• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

Securing Company Data From Sabotage

Hi all,

Just wondering how most people go about securing their important data from sabotage.  I watch over an office of about 30 workstations and almost everyone has access to almost everything (about 80 GBs worth of data on the server).  It has to be full access for just about everyone because they all need to create, edit, delete, the whole shabang, in just about every subdirectory.  The file server is running win2003 server enterprise ed. and setup as a domain controller.  I am doing rotational backups on 15 external hdds (2 backups per drive).  I have installed Undelete on the server so that all deletions from workstations are caught in a recovery bin.  As far as I can see, I still have one security hole.....If someone wanted to do some sabotage, they could open up files, clear the data and save as the same file name.  It wouldn't be a deletion, therfore it would not get caught in the recovery bin.  If these files went unnoticed for 6 weeks, the backup would be overwritten and the files would be lost forever.

Any ideas of how to get around this?

Thanks in advance
3 Solutions
Is your company under any type of goverenment or industry regulation?

Daily/Weekly/Monthly audit reports.  Reading the data and verifying that it is within defined limits.

There is nothing you can do other than this.  Even if you only had 2 employee's and 1 file.  If one of them wanted to  sabotage the data, they could do it.  It could be seconds, minutes, hours, days, weeks, months before somebody notices.

Do they really need to change the files?  If so, they you should look into some type of logging function.  What type of files are they?  
1bigboomstickAuthor Commented:
Company is not under any regulation.

How do I setup audit reports?

Yes they do need to change the files; and they are mostly .dwg files from AutoCAD and MicroSurvey files.  Drawings are constantly being created and modified by different employees.
You should have longer back up periods than 6 weeks, even if just for legal reasons.  What if an employee leaves the company then sues them over something and data is evidence, you can only go back 6 weeks.  A lawyer can't even file a brief in 6 weeks.  You should have a full backup tape from the end of the month taken offsite and stored, or at least end of the quarter.  Costs are minimal and if you really had to go back to find something from last year, you'll have it.

As for sabotage specifically, that's what all the content management software is for that everyone's getting into these days.  I've researched and tested some for some attorney clients but I could see it's value for any client.  By using the server (software) when an employee opens up a file, it records who opened it, what time they opened it, size of file, all kinds of details. You can have versioning so even if employee A changes a file, it'll keep the copy employee B made and the original, etc.  It's almost endless what it can track as long as your server and software budget is endless too.

The biggest downsides are costs and training.  The packages I've seen are expensive but most are component built meaning you can get some functions and leave out others you don't need (ie, tracking in Exchange, but not anything else, etc.)  I'm know there's other software that's cheaper and does similar things, perhaps on a smaller scale that would fit your needs.  Start here: http://www.hummingbird.com/products/docsopen/index.html

Hummingbird bought PCDOCS which was one of the most popular packages for law firms and they've expanded to cover more than just the legal industry.  Learn what it does and what you need then look around for a solution that's a better fit for your company and within your budget.  

Good luck!
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Umm.  Well the dwg files are these are graphic files, so there is no real audit report.  I am not sure about the MicroSurvey files.  I was thinking of text type files or databases.

What do you do for disaster recovery?  Ever hear of tape?  I would suggest some type of tape backup (multiple tapes) that you keep longer and keep it offsite, this way you can recover from almost anything.

Do daily tape backups and keep them for say 14 days onsite and do a weekly and keep for 8 weeks offsite and then also do a monthly and keep offsite for a year. You may miss some revisions, but you could go back a year to get something.  If you have a major disaster, then you can go back at most 1 week to recover everything.

If you need to recover document more recent than one week, then you need to send daily backups offsite.  Instead of tape, you could use offsite DASD and do file transfers daily.
Just a couple of ideas...
 - backups are great, and perhaps you can have two backup schedules: one weekly(?), and one monthly... so you have a comprehensive short-term backup, as well as longer-term "master" backups.
 - logs are also good... if you log everything a user does, not that you need it, but if something happens you can atleast investigate what happened.
Since you are using Win2003 server you could set up the Volume Shadow Copy Service on the network shares that these files are located in.  This service copies the file deltas any time a file is modified. The service checks for file changes on a set schedule but in the the example provided this would prevent the sabotage in the short term.  If the VSCS service was allocated enough storage space the file version history would go back several months.  Also you would need to implement monthly and weekly backups into your rotation as the previous posters have pointed out.
You really need some form of Versioning software with file locks.

If you go take a read and see how CVS [Concurrent Versioning System] does exactly what you're trying to accomplish, you'll find out that CVS makes copies of all changes, right up to the current ones, and therefore deletion is impossible.

The idea is easily transportable from the way the software world uses it to the ways it can be used in the other worlds, data, data entry, etc..

The important thing is file locks when you don't want some spurious user to overwrite a file and thus cause its deletion, intentional or by mistake.

In the CVS Repository system, even if the file is zeroed out and overwritten, all copies are never discarded, and, it keeps track of every change, in fact, it is by keeping track of the changes that it also saves space.

At least a look into the idea may provide you with a direction toward a better solution than simply backups.

Not that much really changes, even for large projects, and backing up 80 GB every night is sort of like replaying the same 20 movies over and over again, every day, when only one scene or program changes from day to day.  A differential system, akin to CVS, saves the changes, which barely amount to 1 GB, if that, over a day's work.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now