54 expression based auditing
-
Upload
mdabdul-nabi -
Category
Education
-
view
14 -
download
0
Transcript of 54 expression based auditing
Published: September 10th, 2012
Windows Server 2012: Identity and Access
Module 4: Expression-Based Auditing.
Module Manual Author: Andrew J Warren, Content Master
Microsoft Virtual Academy Student Manual ii
Information in this document, including URLs and other Internet Web site references, are subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. ® 2012 Microsoft Corporation. All rights reserved. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft Virtual Academy Student Manual iii
Contents
CONTENTS .................................................................................................................................................................................................................. III
MODULE 4: WINDOWS SERVER 2012 DYNAMIC ACCESS CONTROL OVERVIEW. .................... ERROR! BOOKMARK NOT
DEFINED.
Module Overview ................................................................................................................................... Error! Bookmark not defined.
LESSON 1: DATA CLASSIFICATION ......................................................................................... ERROR! BOOKMARK NOT DEFINED.
Overview of Data Classification ........................................................................................................ Error! Bookmark not defined.
Data Classification Toolkit ................................................................................................................... Error! Bookmark not defined.
Demonstration: Using Data Classification .................................................................................... Error! Bookmark not defined.
Demonstration: Import Classification Baseline ........................................................................... Error! Bookmark not defined.
LESSON 2: EXPRESSION-BASED ACCESS CONTROL ....................................................... ERROR! BOOKMARK NOT DEFINED.
Overview of Expression-Based Access Control ........................................................................... Error! Bookmark not defined.
Demonstration: Expression-Based Access Control.................................................................... Error! Bookmark not defined.
What Is a Central Access Policy? ...................................................................................................... Error! Bookmark not defined.
Demonstration: Creating an Access Policy ................................................................................... Error! Bookmark not defined.
Demonstration: Dynamic Access Control for Microsoft SharePoint .................................. Error! Bookmark not defined.
Demonstration: Central Access Policy with User Claims ......................................................... Error! Bookmark not defined.
LESSON 3: DATA ENCRYPTION ................................................................................................ ERROR! BOOKMARK NOT DEFINED.
Data Encryption Challenge ................................................................................................................. Error! Bookmark not defined.
Demonstration: Automatic Rights Management Protection................................................. Error! Bookmark not defined.
LESSON 4: EXPRESSION-BASED AUDITING ................................................................................................................................................... 4
Overview of Expression-Based Auditing .................................................................................................................................................... 5
Demonstration: Expression-Based Auditing ................................................................................ Error! Bookmark not defined.
FURTHER READING AND RESOURCES ............................................................................................................................................................. 6
Module 4: Expression-Based Auditing.
Microsoft Virtual Academy Student Manual 4
Lesson 4: Expression-Based Auditing
Central Audit Policy is a powerful tool to help maintain the security of an enterprise. One of the key
goals of security audits is regulatory compliance. Industry standards such as Sarbanes–Oxley (SOX),
HIPPA, PCI, and so on require organizations to follow a strict set of rules related to information
security and privacy. Security audits help to establish the presence (or absence) of such policies and
thereby prove compliance (or non-compliance) with these standards. Additionally, security audits
help to detect anomalous behavior, identify and mitigate gaps in security policy, and deter
irresponsible behavior by creating a trail of user activity that you can use for forensic analysis.
Module 4: Expression-Based Auditing.
Microsoft Virtual Academy Student Manual 5
Overview of Expression-Based Auditing
Windows Server 2012 enables administrators to author audit policies using expressions that take into
account what information users are accessing and who the user is. This enables organizations to
target auditing at specific information wherever it resides. This opens the doors to richer, more
targeted and easy-to-manage audit policies. It enables scenarios that until now were either
impossible or very difficult. For example, you can now easily author audit policies such as the
following:
Audit everyone who does not have a high security clearance and yet tries to access “high
impact” information.
Audit all vendors when they try to access documents related to projects that they are not
working on.
This helps to regulate the volume of audit events and limit them to only the most relevant
information/users so that you can monitor access to information across multiple servers without
generating an unmanageable volume of audit events.
In addition, the information tagging is recorded in the audit events so that the event collection
mechanism can provide contextual reports such as: Who accessed all the “high impact” information
in the last three months.
Module 4: Expression-Based Auditing.
Microsoft Virtual Academy Student Manual 6
Further Reading and Resources
For further information about the topics covered in this session, see the following resources:
Resources for IT Pros
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Diving Deeper into Dynamic Access Control
http://blogs.technet.com/b/wincat/archive/2012/07/20/diving-deeper-into-windows-server-
2012-dynamic-access-control.aspx
Next Step watch the Expression-Based Auditing demo video.