Monitoring a file

Posted on 2004-10-12
Medium Priority
Last Modified: 2013-12-04

We have a couple of files that we would like to monitor what happens to them.  For example, if they are emailed anywhere, or saved to a floppy disk, we would like to know.  Is there anyway to set up a security log for this?  Or are there any programs that do this for me?

Question by:tegryan
  • 2
  • 2
LVL 97

Accepted Solution

Lee W, MVP earned 1000 total points
ID: 12287840
You can enable auditing for the files, but that will only record deletions and accesses by individuals.  It's virtually impossible to tell if a user copied it to a floppy or emailed it.  Typically, companies disable floppy drives in BIOS and scan email incoming and outgoing to ensure their corporate security.

Author Comment

ID: 12288084
Hmmm, interesting.

I don't know much about packet sniffers, but would it be possible to monitor outgoing packets for the file name or something?

LVL 97

Expert Comment

by:Lee W, MVP
ID: 12288225
Probably not as the files will be accessed through SMB networking which is encrypted.  But if you monitor your email server as it sends messages, you can scan the SMTP traffic for the file name.  To do this effectively, I'd probably try to setup a relay SMTP server so you can catch the messages before they actually go out.  You'd have to find a way to "pause" e-mail sending from the second SMTP server, but otherwise, you'd be able to detect the messages and who sent them as SMTP is NOT encrypted.  Of course if the user used some sort of PGP or something, then it might NOT be possible.

Author Comment

ID: 12289912
Hmm, unfortunately that wont work.  What we are trying to protect against is web based email systems, mostly.  This is a tough one, because we need the users to have access to the files, but not take them home.

Thanks for your help so far, I'll leave this question open for a few more days and if remains unanswered i'll give you some or all of the points.


Assisted Solution

Gargantubrain earned 1000 total points
ID: 12348621
The thing is, if you allow "access to the files" then they can always save them as another name, print them, etc.

There will always be a way around any security you can put in place, even if someone has to resort to writing something down or taking a picture of their monitor.

You have to consider your costs, time, and effort versus providing an acceptable level of security. It is easy to restrict access to your files to a specific group of people, but it is harder to ensure that none of those people can take the files somewhere else.

What you can do is make users sign a non-disclosure agreement and an employee handbook acknowledgement form. In other words, you can make the employees liable in the event that the choose to take an action contrary to the rules set forth by your company. If your non-disclosure says they will not make copies of files and take them off-site, and then they do, your lawyers will be able to take legal action. I know that is not the answer you are looking for, but there is no way for system administrators to enforce honesty. At least you can make sure you have recourse in the event that someone violates policy or steals trade secrets.

If your security needs are absolute, then you will have to take measures such as only allowing access to the files from highly secured workstations (no floppy & usb ports, no Internet access, etc), with constant supervision (someone always watching you). For most users and most data, this level of security is far too extreme and unreasonable.

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question