Solved

Monitoring a file

Posted on 2004-10-12
7
186 Views
Last Modified: 2013-12-04

We have a couple of files that we would like to monitor what happens to them.  For example, if they are emailed anywhere, or saved to a floppy disk, we would like to know.  Is there anyway to set up a security log for this?  Or are there any programs that do this for me?

Thanks.
0
Comment
Question by:tegryan
  • 2
  • 2
7 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 12287840
You can enable auditing for the files, but that will only record deletions and accesses by individuals.  It's virtually impossible to tell if a user copied it to a floppy or emailed it.  Typically, companies disable floppy drives in BIOS and scan email incoming and outgoing to ensure their corporate security.
0
 

Author Comment

by:tegryan
ID: 12288084
Hmmm, interesting.

I don't know much about packet sniffers, but would it be possible to monitor outgoing packets for the file name or something?

Thanks.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12288225
Probably not as the files will be accessed through SMB networking which is encrypted.  But if you monitor your email server as it sends messages, you can scan the SMTP traffic for the file name.  To do this effectively, I'd probably try to setup a relay SMTP server so you can catch the messages before they actually go out.  You'd have to find a way to "pause" e-mail sending from the second SMTP server, but otherwise, you'd be able to detect the messages and who sent them as SMTP is NOT encrypted.  Of course if the user used some sort of PGP or something, then it might NOT be possible.
0
 

Author Comment

by:tegryan
ID: 12289912
Hmm, unfortunately that wont work.  What we are trying to protect against is web based email systems, mostly.  This is a tough one, because we need the users to have access to the files, but not take them home.

Thanks for your help so far, I'll leave this question open for a few more days and if remains unanswered i'll give you some or all of the points.

Thanks.
0
 
LVL 3

Assisted Solution

by:Gargantubrain
Gargantubrain earned 250 total points
ID: 12348621
The thing is, if you allow "access to the files" then they can always save them as another name, print them, etc.

There will always be a way around any security you can put in place, even if someone has to resort to writing something down or taking a picture of their monitor.

You have to consider your costs, time, and effort versus providing an acceptable level of security. It is easy to restrict access to your files to a specific group of people, but it is harder to ensure that none of those people can take the files somewhere else.

What you can do is make users sign a non-disclosure agreement and an employee handbook acknowledgement form. In other words, you can make the employees liable in the event that the choose to take an action contrary to the rules set forth by your company. If your non-disclosure says they will not make copies of files and take them off-site, and then they do, your lawyers will be able to take legal action. I know that is not the answer you are looking for, but there is no way for system administrators to enforce honesty. At least you can make sure you have recourse in the event that someone violates policy or steals trade secrets.

If your security needs are absolute, then you will have to take measures such as only allowing access to the files from highly secured workstations (no floppy & usb ports, no Internet access, etc), with constant supervision (someone always watching you). For most users and most data, this level of security is far too extreme and unreasonable.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question