Auditing--the forgotten art of Security

When it comes to security there is a lot of emphasis placed on Authentication and Authorization which of course make sense.  Sometimes, I think there is so much emphasis placed on Authentication and Authorization that we forget about another critical component which is Auditing.


A well designed Authentication mechanism does offer some level of protection, but it does not prevent such attacks as:


  • Dictionary Attacks

  • Brute Force Attacks

  • Input Tampering


In fact with out auditing how does one know that they are under a dictionary or brute force attacks?  There have been a lot of articles and blogs on the new Provider Model in ASP.NET 2.0 which greatly assist with Authentication and Authorization, but equally as well there is a new health monitoring capabilities in ASP.NET 2.0.


Maybe because of the name health monitoring not much attention is paid to the fact that this new feature in ASP.NET 2.0 allows you to instrument security in your application. 


Instrument ASP.NET 2.0 for Security allows ASP.NET 2.0 runtime components and controls to raise events for many common situation such as user management events and malicious input events.


User Management Events:

  • Password Resets
  • Password Changes
  • Account Lockout
  • User Registration
  • Authentication

Input Events:

  • Replay of old Authentication tickets
  • Too many logins over a set period of time
  • Login from different source IP

Therefore, when you are designing your next ASP.NET 2.0 Application for Authentication and Authorization don’t forget about Auditing.  In fact if you take a look at your Application log in the event viewer you will probably notice a few entries created by ASP.NET 2.0 runtime with authentication failure messages which are just some of the events being logged by default.