Solved

Monitoring a file

Posted on 2004-10-12
7
187 Views
Last Modified: 2013-12-04

We have a couple of files that we would like to monitor what happens to them.  For example, if they are emailed anywhere, or saved to a floppy disk, we would like to know.  Is there anyway to set up a security log for this?  Or are there any programs that do this for me?

Thanks.
0
Comment
Question by:tegryan
  • 2
  • 2
7 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 12287840
You can enable auditing for the files, but that will only record deletions and accesses by individuals.  It's virtually impossible to tell if a user copied it to a floppy or emailed it.  Typically, companies disable floppy drives in BIOS and scan email incoming and outgoing to ensure their corporate security.
0
 

Author Comment

by:tegryan
ID: 12288084
Hmmm, interesting.

I don't know much about packet sniffers, but would it be possible to monitor outgoing packets for the file name or something?

Thanks.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12288225
Probably not as the files will be accessed through SMB networking which is encrypted.  But if you monitor your email server as it sends messages, you can scan the SMTP traffic for the file name.  To do this effectively, I'd probably try to setup a relay SMTP server so you can catch the messages before they actually go out.  You'd have to find a way to "pause" e-mail sending from the second SMTP server, but otherwise, you'd be able to detect the messages and who sent them as SMTP is NOT encrypted.  Of course if the user used some sort of PGP or something, then it might NOT be possible.
0
 

Author Comment

by:tegryan
ID: 12289912
Hmm, unfortunately that wont work.  What we are trying to protect against is web based email systems, mostly.  This is a tough one, because we need the users to have access to the files, but not take them home.

Thanks for your help so far, I'll leave this question open for a few more days and if remains unanswered i'll give you some or all of the points.

Thanks.
0
 
LVL 3

Assisted Solution

by:Gargantubrain
Gargantubrain earned 250 total points
ID: 12348621
The thing is, if you allow "access to the files" then they can always save them as another name, print them, etc.

There will always be a way around any security you can put in place, even if someone has to resort to writing something down or taking a picture of their monitor.

You have to consider your costs, time, and effort versus providing an acceptable level of security. It is easy to restrict access to your files to a specific group of people, but it is harder to ensure that none of those people can take the files somewhere else.

What you can do is make users sign a non-disclosure agreement and an employee handbook acknowledgement form. In other words, you can make the employees liable in the event that the choose to take an action contrary to the rules set forth by your company. If your non-disclosure says they will not make copies of files and take them off-site, and then they do, your lawyers will be able to take legal action. I know that is not the answer you are looking for, but there is no way for system administrators to enforce honesty. At least you can make sure you have recourse in the event that someone violates policy or steals trade secrets.

If your security needs are absolute, then you will have to take measures such as only allowing access to the files from highly secured workstations (no floppy & usb ports, no Internet access, etc), with constant supervision (someone always watching you). For most users and most data, this level of security is far too extreme and unreasonable.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Host Profile issue on Esxi 5.5 U3a 6 571
suspending the anti virus 6 140
firewall inside of network 9 80
deny local logon 12 107
Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question