Technical data

ManualsBrandsQuatech ManualsComputer equipmentSSCF-200

JSC 36381 MARCH 30, 2000

Baseline

4-12

4.16 Auditing

Windows NT Server maintains three event logs to which entries are added in the

background – the System log, the Applications log, and the Security log. The OPS LAN

administrator can set up security auditing of a number of events on NT Server in User

Manager for Domains to help track user access to various parts of the system. To enable

security auditing, pull down the Policies menu and select Audit. Keep in mind that all

of the event logs are limited in size. Currently, the log settings for each log are set to

2048 Kilobytes (64K increments). The following auditing options have been adopted for

the SSC OPS LAN (see Table 4-9 SSC OPS LAN AUDITING POLICY).

Events to Audit Description Audited For Rationale

File and Object Access Tracks access to a directory or file that has been

selected for auditing under Explorer; tracks

print jobs sent to printers that have been set

auditing under the Printers folder.

<Not Audited> No requirement to track, since

most data on file server should

be accessible by crew.

Logon and Logoff Tracks user logons and logoffs, as a well as the

creating and breaking of connections to servers.

Success, Failure To track patterns of OPS LAN

usage.

Process Tracking Records detailed tracking information for

program activation, some types of handle

duplication, indirect object accesses, and

process exit.

Failure Only To track incidents of application

failure.

Restart, Shutdown, and System Tracks when the computer is shut down or

restarted; tracks the filling up of the audit log

and the discarding of audit entries if the audit

log is already full.

Success, Failure To report unavailability of the

network due to shutdown or

restart of file server.

Security Policy Changes Tracks changes made to the User Rights, Audit,

or Trust Relationship policies.

Success, Failure To track unauthorized

manipulation of user

Use of User Rights Notes when users make use of a user right

(except those associated with logons and

logoffs)

<Not Audited> No requirement to track.

User and Group Management Tracks changes in user accounts or groups

(creations, changes, deletions); notes if user

accounts are renamed, disabled, or enabled;

tracks setting or changing passwords.

Success, Failure To detect tampering.

Table 4-9

SSC OPS LAN AUDITING POLICY

4.17 File Backups

Selected directories on the File Server’s D: Drive will be backed regularly up to a PC

Hard. Data on clients laptops will not be backed-up; therefore, important data should

be transferred to the OPS LAN File Server. Additional backups may be performed if a

new file is uplinked and real-time configuration occurs. As this process requires crew