auditing

Definition of auditing in The Network Encyclopedia.

What is Auditing?

The process of tracking and monitoring actions is performed on servers. Auditing is an important component of a general security policy for a corporate network. Auditing can be used to detect attempts at unauthorized access to network resources and to track the usage of shared resources. Auditing creates a record of which files have been accessed, who has logged on to the network, who has attempted to use a shared resource, and so on. Specifically, auditing records information in the security log about

  • What action was performed
  • Who performed the action
  • When the action occurred
  • Whether the action succeeded or failed

How It Works

In Microsoft Windows NT, auditing must first be enabled by configuring an Audit policy for the domain being audited. If you are auditing access to files and other objects, you must specifically enable auditing on the files and objects you want to audit by using the Security tab on the file or object’s property sheet.

Windows NT records two kinds of auditing information in the security log:

  • Success audits:
    Symbolized by keys and are usually used to track resource usage for capacity and resource planning

     

  • Failure audits:
    Symbolized by padlocks and are usually used to monitor network resources for unauthorized access attempts