Auditing is an important aspect of an overall security plan.
Most modern systems can record all their activity in log files. These logs enable you to determine the effectiveness of your security implementation.
Through these activity logs, you can usually determine if an unallowable activity occurred and how it was able to occur.
Sort logs in several ways to identify possible problems. Analyze your access logs by
- User: to identify extended log on times, failed logon attempts, and resource utilization
- Supervisor, consultants, and administrators: to identify unusual activity
- Network address: to identify users and their expected network address
Log files should be secured to allow only the most privileged accounts of the operating system to access or write to them.
You should also change the default location for log file storage. Log files are hacker targets because they contain the evidence of hacker activities.