Considerations for Designing the Auditing Process

  
     
  By endeavor03
  
   
     
  After you design the revocation process, you can design the auditing process. As you design the auditing process, think about the following things:

•Consider the configuration of auditing.
Q Auditing of CA activity requires configuration in the Certification Authority console, but it is dependent on the establishment of object access auditing in the Windows Settings, Security Settings, Local Policies, Audit policy of the appropriate Group Policy Object (GPO).

Q If object access auditing is not turned on, specific CA activity will not be recorded in the Security event log. If the CA exists on a member server, the Audit policy should be set using Group Policy. The GPO should be linked to the domain or organizational unit (OU) that the CA computer is a member of. (The design of Group Policy is discussed in Chapter 5 and Chapter 8.)

•Consider the events that can be audited. These are configured from the CA audit properties page as shown in Figure 2-17.

Q Back Up And Restore Of The CA Database. Auditing these events provides a MCSE Certification solid record of backup. Checking for successful backup is always a sound activity. In addition, an unexpected restore of the CA database located by the audit might be an indication of tampering and should be investigated.

Q Change CA Configuration. Auditing these events allows for the tracking of successful and unsuccessful changes to configuration against planned and approved changes and provides a record of proper maintenance. Possible tampering can also be confirmed. Configuration events audited include adding and removing templates, configuration of the CRL publication schedule, configuration of the CDPs and AIAs, changes to policy modules, and key archival and recovery.

Q Change CA Security Settings. These events include the configuration of CA roles for role-based administration, setting of restrictions on Certificate Managers, and the configuration of auditing. It's important to note that these configuration events are not recorded by turning on the Changes In Configuration settings you must turn on Changes In CA Security Settings Auditing.

Q Issue And Manage Certificate Requests. Auditing these events will record successful and failed attempts at issuance of certificates and their management. A record can be produced for each certificate requested, issued, or imported.

Q Revoke Certificates And Publish CRL. Auditing these events will record successful and failed attempts to revoke certificates and publish CRLs.

Q Store And Retrieve Archived Keys. If key archival is configured, auditing these events will record successful or failed attempts at storage and retrieval. Access to archived keys should be performed only according to strict policy to ensure that only authorized administrators retrieve the keys and that they are returned to the correct owner. There are technical controls to ensure this; however, checking the audit of the process against documented approved need will enable discovery of unauthorized attempts and compromised keys.

Q Start And Stop Certificate Services. Stopping and starting certificate services is necessary to accomplish some configuration and policy changes, as well as CA key renewal. The actual events should always be audited against approved maintenance.

Consider which events to audit.
Q To decide which events to audit, determine how much knowledge is needed. The amassing of large volumes of records that might never be examined is counterproductive. The policy, and therefore the design, of the audit should keep these things in mind. One way to make a 70-290 Exam determination is to examine the impact of auditing each event and make decisions based on impact vs. value.

Q You should also "work with your organization's legal department to determine whether auditing certain types of events are required by law or regulation and what the retention period is for keeping records of those events.

Q The first attempt at decision making can be based on which audited events produce few records and yet provide valuable and critical security information. Items such as the stopping and starting of Certificate Services, storage and retrieval of archived keys, backup and restore, and configuration changes should not overwhelm event logs with activity, and all provide information that is critical to understanding the security status of the CA and being able to reconstruct major CA security policy operations.

Q Gathering the events just listed costs little but produces a large benefit. However, recording each certificate request, issuance, and revocation and each CRL publication might have little value in many environments and the current information can be found in the IT certification Authority console. Collecting such information in the security log would seem to be useful only for reconstruction of events and for keeping permanent records of activity. Collecting the information in the security log will vastly increase the amount of records and thus the amount of space needed to maintain logs and log archives. It might also overwhelm those whose responsibility it is to review the logs. Important events can be hidden in a sea of ordinary activity.

  
   
  Article Source: http://interpret.zar.vg   
     
  About The Author
The first attempt at decision making can be based on which audited events produce few records and yet provide valuable MCSE Exam and critical security information. 		 
     
 
More Articles about: Accounting
 		  
 
  • Five Ways To Stop Smoking That Stand A Chance To Work An article by Jessie Penn
  • Plus Size Fashion The Caftan
  • How To Reduce Costs of Automobive Accidents
  • Interesting Web Design Will Surely Make Your Business Shine
  • How to Get Rid of Mosquito Bites Learn Best Tips
  • LED Industry Patent Strategy Research and Reference Examples
  • Key Steps To Get Your Holiday Greeting Cards Printed Effectively
  • Binary Options Trading Simple Steps to Success
  • Effortlessly Resolve Tax Levies and Release Internal Revenue Service Liens with Tax Help
  • Virtual PBX Phones
  • The Most Common Reasons for Business Success and Failure
  • Tips For Your Next Double Mattress
  • How To Increase Website Traffic For Free By Giving Away A Free EBook
  • The benefits of payroll services..
  • The risks of poor payment of employees
  • VIDEOS AND LYRICS
  • Enjoy Santorini Isle easily
  • Fashion for Middle Aged Woman
  • Advantages of Online Computer Training
  • The Asus Netbook And Its Amazing Features
  • Email Response Services
  • The King Of Scooter Parts
  • Fashionable Bomber Jacket Style
  • The Most Effective Way To Select A Chartered Certified Accountancy Firm
  • IRS Tax Lien: Act Fast to Avoid Consequences
    •      		  
         
         
        © 2012 interpret.zar.vg