Security auditing is a process by which one can create an audit trail of all the actions taken on sceurable resources in an enterprise. Before I discuss security audit and security audit softwares lets look into a very simple example of auditing that you may be doing everyday. Everytime you have some serious problem in your software application, one of the important trouble shooting step is to look into Event Log of your machine. And in event viewer one of the nodes is Security. If you have enabled some auditing options in Local Security Policy or Domain Security Policy you will notice a lot of messages in the security event log letting you know about failed or successful authentication attempts that took place.

I just presented a very simple auditing that almost all of us do on day to day basis for troubleshooting some application issue or other issues. A real security audit is little more than this. File security, data security, email security and network security are becoming a major concern for all users irrespective if you are home user or an enterprise user. To proctect resources every enterprise employs security auditing to nip the problem right in the bud. What this means is that companies do not wait for the crime to take place to perform security audit or forensics, they want to keep an eye on day to day resource access activities and employ some policy based softwares that can alert them if something fishy happens. Sometime companies hires outside agencies to conduct security audit for them before they launch an application or deploy some network configuration. They will pay some high profile hackers to get through their security nets and gain access to critical resources. This process serves multiple purposes for them. One it exposes any security holes if resources get compromised. They can plug those holes beore going live. Second it tests effectiveness of the audit and notification softwares in place. Third the process can act as a fire drill to check how effective their IT staff in responding to audit alters and taking ncessary actions immediately before problem spreads.

Security audit afters require a lot of data gathering to analyze and generate some meaningful reports. The analysis of the gathered data can generate reports that can help answer very useful security related questions. Some of the questions can be

• Is some user trying to connect to a share which he is not supposed to?
• Does some user have more previleges than he really needs?
• Who are the users who have access to critical resources and is there some unathorized user trying to access those resources. That user may not have accesses those resources but contonous attempts is a matter of convern?
• Are than any ports open on the network that should not be?
• Are there any applications running with higher previleges unnecessarily?

This is a very small list of question to just give you some idea. So if you are person responsible for security of resources in your company then it is very important that you get some more information about security audit softwares and get your network audited at regular intervals. Few bucks and hours spent to take preventative measures are worth the time and money.