desktop security software  
security desktop order software software library technical support

security desktop

Home

Desktop Security

Internet Security

PC Time Limit

Protect Files

Security FAQ

Windows Tips

Internet FAQ

 

limit, kids, pc, time, security, desktop, child, online, limits, password, control, user, restrict, access, protect, privacy, internet, children

 

 

 

No Default Auditor Account; Administrators Can Alter Audit Logs

NT's implementation of C2 security doesn't distinguish between an administrator and an auditor. In an ideal system, all administrator and user actions would be logged for later review by an auditor, and no users, including administrators, could cover their tracks by altering the logs. Currently, NT can log administrator actions, but there are several ways administrators can hide those actions. For example, rogue administrators can clear the event logs, effectively covering up actions they want to hide. However, clearing the event logs leaves a trail of evidence. First, an absence of events in the event logs is a situation that invites suspicion. Second, clearing the event logs is an audited event (Event 517 specifies that the event logs were cleared and by whom). In other words, administrators can cover their tracks, but they can't cover up the fact that they covered their tracks. The situation is similar if an administrator turns off auditing

Internet FAQ top
 

l Security Officer l Internet Explorer Security l Protect Files l User Time Control l Security Desktop l Site Map

Copyrights 2006 Eugene Mihailov. All rights reserved