How to audit sensitive file changes using out of…

Defending critical assets

In the wake the of the British Airways breach I thought I would shed some light on a technique to help detect and alert (help respond) to events that may affect critical business processes by modifying critical or sensitive files. We are going to start with a simple scenario using out of the box tools.

Auditing Critical Files

Windows Server comes with a number of security features including object access auditing, in this post we are going to take a brief look at enabling monitoring of sensitive data files. The example we are going to use are monitoring for changed to the web.config file used my .net web applications.

To start with in our example machine, we are going to need to enable audit object access either using local policy or preferably group policy (it should be noted you need to think about log volume, collection and retention/rotation). Read more “How to audit sensitive file changes using out of the box Windows Tools” →