Audit trails maintain a record of system activity. They leave a series of records of computer events about an operating system, applications and even user activities. This ensures that system resources have not been harmed by hackers, insiders, disgruntled employees, and technical problems that may arise.
Benefits of Audit Trails
They can provide security-related objectives, individual accountability, reconstruction of events, intrusion detection, and problem analysis. When granting or accessing sensitive information it’s important to know who or when it happened. Employees should be held accountable for their actions.
According to The National Institute of Standards and Technology (NIST), application-level audit trails can be helpful because it monitors:
- All demands directly initiated by the user
- All identification and authentication attempt
- Files and resources accessed
Any form of audit is helpful to determine causes of system crashes to help prevent future outages. We can trace where the problem is and provide a recovery process. For example, detecting a performance issue can often be traced back to system performance logs such as disk file space, outgoing modem use which could indicate problems.
More importantly, Microsoft’s Active Directory can generate a wide range of security events. Options include a real-time log-based intrusion detection and analysis. Is your IT company looking into these events in across the network? There are free options such as Log Parser Lizard, OSSEC and Event Log Analyzer.
In the Systems Administrator realm there are four “A”s to account management from our partners at ESET:
- Authentication – Every person requires a log-in, establishing an identity to show that we are who we say we are. This is choosing a username or password associated with an online account.
- Authorization – Allowing access or granting permission to do tasks in a specific network. In short, this is an approval process. This can be in a form of private, shared, sensitive files and directories. Limiting amounts of storage or duration of access are all part of authorization.
- Access Control – Defining privileges and exclusion of users on restricted areas. What’s important is allowing access to resources necessary to carry out their tasks.
- Audit Logging – Permissions and exclusions as unwanted or unexpected things happen. As stated earlier, anything can happen and it would be wise to keep a log of every activity.
A disgruntled worker can sabotage an organization—it’s critical that your IT company knows the four “A”’s of account management. Placing a value on event logs and audit trails can help solve a technical problem. Audit trails are not only critical for troubleshooting, but for preventative maintenance.