The Importance of Security and the Event Viewer
With both operating systems, security is an area that is often not monitored by a user. With antivirus software, anti-malware and the Windows Firewall, most users want to think they are well protected and don't have a method of checking what is going on with the security of their operating system.
Users can share folders out and select to audit these individual folders (Auditing is enabled by using the GPEdit.msc or SecPol.msc snap-in). This method should be used in all businesses. By auditing files that are shared out, the user of Windows XP and Windows Vista can see when, where and how the files and folder was used. This information is seen in the Event Viewer of either operating system. As individual users use these files, an entry is made in the Event Viewer.
With the Windows Firewall, packets travel in and out of a computer at thousands of packets per second. These packets are normally filtered when the firewall is on. The event viewer keeps track of applications of inbound and outbound applications and packets. These packets and applications are logged in the Security Event Viewer. By anlayzing the Event Viewer (Security), you can see what applications are requesting network or internet connectivity.
In the event of a malicious attack, the Security Event Viewer can log information about where the information is coming from and how your computer reacted to the packets of data.
If computers are used as IIS (Webservers) or FTP servers (Servers that allow files to travel in and out), Microsoft Windows adds a category after these applications are added by the user. This allows the IP address of traffic to be logged as it travels in and out of the computer.
The Security Event Viewer is one of the most critical areas used to consolidate information about the use of an individual computer.
See my article on the Group Policy Editor here on BrightHub.