Large organizations may have hundreds of servers and thousands of computers as clients of those servers. Ensuring the security of such a vast array of computers and the data stored thereon is a big challenge for IT administrators.
When it comes to network security, many organizations still seem to invest a fortune in traditional security solutions such as firewalls, antivirus, data encryption and so forth. These methods have proven reasonably effective in network security, but nonetheless many security breaches still occur. One of the reasons is that these traditional security solutions focus on external threats. When the origin of the threat is internal, such network security solutions may not be of great help.
Another point to take into account is regulatory compliance. If you operate in an industry vertical where you have to consider regulatory compliance, having the means to protect only against external threats can result in audit failure and significant financial penalties. To stay complaint in the face of such audits you need to plan a 360-degree defense approach which gives equal weight to both internal and external threats and also looks at the problem from an auditing perspective.
Having understood the importance of internal security, the question is, what can be done to ensure security against internal threats, such as those caused by legitimate employees, delegated users etc? Organizations using Microsoft technology can use Active Directory and Group Policy Objects to centrally enforce strong security policy through user rights and permissions governing access to resources and data. However, as important as it is to implement such policy, it is equally important to track its effectiveness through proper auditing.
"Audit only what is required or where threat perception is more than any other resource"
Devising a strong audit policy goes a long way in ensuring security against internal threats. A well planned and meticulously deployed audit policy can ward off a number of threats originating from unauthorized access by internal staff, password guesses, unwanted changes, incorrect permission assignment and even accidental changes and deletion.
However, organizations’ auditing strategies must take into account all resources and each user’s activity to minimize the probability of a security breach. But as you might have surmised, it’s inefficient for an organization to invest in that kind of resource to track each and every change without using any specialized software. Looking at the issue at a more micro level, audit logs remain scattered around the network in various servers and client systems. Also, each event generates numerous lines of logs, and the total logs generated in a day could be too much to flip through manually.
Considering these issues, the objective should be to analyze security risks meticulously and devise a differential auditing strategy with an emphasis on vulnerable resources. Audit only what is required or where threat perception is more than any other resource. Also, consolidate all logs in a centralized database. This will minimize the chances of log deletion or manipulation and will also make it easier to process the logs and present them in a format which can be easily analyzed to take informative decisions. Taking these factors into account, you can design an effective auditing policy to tighten Windows environment security.
About the Author
Rupesh Kumar is the director of Lepide Software Pvt Ltd, a Microsoft Gold Partner (Application Development). This India-based company offers advanced products required by IT organizations for change auditing, identity and access management, business continuity, IT administration solutions and more