Configuring a Free Automated Host Auditing System for windows 2000 Server and 2003 Server.

This project will bring together a collection of tools that monitor different aspects of a host. This host auditing system has been deployed on our more critical servers in order to reduce the time between an intrusion and its detection as well as to monitor the system state in order to more easily identify important changes to the operating system. In this way even if an attack isn't stopped, it can be detected early, perhaps even before a hacker has a chance to fully exploit their entry. The characteristics monitored include unneeded services, unnecessary open ports, multiple system/security events, drivers, shared folders, programs that load during startup and network configurations. Most software security tools (especially free ones) track a single aspect of a computer's state such as file usage, user accounts or network status. Similarly, the event log tracks changes to objects such as single user accounts, but it does not provide any kind of overview of the system. This project provides one method for combining multiple tools to measure most of the important aspects of a system. Care was taken to select the most important aspects of a system from a security perspective, while not monitoring so much that the audit tool would significantly degrade performance on the system or take too long to run.