I have no idea where the auditor was coming from. I'm hoping to get additional, more formal information.
- Sean On Tue, May 10, 2011 at 11:46 AM, Andrew S. Baker <asbz...@gmail.com> wrote: > Encrypt them from who? > > They're not accessible unless the machine is off and one has physical > access... > > Ask them if they have a reference for any tools to encrypt them... I > could see if you were forwarding them via syslog and they wanted those > encrypted... > > > > *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) > *Harnessing the Advantages of Technology for the SMB market... > > * > > > > On Tue, May 10, 2011 at 3:43 PM, Sean Martin <seanmarti...@gmail.com>wrote: > >> Good morning/afternoon, >> >> My manager has requested I look for ways to "encrypt the event logs on our >> DCs". Apparently during one of our many audits (governing body to remain >> nameless) one of the auditors insisted that we should be encrypting the >> event logs on our DCs. I have since requested a formal finding be provided >> by the auditor indicating the perceived risks so that I can first identify >> if we have any mitigating controls already in place. >> >> With that, I thought I would start looking around for specific solutions. >> We're currently running Windows 2003 DCs in a Windows 2003 Native AD >> environment. I'm not finding a whole lot of solutions specific to encrypting >> "event logs". We are planning on introducing Windows 2008 R2 DCs this year >> so I will research bit locker, but, I'm concered about the inter-operability >> with Symantec SIM. >> >> I'm still working with very little information so I'm probably missing a >> lot of content. I guess I would just like to find out if anyone else has >> received similiar directives from an audit and what solutions or mitigating >> controls helped satisfy the auditor's concerns. >> >> - Sean >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin