Reviewing the Security Log
After you have enabled auditing on the different events, you then need to view the audited information in the security log of event viewer. To view the audited information in the security log, follow these steps:
- Choose Start → Control Panel.
- In the Control Panel, click Performance and Maintenance and then Administrative Tools, located at the bottom of the window.
- In the Administrative Tools, double-click the Event Viewer to start the Event Viewer console.
- Select the log that you want to view, and you will notice a number of
events on the right side of the screen.
If you select the Security log, any events with a lock are failure events, and any events with a key are successful events.
- To view a description of a particular event, double-click the event.
Going back to the account logon failure example, you can see the date and time the logon was attempted. You can also view the username that was attempted and the computer that the person used to try to log on to the network.
A firewall is a piece of software or hardware that is designed to stop information from reaching your system unless you selectively choose certain pieces of information to pass through the firewall. This information is sent in the form of network packets (pieces of data) that are broken down into three parts:
- The header of the packet contains address information, such as source and destination addresses.
- The body of the packet contains the packet data, known as the payload.
- he trailer contains checksum information, which helps ensure that the data has not been tampered with or damaged in transit.