What is Windows File Integrity Monitoring?
In order to maintain the integrity of a Windows file system, File Integrity Monitoring is applied to ensure no unauthorized changes are made to files, folders or configuration settings.
What should it cover?
The monitoring approach needs to cover all file and folder attributes, including the file or folder properties (and in particular the security and permissions) as well as the file contents or composition. Enterprise Windows File Integrity monitoring solutions should use a cryptographic hash value, calculated for each file, to detect changes. This provides a unique 'DNA fingerprint' for each file, generated using a secure hash algorithm such as MD5, SHA1, SHA256 or SHA512, and provides a means by which even a minute change to a file will be detected.
It is also necessary to monitor Windows Registry hives, keys, and values as Windows configuration settings are controlled via Registry entries. In this way, all significant configuration attributes can be audited for compliance and tracked for changes – installed updates and programs, local user accounts, and the local security and audit policies, which cover everything from the screensaver being used through BitLocker and Windows Firewall settings.
And the number one solution that delivers all the key security and compliance benefits of file integrity monitoring is NNT Change Tracker™
Learn more about NNT Change Tracker here
For a free automated system compliance audit: