I was recently reviewing the Advanced Security Audit settings available for Windows 2008 and above and decided to create a spreadsheet with all of the details. While Microsoft does have all of the details on their website, the details are spread across multiple pages. Having it all in one document made it easier to research each setting, compare the defaults to existing settings, and make recommendations for changes. The spreadsheet can be downloaded off of Google Drive below:
The spreadsheet contains two worksheets. The first gives the default for each setting and the volume of logs generated with each setting.
The second worksheet lists every Event ID generated by each setting and the message associated with each Event ID.
Hopefully this will be useful to others.
If you read the computer security news feeds, you’ve probably heard about the recent Java 7 and IE 6-9 exploits. The problem is that these exploits are discovered before there are any patches or reasonable workarounds for them. Fortunately, there is something that can be done to provide some additional protection that doesn’t involve an anti-virus company. Earlier this year, Microsoft released the Enhanced Mitigation Experience Toolkit (or EMET) version 3. The goal of EMET is to make exploitation of Windows applications difficult or impossible using the common attack techniques we see today. It’s not a silver bullet and won’t protect against every type of attack. But it does add additional layers of protection to your system by enforcing DEP, ASLR, Heap Spray Protection and more. (more…)