For More Information
This look at authentication auditing demonstrates the principles of security event auditing in Windows. Authentication is the place to start security event auditing, but it isn't the end. Numerically, the most common security problems with computers are password attacks (usually by guessing) and attempts to misuse accounts—both of which will usually be revealed by authentication-related events. However, other kinds of attacks, some of them potentially more dangerous, show up in other kinds of services.
Because auditing is so important, Microsoft provides a lot of resources on how to use Windows' auditing features and the sorts of things you should be auditing. Among the most useful places to get more information are the following pages on the Microsoft site:
- Windows auditing and intrusion detection
- How to enable and apply security auditing
- Configuring performance counters and logs
Rick Cook is the author of The Wiz Biz (Baen, 1997) and a series of books based in that universe.