At the end of the lab, you will be asked to respond to the following in a 2- to 2.5-page response at the end of your Microsoft® Word document:
- Describe what information was contained in the logs and what value they might have in a security investigation.
- Think about the challenges of getting all of the Active Directory audit policy settings right. For an infrastructure administrator, how important are these types of settings?
- What are the risks associated with logging too little data or not auditing the correct events?
- What are the risks associated with logging too many events?
- When the default configuration is to create audit logs, what impact can this have on security incident investigations?
- This was just a single domain with two systems on a local LAN. How much more complicated would auditing and log management be for 100 computers? What about an enterprise with 10,000 computers in several domains on their LAN/WAN?
- Consider a cloud-hosted Infrastructure as a Service (IaaS) environment with many new, internet-accessible systems regularly being built and brought online. What challenges might there be managing audit policies and logs in such an environment?
- Finally, conclude this week’s assignment with a page explaining how the tools and processes demonstrated in the labs might be used by an infrastructure administrator to help secure an environment.
