gold, our Gurus have developed seven Best Practices for Event and Log Management (ELM) to get you started on the path towards efficient log management. Today I will cover the first of these helpful tips.
When developing an effective ELM strategy, it is important to first define your audit policy categories. The term audit policy, in Microsoft Windows lexicon, just refers to the types of security events you want to record in the security event logs of your servers and workstations. With Microsoft Windows NT® systems, you must set the audit policy manually, but in Windows 2000® or Windows 2003® Active Directory® domains, with “Group Policy” enabled, you can define uniform audit policy settings for groups of servers or the entire domain.
|Key Windows Event Logging Categories to Enable
- Logon Events – Success/Failure
- Account Logons – Success/Failure
- Object Access – Success/Failure
- Process Tracking – Success
- Policy Change – Success/Failure
- Account Management – Success
- Directory Service Access – Success/Failure
- Systems Events – Success/Failure
To read about all seven Best Practices, view the Whitepaper, or stay tuned for more of the ELM Best Practices Blog Series.
Ipswitch’s Jonathan Lampe will be attending this week’s PCI Security Standards Council Community Meeting in Orlando, FL. He’ll be blogging from the event to keep us updated on discussions about the new PCI DSS 2.0 and other key Council initiatives.
As part of their ongoing mission, The PCI Security Standards Council enhances and evolves the PCI Data Security Standards as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption. We anticipate some very interesting forum conversations to review and discuss how the PCI DSS should evolve with this next release.
In the meantime, thought you’d want to watch this great video from the PCI Security Standards Council website. BTW, the bearded singer is Bob Russo, the PCI Council’s General Manager. Great job with the video Bob!
Event Logs on Windows servers and workstations can pile up quickly and really, the task of storing, sorting and reporting on that log data is too important to leave room for human error.
Your senior management depends on you to take the necessary steps to meet and report on regulatory compliance standards like Sarbanes Oxley, Basel II, HIPAA, GLB, FISMA, PCI DSS, NISPOM and others.
Ipswitch WhatsUp Gold is excited to announce that we have the solution to this on-going issue. We’ve added the WhatsUp Event Log Management Suite to our extensive IT management solution so now these tasks can be automated for you!
And you know the best part of this announcement? We’re offering up to 38% off MSRP when you purchase the Suite. For those without a calculator handy, that’s 60% off buying each solution individually!
If you’re still reading . . . STOP and check out the deal for yourself! The offer stands until June 30th.