[Webinar] Streamline your web hosting managementRegister Today


Securing Company Data From Sabotage

Posted on 2006-06-26
Medium Priority
Last Modified: 2008-03-03
Hi all,

Just wondering how most people go about securing their important data from sabotage.  I watch over an office of about 30 workstations and almost everyone has access to almost everything (about 80 GBs worth of data on the server).  It has to be full access for just about everyone because they all need to create, edit, delete, the whole shabang, in just about every subdirectory.  The file server is running win2003 server enterprise ed. and setup as a domain controller.  I am doing rotational backups on 15 external hdds (2 backups per drive).  I have installed Undelete on the server so that all deletions from workstations are caught in a recovery bin.  As far as I can see, I still have one security hole.....If someone wanted to do some sabotage, they could open up files, clear the data and save as the same file name.  It wouldn't be a deletion, therfore it would not get caught in the recovery bin.  If these files went unnoticed for 6 weeks, the backup would be overwritten and the files would be lost forever.

Any ideas of how to get around this?

Thanks in advance
Question by:1bigboomstick
LVL 57

Expert Comment

ID: 16989345
Is your company under any type of goverenment or industry regulation?

Daily/Weekly/Monthly audit reports.  Reading the data and verifying that it is within defined limits.

There is nothing you can do other than this.  Even if you only had 2 employee's and 1 file.  If one of them wanted to  sabotage the data, they could do it.  It could be seconds, minutes, hours, days, weeks, months before somebody notices.

Do they really need to change the files?  If so, they you should look into some type of logging function.  What type of files are they?  

Author Comment

ID: 16989512
Company is not under any regulation.

How do I setup audit reports?

Yes they do need to change the files; and they are mostly .dwg files from AutoCAD and MicroSurvey files.  Drawings are constantly being created and modified by different employees.

Accepted Solution

VortexAdmin earned 172 total points
ID: 16989551
You should have longer back up periods than 6 weeks, even if just for legal reasons.  What if an employee leaves the company then sues them over something and data is evidence, you can only go back 6 weeks.  A lawyer can't even file a brief in 6 weeks.  You should have a full backup tape from the end of the month taken offsite and stored, or at least end of the quarter.  Costs are minimal and if you really had to go back to find something from last year, you'll have it.

As for sabotage specifically, that's what all the content management software is for that everyone's getting into these days.  I've researched and tested some for some attorney clients but I could see it's value for any client.  By using the server (software) when an employee opens up a file, it records who opened it, what time they opened it, size of file, all kinds of details. You can have versioning so even if employee A changes a file, it'll keep the copy employee B made and the original, etc.  It's almost endless what it can track as long as your server and software budget is endless too.

The biggest downsides are costs and training.  The packages I've seen are expensive but most are component built meaning you can get some functions and leave out others you don't need (ie, tracking in Exchange, but not anything else, etc.)  I'm know there's other software that's cheaper and does similar things, perhaps on a smaller scale that would fit your needs.  Start here: http://www.hummingbird.com/products/docsopen/index.html

Hummingbird bought PCDOCS which was one of the most popular packages for law firms and they've expanded to cover more than just the legal industry.  Learn what it does and what you need then look around for a solution that's a better fit for your company and within your budget.  

Good luck!
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 57

Expert Comment

ID: 16989567
Umm.  Well the dwg files are these are graphic files, so there is no real audit report.  I am not sure about the MicroSurvey files.  I was thinking of text type files or databases.

What do you do for disaster recovery?  Ever hear of tape?  I would suggest some type of tape backup (multiple tapes) that you keep longer and keep it offsite, this way you can recover from almost anything.

Do daily tape backups and keep them for say 14 days onsite and do a weekly and keep for 8 weeks offsite and then also do a monthly and keep offsite for a year. You may miss some revisions, but you could go back a year to get something.  If you have a major disaster, then you can go back at most 1 week to recover everything.

If you need to recover document more recent than one week, then you need to send daily backups offsite.  Instead of tape, you could use offsite DASD and do file transfers daily.

Expert Comment

ID: 16993074
Just a couple of ideas...
 - backups are great, and perhaps you can have two backup schedules: one weekly(?), and one monthly... so you have a comprehensive short-term backup, as well as longer-term "master" backups.
 - logs are also good... if you log everything a user does, not that you need it, but if something happens you can atleast investigate what happened.

Assisted Solution

BooneSaysHi earned 164 total points
ID: 17005678
Since you are using Win2003 server you could set up the Volume Shadow Copy Service on the network shares that these files are located in.  This service copies the file deltas any time a file is modified. The service checks for file changes on a set schedule but in the the example provided this would prevent the sabotage in the short term.  If the VSCS service was allocated enough storage space the file version history would go back several months.  Also you would need to implement monthly and weekly backups into your rotation as the previous posters have pointed out.
LVL 12

Assisted Solution

GinEric earned 164 total points
ID: 17009212
You really need some form of Versioning software with file locks.

If you go take a read and see how CVS [Concurrent Versioning System] does exactly what you're trying to accomplish, you'll find out that CVS makes copies of all changes, right up to the current ones, and therefore deletion is impossible.

The idea is easily transportable from the way the software world uses it to the ways it can be used in the other worlds, data, data entry, etc..

The important thing is file locks when you don't want some spurious user to overwrite a file and thus cause its deletion, intentional or by mistake.

In the CVS Repository system, even if the file is zeroed out and overwritten, all copies are never discarded, and, it keeps track of every change, in fact, it is by keeping track of the changes that it also saves space.

At least a look into the idea may provide you with a direction toward a better solution than simply backups.

Not that much really changes, even for large projects, and backing up 80 GB every night is sort of like replaying the same 20 movies over and over again, every day, when only one scene or program changes from day to day.  A differential system, akin to CVS, saves the changes, which barely amount to 1 GB, if that, over a day's work.

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question