Solved

Monitoring a file

Posted on 2004-10-12
7
190 Views
Last Modified: 2013-12-04

We have a couple of files that we would like to monitor what happens to them.  For example, if they are emailed anywhere, or saved to a floppy disk, we would like to know.  Is there anyway to set up a security log for this?  Or are there any programs that do this for me?

Thanks.
0
Comment
Question by:tegryan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 12287840
You can enable auditing for the files, but that will only record deletions and accesses by individuals.  It's virtually impossible to tell if a user copied it to a floppy or emailed it.  Typically, companies disable floppy drives in BIOS and scan email incoming and outgoing to ensure their corporate security.
0
 

Author Comment

by:tegryan
ID: 12288084
Hmmm, interesting.

I don't know much about packet sniffers, but would it be possible to monitor outgoing packets for the file name or something?

Thanks.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 12288225
Probably not as the files will be accessed through SMB networking which is encrypted.  But if you monitor your email server as it sends messages, you can scan the SMTP traffic for the file name.  To do this effectively, I'd probably try to setup a relay SMTP server so you can catch the messages before they actually go out.  You'd have to find a way to "pause" e-mail sending from the second SMTP server, but otherwise, you'd be able to detect the messages and who sent them as SMTP is NOT encrypted.  Of course if the user used some sort of PGP or something, then it might NOT be possible.
0
 

Author Comment

by:tegryan
ID: 12289912
Hmm, unfortunately that wont work.  What we are trying to protect against is web based email systems, mostly.  This is a tough one, because we need the users to have access to the files, but not take them home.

Thanks for your help so far, I'll leave this question open for a few more days and if remains unanswered i'll give you some or all of the points.

Thanks.
0
 
LVL 3

Assisted Solution

by:Gargantubrain
Gargantubrain earned 250 total points
ID: 12348621
The thing is, if you allow "access to the files" then they can always save them as another name, print them, etc.

There will always be a way around any security you can put in place, even if someone has to resort to writing something down or taking a picture of their monitor.

You have to consider your costs, time, and effort versus providing an acceptable level of security. It is easy to restrict access to your files to a specific group of people, but it is harder to ensure that none of those people can take the files somewhere else.

What you can do is make users sign a non-disclosure agreement and an employee handbook acknowledgement form. In other words, you can make the employees liable in the event that the choose to take an action contrary to the rules set forth by your company. If your non-disclosure says they will not make copies of files and take them off-site, and then they do, your lawyers will be able to take legal action. I know that is not the answer you are looking for, but there is no way for system administrators to enforce honesty. At least you can make sure you have recourse in the event that someone violates policy or steals trade secrets.

If your security needs are absolute, then you will have to take measures such as only allowing access to the files from highly secured workstations (no floppy & usb ports, no Internet access, etc), with constant supervision (someone always watching you). For most users and most data, this level of security is far too extreme and unreasonable.
0

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question