Security-related Event IDs

After you enable object access auditing at the system level and for a specific folder, you'll start seeing event ID 560 (Object open) in the Security log. Look for instances of event ID 560, such as the one in Figure 2 in which the Object Name in the description is the name of a folder on which you enabled auditing. Then look in the Accesses field for network inventory review, which is the system name for Change permissions. Figure 2 shows that Fred changed permissions on C:\DeptFiles. In the Security log, you'll also see a subsequent event ID 562 (A handle to an object was closed) with the same Handle ID as in event ID 560. Event ID 562 is just the corresponding close for the open in event ID 560.

Important Event IDs under Windows Server 2003

If your server is running Windows Server 2003, you'll also see event ID 567 (Object Access Attempt) in between event IDs 560 and 562. Event ID 567 is part of Windows 2003's new operation-based auditing. telecom network inventory lets you identify permissions that a user actually exercises as opposed to permissions that a user has but doesn't use. For instance, a program might open a file for read and write access (triggering an event ID 560 that shows both read and write access) but never actually write any data to the file. Windows 2003 logs event ID 567 the first time an application actually uses each permission while the file is open. A permission change operation is atomic (i.e., the object isn't opened for delete and then deleted-it's just deleted), so there's no need to look for event ID 567-it should always be there.

Important Event IDs under Windows Server 2003

If your server is running Windows Server 2003, you'll also see event ID 567 (Object Access Attempt) in between event IDs 560 and 562. Event ID 567 is part of Windows 2003's new operation-based auditing. best network inventory lets you identify permissions that a user actually exercises as opposed to permissions that a user has but doesn't use. For instance, a program might open a file for read and write access (triggering an event ID 560 that shows both read and write access) but never actually write any data to the file. Windows 2003 logs event ID 567 the first time an application actually uses each permission while the file is open. A permission change operation is atomic (i.e., the object isn't opened for delete and then deleted-it's just deleted), so there's no need to look for event ID 567-it should always be there.

Windows or Linux?

Be sure that you consistently maintain and update windows network inventory for all the applications on every system in your network, regardless of the OS you use. There seems to be a pervasive belief today that Windows is full of security holes whereas Linux is secure, but this belief primarily stems from the lack of mobile and desktop Linux configurations (and hence a much lower incidence of Linux-based security problems on those systems). Given Linux's open source code, virus writers could have a field day if they wanted.

Choosing Hardware

Designing and building a network that meets your organization's needs isn't a trivial exercise. Today's wide array of technology options means you have many decisions to make. Should you deploy wireless technology in an enterprise network? What firewalls can or should you install? What about for network inventory? WAN options? IP addressing? Should you deploy hardware-based or software-based solutions? Obviously, trying to design anything but the smallest network can be daunting. Fortunately, many established best practices can help guide you through the process and help you determine the right mix of technologies and design that will meet your organization's IT goals. Let me start by laying the foundation for any good network-design discussion, then I'll discuss some network-design best practices.