Interesting, that's the first time I've heard a requirement to have just the event logs encrypted. When your auditors come in do they reference any standards such as CIS, DISA, NIST ?
If this is a real requirement, I think it might make sense to coordinate the upgrade to 2008 and enabling BitLocker instead of going through the hassle of bringing in a 3rd party application. Although I don't know the scope or size of your organization, so that might not be possible. Chris Bodnar, MCSE, MCITP Technical Support III Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: Sean Martin <seanmarti...@gmail.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Date: 05/10/2011 03:43 PM Subject: Encrypting Event Logs Good morning/afternoon, My manager has requested I look for ways to "encrypt the event logs on our DCs". Apparently during one of our many audits (governing body to remain nameless) one of the auditors insisted that we should be encrypting the event logs on our DCs. I have since requested a formal finding be provided by the auditor indicating the perceived risks so that I can first identify if we have any mitigating controls already in place. With that, I thought I would start looking around for specific solutions. We're currently running Windows 2003 DCs in a Windows 2003 Native AD environment. I'm not finding a whole lot of solutions specific to encrypting "event logs". We are planning on introducing Windows 2008 R2 DCs this year so I will research bit locker, but, I'm concered about the inter-operability with Symantec SIM. I'm still working with very little information so I'm probably missing a lot of content. I guess I would just like to find out if anyone else has received similiar directives from an audit and what solutions or mitigating controls helped satisfy the auditor's concerns. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin