?
Solved

Monitoring a file

Posted on 2004-10-12
7
Medium Priority
?
197 Views
Last Modified: 2013-12-04

We have a couple of files that we would like to monitor what happens to them.  For example, if they are emailed anywhere, or saved to a floppy disk, we would like to know.  Is there anyway to set up a security log for this?  Or are there any programs that do this for me?

Thanks.
0
Comment
Question by:tegryan
  • 2
  • 2
5 Comments
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 1000 total points
ID: 12287840
You can enable auditing for the files, but that will only record deletions and accesses by individuals.  It's virtually impossible to tell if a user copied it to a floppy or emailed it.  Typically, companies disable floppy drives in BIOS and scan email incoming and outgoing to ensure their corporate security.
0
 

Author Comment

by:tegryan
ID: 12288084
Hmmm, interesting.

I don't know much about packet sniffers, but would it be possible to monitor outgoing packets for the file name or something?

Thanks.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 12288225
Probably not as the files will be accessed through SMB networking which is encrypted.  But if you monitor your email server as it sends messages, you can scan the SMTP traffic for the file name.  To do this effectively, I'd probably try to setup a relay SMTP server so you can catch the messages before they actually go out.  You'd have to find a way to "pause" e-mail sending from the second SMTP server, but otherwise, you'd be able to detect the messages and who sent them as SMTP is NOT encrypted.  Of course if the user used some sort of PGP or something, then it might NOT be possible.
0
 

Author Comment

by:tegryan
ID: 12289912
Hmm, unfortunately that wont work.  What we are trying to protect against is web based email systems, mostly.  This is a tough one, because we need the users to have access to the files, but not take them home.

Thanks for your help so far, I'll leave this question open for a few more days and if remains unanswered i'll give you some or all of the points.

Thanks.
0
 
LVL 3

Assisted Solution

by:Gargantubrain
Gargantubrain earned 1000 total points
ID: 12348621
The thing is, if you allow "access to the files" then they can always save them as another name, print them, etc.

There will always be a way around any security you can put in place, even if someone has to resort to writing something down or taking a picture of their monitor.

You have to consider your costs, time, and effort versus providing an acceptable level of security. It is easy to restrict access to your files to a specific group of people, but it is harder to ensure that none of those people can take the files somewhere else.

What you can do is make users sign a non-disclosure agreement and an employee handbook acknowledgement form. In other words, you can make the employees liable in the event that the choose to take an action contrary to the rules set forth by your company. If your non-disclosure says they will not make copies of files and take them off-site, and then they do, your lawyers will be able to take legal action. I know that is not the answer you are looking for, but there is no way for system administrators to enforce honesty. At least you can make sure you have recourse in the event that someone violates policy or steals trade secrets.

If your security needs are absolute, then you will have to take measures such as only allowing access to the files from highly secured workstations (no floppy & usb ports, no Internet access, etc), with constant supervision (someone always watching you). For most users and most data, this level of security is far too extreme and unreasonable.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question