• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 205
  • Last Modified:

Tracking System Activity, etc.

I am in the process of finishing up my HIPAA Security Assessment and need to impliment something that will allow me to retrieve data on information systems activity and network intrusion attempts in a printed format.

I am currently in a mixed OS environment, upgrading to W2k3 servers.

Any ideas?
1 Solution
Ron MalmsteadInformation Services ManagerCommented:
Use pix (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html) ...w/ websense software (http://ww2.websense.com/global/en/Downloads/)...you can setup an http secure server to pull realtime reports like productivity loss, highest usage, most used internet app, urls per user per date; setup alerts via email, and best of all...It's AD integrated.

...anyway that's what I use.
Eeew.. "information systems activity" could mean many things, and may or may not share common ground with network intrusion attempts, depending on your point of view. Sorry to say, but Websense is not going to be much help here in the real world... it's like using a spanner when you need a hammer.

For data on infosys activity, you'd be looking primarily at host-based logging systems, such as GFI's Security Event Log Manager or Network Server Monitor (www.gfi.com). It may be worthwhile looking at syslog collectors and analysis tools to collate all your server logs in one central place and analyse them as a whole. You may want to take a look at Consul Insight (www.consul.com), it's a great tool in this area, very powerful.

On the upper end of the scale, you'll be looking at host-based intrusion detection, which generally monitors more than just intrusion activity and provides log consolidation and event correlation tools... there are many products out there, but a few big vendors inslude Symantec, ISS and of course Cisco (although I believe that they should stick to what they know: routing).

The same 3 vendors mentioned above also supply network intrusion detection and prevention systems (Network IDS/IPS). The Symantec one is very nice to work with (Symantec Network Security -- SNS 7100 series). These systems will report on network intrusion attempts, and can provide reports that you can print.

If you're looking to corellate information from many disparate sources in order to be able to report on network intrusion attempts as seen by your firewalls, IDS/IPS and servers, you're into expensive (but fun!) territory: incident management tools. Symantec, ISS and Netforensics come highly recommended.

Hope this helped!

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now