Securing Company Data From Sabotage

Posted on 2006-06-26
Last Modified: 2008-03-03
Hi all,

Just wondering how most people go about securing their important data from sabotage.  I watch over an office of about 30 workstations and almost everyone has access to almost everything (about 80 GBs worth of data on the server).  It has to be full access for just about everyone because they all need to create, edit, delete, the whole shabang, in just about every subdirectory.  The file server is running win2003 server enterprise ed. and setup as a domain controller.  I am doing rotational backups on 15 external hdds (2 backups per drive).  I have installed Undelete on the server so that all deletions from workstations are caught in a recovery bin.  As far as I can see, I still have one security hole.....If someone wanted to do some sabotage, they could open up files, clear the data and save as the same file name.  It wouldn't be a deletion, therfore it would not get caught in the recovery bin.  If these files went unnoticed for 6 weeks, the backup would be overwritten and the files would be lost forever.

Any ideas of how to get around this?

Thanks in advance
Question by:1bigboomstick
LVL 57

Expert Comment

ID: 16989345
Is your company under any type of goverenment or industry regulation?

Daily/Weekly/Monthly audit reports.  Reading the data and verifying that it is within defined limits.

There is nothing you can do other than this.  Even if you only had 2 employee's and 1 file.  If one of them wanted to  sabotage the data, they could do it.  It could be seconds, minutes, hours, days, weeks, months before somebody notices.

Do they really need to change the files?  If so, they you should look into some type of logging function.  What type of files are they?  

Author Comment

ID: 16989512
Company is not under any regulation.

How do I setup audit reports?

Yes they do need to change the files; and they are mostly .dwg files from AutoCAD and MicroSurvey files.  Drawings are constantly being created and modified by different employees.

Accepted Solution

VortexAdmin earned 43 total points
ID: 16989551
You should have longer back up periods than 6 weeks, even if just for legal reasons.  What if an employee leaves the company then sues them over something and data is evidence, you can only go back 6 weeks.  A lawyer can't even file a brief in 6 weeks.  You should have a full backup tape from the end of the month taken offsite and stored, or at least end of the quarter.  Costs are minimal and if you really had to go back to find something from last year, you'll have it.

As for sabotage specifically, that's what all the content management software is for that everyone's getting into these days.  I've researched and tested some for some attorney clients but I could see it's value for any client.  By using the server (software) when an employee opens up a file, it records who opened it, what time they opened it, size of file, all kinds of details. You can have versioning so even if employee A changes a file, it'll keep the copy employee B made and the original, etc.  It's almost endless what it can track as long as your server and software budget is endless too.

The biggest downsides are costs and training.  The packages I've seen are expensive but most are component built meaning you can get some functions and leave out others you don't need (ie, tracking in Exchange, but not anything else, etc.)  I'm know there's other software that's cheaper and does similar things, perhaps on a smaller scale that would fit your needs.  Start here:

Hummingbird bought PCDOCS which was one of the most popular packages for law firms and they've expanded to cover more than just the legal industry.  Learn what it does and what you need then look around for a solution that's a better fit for your company and within your budget.  

Good luck!
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

LVL 57

Expert Comment

ID: 16989567
Umm.  Well the dwg files are these are graphic files, so there is no real audit report.  I am not sure about the MicroSurvey files.  I was thinking of text type files or databases.

What do you do for disaster recovery?  Ever hear of tape?  I would suggest some type of tape backup (multiple tapes) that you keep longer and keep it offsite, this way you can recover from almost anything.

Do daily tape backups and keep them for say 14 days onsite and do a weekly and keep for 8 weeks offsite and then also do a monthly and keep offsite for a year. You may miss some revisions, but you could go back a year to get something.  If you have a major disaster, then you can go back at most 1 week to recover everything.

If you need to recover document more recent than one week, then you need to send daily backups offsite.  Instead of tape, you could use offsite DASD and do file transfers daily.

Expert Comment

ID: 16993074
Just a couple of ideas...
 - backups are great, and perhaps you can have two backup schedules: one weekly(?), and one monthly... so you have a comprehensive short-term backup, as well as longer-term "master" backups.
 - logs are also good... if you log everything a user does, not that you need it, but if something happens you can atleast investigate what happened.

Assisted Solution

BooneSaysHi earned 41 total points
ID: 17005678
Since you are using Win2003 server you could set up the Volume Shadow Copy Service on the network shares that these files are located in.  This service copies the file deltas any time a file is modified. The service checks for file changes on a set schedule but in the the example provided this would prevent the sabotage in the short term.  If the VSCS service was allocated enough storage space the file version history would go back several months.  Also you would need to implement monthly and weekly backups into your rotation as the previous posters have pointed out.
LVL 12

Assisted Solution

GinEric earned 41 total points
ID: 17009212
You really need some form of Versioning software with file locks.

If you go take a read and see how CVS [Concurrent Versioning System] does exactly what you're trying to accomplish, you'll find out that CVS makes copies of all changes, right up to the current ones, and therefore deletion is impossible.

The idea is easily transportable from the way the software world uses it to the ways it can be used in the other worlds, data, data entry, etc..

The important thing is file locks when you don't want some spurious user to overwrite a file and thus cause its deletion, intentional or by mistake.

In the CVS Repository system, even if the file is zeroed out and overwritten, all copies are never discarded, and, it keeps track of every change, in fact, it is by keeping track of the changes that it also saves space.

At least a look into the idea may provide you with a direction toward a better solution than simply backups.

Not that much really changes, even for large projects, and backing up 80 GB every night is sort of like replaying the same 20 movies over and over again, every day, when only one scene or program changes from day to day.  A differential system, akin to CVS, saves the changes, which barely amount to 1 GB, if that, over a day's work.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove system folder in W10 Home 5 60
windows 10 free update 45 129
Thin secure Windows 10 5 74
BOSD APC_INDEX_MISMATCH - who's the culprit ? 4 28
Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, ( because one time I did this and I essentially had a bricked …
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now