CYB 205 University of Phoenix Steps for Network Security Assessment Discussion

At the end of the lab, you will be asked to respond to the following in a 2- to 2.5-page response at the end of your Microsoft Word document:

Describe what information was contained in the logs and what value they might have in a security investigation.

Address the following in your response:

• Think about the challenges of getting all the Active Directory audit policy settings right. For an infrastructure administrator, how important are these types of settings?
• What are the risks associated with logging too little data or not auditing the correct events?
• What are the risks associated with logging too many events?
• When the default configuration is to create audit logs, what impact can this have on security incident investigations?
• This was just a single domain with 2 systems on a local LAN. How much more complicated would auditing and log management be for 100 computers? What about an enterprise with 10,000 computers in several domains on their LAN/WAN?
• Considera cloud-hosted Infrastructure as a Service (IaaS) environment with many new, Internet-accessible systems regularly being built and brought online. What challenges might there be managing audit policies and logs in such an environment?

Finally, conclude this week’s assignment with a page explaining how the tools and processes demonstrated in the labs might be used by an infrastructure administrator to help secure an environment.