Banks, credit unions, insurance companies,
Best Practices for Securing Netwrix Auditor
|1. Limit access to computer where Netwrix Auditor is installed
Consider using Restricted Groups when applying group membership and User Rights Assignment policy settings to allow access to the Netwrix Auditor computer just for a limited group of users.
Best practices recommend removing all unnecessary accounts (including Domain Users group) from the local Users group on the machine where Netwrix Auditor is installed; this also refers to the VM with virtual appliance in the deployment scenario where it joins the domain.
2. Maintain roles in Netwrix Auditor carefully
Netwrix Auditor provides a flexible Role Based Access (RBAC) model. Use it to restrict what each user can do in Netwrix Auditor according to her actual responsibilities within the product.
For details about Netwrix Auditor RBAC, refer to the Section 3. Role-Based Access and Delegation of
3. Monitor Netwrix Auditor services
Ensure that critical Netwrix Auditor services are always up and running:
a) To secure your data in SQL databases, enable Microsoft Transparent SQL Encryption.
b) To secure the Long-Term Archive, use Microsoft BitLocker technology.
5. Use Netwrix Auditor to audit related systems
a) SQL Server databases
- Enable configuration and logon auditing on SQL Server used by Netwrix. Enable alerts for logon activity, roles and db_owner changes.
b) Servers with SQL Server and Netwrix Auditor
- Enable Local Users and Groups changes, services and software installations auditing
- Configure alerts on logs clearance and Local Administrator group changes.
- Enable video activity recording on SQL Server and Netwrix Auditor host using UAVR.
- Configure alerts on SQL Management Studio or Netwrix Auditor launch.
- Configure alerts on logons to SQL server and Netwrix Auditor host.
c) Netwrix Long Term Archive
- Enable auditing of the Netwrix Long Term Archive. Exclude Netwrix data processing account from the monitoring scope. Configure alerts for all read/modify/delete events as well as for failed activity.
6. Do offline backups of Long Term Archive regularly
This ensures that data will not be lost in case of sudden archive corruption, malicious actions, ransomware, or under other circumstances.
Some of our customers also prefer off-site or cloud backups to ensure integrity of their data.