Tracking System Activity, etc.

Posted on 2005-05-17
Last Modified: 2010-04-11
I am in the process of finishing up my HIPAA Security Assessment and need to impliment something that will allow me to retrieve data on information systems activity and network intrusion attempts in a printed format.

I am currently in a mixed OS environment, upgrading to W2k3 servers.

Any ideas?
Question by:RSchierer
    LVL 25

    Expert Comment

    by:Ron M
    Use pix ( ...w/ websense software ( can setup an http secure server to pull realtime reports like productivity loss, highest usage, most used internet app, urls per user per date; setup alerts via email, and best of all...It's AD integrated.

    ...anyway that's what I use.
    LVL 2

    Accepted Solution

    Eeew.. "information systems activity" could mean many things, and may or may not share common ground with network intrusion attempts, depending on your point of view. Sorry to say, but Websense is not going to be much help here in the real world... it's like using a spanner when you need a hammer.

    For data on infosys activity, you'd be looking primarily at host-based logging systems, such as GFI's Security Event Log Manager or Network Server Monitor ( It may be worthwhile looking at syslog collectors and analysis tools to collate all your server logs in one central place and analyse them as a whole. You may want to take a look at Consul Insight (, it's a great tool in this area, very powerful.

    On the upper end of the scale, you'll be looking at host-based intrusion detection, which generally monitors more than just intrusion activity and provides log consolidation and event correlation tools... there are many products out there, but a few big vendors inslude Symantec, ISS and of course Cisco (although I believe that they should stick to what they know: routing).

    The same 3 vendors mentioned above also supply network intrusion detection and prevention systems (Network IDS/IPS). The Symantec one is very nice to work with (Symantec Network Security -- SNS 7100 series). These systems will report on network intrusion attempts, and can provide reports that you can print.

    If you're looking to corellate information from many disparate sources in order to be able to report on network intrusion attempts as seen by your firewalls, IDS/IPS and servers, you're into expensive (but fun!) territory: incident management tools. Symantec, ISS and Netforensics come highly recommended.

    Hope this helped!

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now