Solved

Securing Company Data From Sabotage

Posted on 2006-06-26
10
309 Views
Last Modified: 2008-03-03
Hi all,

Just wondering how most people go about securing their important data from sabotage.  I watch over an office of about 30 workstations and almost everyone has access to almost everything (about 80 GBs worth of data on the server).  It has to be full access for just about everyone because they all need to create, edit, delete, the whole shabang, in just about every subdirectory.  The file server is running win2003 server enterprise ed. and setup as a domain controller.  I am doing rotational backups on 15 external hdds (2 backups per drive).  I have installed Undelete on the server so that all deletions from workstations are caught in a recovery bin.  As far as I can see, I still have one security hole.....If someone wanted to do some sabotage, they could open up files, clear the data and save as the same file name.  It wouldn't be a deletion, therfore it would not get caught in the recovery bin.  If these files went unnoticed for 6 weeks, the backup would be overwritten and the files would be lost forever.

Any ideas of how to get around this?

Thanks in advance
0
Comment
Question by:1bigboomstick
10 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 16989345
Is your company under any type of goverenment or industry regulation?

Daily/Weekly/Monthly audit reports.  Reading the data and verifying that it is within defined limits.

There is nothing you can do other than this.  Even if you only had 2 employee's and 1 file.  If one of them wanted to  sabotage the data, they could do it.  It could be seconds, minutes, hours, days, weeks, months before somebody notices.

Do they really need to change the files?  If so, they you should look into some type of logging function.  What type of files are they?  
0
 
LVL 1

Author Comment

by:1bigboomstick
ID: 16989512
Company is not under any regulation.

How do I setup audit reports?

Yes they do need to change the files; and they are mostly .dwg files from AutoCAD and MicroSurvey files.  Drawings are constantly being created and modified by different employees.
0
 
LVL 5

Accepted Solution

by:
VortexAdmin earned 43 total points
ID: 16989551
You should have longer back up periods than 6 weeks, even if just for legal reasons.  What if an employee leaves the company then sues them over something and data is evidence, you can only go back 6 weeks.  A lawyer can't even file a brief in 6 weeks.  You should have a full backup tape from the end of the month taken offsite and stored, or at least end of the quarter.  Costs are minimal and if you really had to go back to find something from last year, you'll have it.

As for sabotage specifically, that's what all the content management software is for that everyone's getting into these days.  I've researched and tested some for some attorney clients but I could see it's value for any client.  By using the server (software) when an employee opens up a file, it records who opened it, what time they opened it, size of file, all kinds of details. You can have versioning so even if employee A changes a file, it'll keep the copy employee B made and the original, etc.  It's almost endless what it can track as long as your server and software budget is endless too.

The biggest downsides are costs and training.  The packages I've seen are expensive but most are component built meaning you can get some functions and leave out others you don't need (ie, tracking in Exchange, but not anything else, etc.)  I'm know there's other software that's cheaper and does similar things, perhaps on a smaller scale that would fit your needs.  Start here: http://www.hummingbird.com/products/docsopen/index.html

Hummingbird bought PCDOCS which was one of the most popular packages for law firms and they've expanded to cover more than just the legal industry.  Learn what it does and what you need then look around for a solution that's a better fit for your company and within your budget.  

Good luck!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 57

Expert Comment

by:giltjr
ID: 16989567
Umm.  Well the dwg files are these are graphic files, so there is no real audit report.  I am not sure about the MicroSurvey files.  I was thinking of text type files or databases.

What do you do for disaster recovery?  Ever hear of tape?  I would suggest some type of tape backup (multiple tapes) that you keep longer and keep it offsite, this way you can recover from almost anything.

Do daily tape backups and keep them for say 14 days onsite and do a weekly and keep for 8 weeks offsite and then also do a monthly and keep offsite for a year. You may miss some revisions, but you could go back a year to get something.  If you have a major disaster, then you can go back at most 1 week to recover everything.

If you need to recover document more recent than one week, then you need to send daily backups offsite.  Instead of tape, you could use offsite DASD and do file transfers daily.
0
 
LVL 7

Expert Comment

by:Okigire
ID: 16993074
Just a couple of ideas...
 - backups are great, and perhaps you can have two backup schedules: one weekly(?), and one monthly... so you have a comprehensive short-term backup, as well as longer-term "master" backups.
 - logs are also good... if you log everything a user does, not that you need it, but if something happens you can atleast investigate what happened.
0
 
LVL 1

Assisted Solution

by:BooneSaysHi
BooneSaysHi earned 41 total points
ID: 17005678
Since you are using Win2003 server you could set up the Volume Shadow Copy Service on the network shares that these files are located in.  This service copies the file deltas any time a file is modified. The service checks for file changes on a set schedule but in the the example provided this would prevent the sabotage in the short term.  If the VSCS service was allocated enough storage space the file version history would go back several months.  Also you would need to implement monthly and weekly backups into your rotation as the previous posters have pointed out.
0
 
LVL 12

Assisted Solution

by:GinEric
GinEric earned 41 total points
ID: 17009212
You really need some form of Versioning software with file locks.

If you go take a read and see how CVS [Concurrent Versioning System] does exactly what you're trying to accomplish, you'll find out that CVS makes copies of all changes, right up to the current ones, and therefore deletion is impossible.

The idea is easily transportable from the way the software world uses it to the ways it can be used in the other worlds, data, data entry, etc..

The important thing is file locks when you don't want some spurious user to overwrite a file and thus cause its deletion, intentional or by mistake.

In the CVS Repository system, even if the file is zeroed out and overwritten, all copies are never discarded, and, it keeps track of every change, in fact, it is by keeping track of the changes that it also saves space.

At least a look into the idea may provide you with a direction toward a better solution than simply backups.

Not that much really changes, even for large projects, and backing up 80 GB every night is sort of like replaying the same 20 movies over and over again, every day, when only one scene or program changes from day to day.  A differential system, akin to CVS, saves the changes, which barely amount to 1 GB, if that, over a day's work.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now