Reasons to Perform Security Auditing

  • Find out who, what, when, where of transactions
  • Identify potential breaches and/or incidents
  • To fulfill goals and assessment of security policy
  • To reconstruct events and activities
  • For forensic proof of actions
  • To facilitate a security review
  • To generate reports

Things To Audit
External Boundary/DMZ – (Internet Routers and Firewall)
Internal Boundary – (MPLS links, wireless)
Public Services – (HTTP, FTP, SMTP)
VPN Ports – (Remote Access Sessions)
Server Logs – (DC’s, File Servers, Apps, DB, Print)
User Workstations – (Logons, Policy Changes, ETC)