Solved

monitor unavuthorized access to laptop w/ Windows 7 pro

Posted on 2013-06-03
5
316 Views
Last Modified: 2013-06-09
Hi guys,

We have a new project which involved laptops which connects via VPN over 3G to the a centralized center of operations.

The client requests to be notified on any intrusion detection which may occur to this laptop (i.e. - USB mass storage device connection, Ethernet connection other than the pre-configured etc...)

Can you kindly recommend us on a product which is able to communicate with remote center - and which will notify in real-time on such breaches?

The laptops are running win 7 Pro x64.

Thanks in advance
0
Comment
Question by:IT_Group1
  • 3
5 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39217950
Symantec EndPoint Protection has the restriction that you want including notification.
The issue is that these laptops presumably are not domain based, i.e. each user may use their own laptop?

using SNMP with evntwin these can be configured to send out an SNMPTRAP to a specific target when an event you designate occurs. (event notification requires the presence of a connection as well as having an SNMPTRAPD server to which this will be sent.)

Configuring event log forwarding might also be an option to consider i.e. when the VPN is established, the eventlog data will be sync into the windows 2008 server.

As noted earlier the difficulty I see is whether the laptops are ever controlled by the person/entity requesting these types of notifications.  A more secure method would be to allow the laptop user access to a terminal server session ONLY while the terminal server is configured not to allow any Local storage/printer attachment.)
0
 

Author Comment

by:IT_Group1
ID: 39218161
Thank you Arnold.
I've forwarded your recommendations to our IT staff. Will get back if any other information will be necessary.
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 39218340
1) Devicelock
http://www.devicelock.com/products/features.html

Tamper Protection. Configurable DeviceLock Administrators feature prevents anyone from tampering with DeviceLock settings locally, even users that have local PC system administration privileges.

Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events

Network-Awareness. Administrators can define different online vs. offline security policies for the same user account. A reasonable and often necessary setting on a mobile user’s laptop, for example, is to disable WiFi when docked to the corporate network and enable it when undocked.

Alerting. DeviceLock provides both SNMP and SMTP based alerting capabilities driven by DeviceLock DLP endpoint events for real time notification of sensitive user activities on protected endpoints on the network.

2) Splunk (or SIEM) type based using the evt or evtx log send (as syslog or from snare agent) from the AD or even from the client standalone if need to

http://www.splunk.com/view/splunk-app-for-windows/SP-CAAAHTE

Monitor CPU, memory, network and disk utilization across one or more systems
Monitor Windows Update successful and failed packages, application installations and application crashes on hosts across your environment
Monitor all Windows event logs across your environment, including Application, System and Security

Likewise Splunk has a Enterprise App security from most security device deployed within the Enterprise, pls see below
http://docs.splunk.com/Documentation/ES/2.4/CreateTA/Out-of-the-boxsourcetypes

E.g. OSSEC which has intrusion alert flagged centrally to Splunk as overall @ http://docs.splunk.com/Documentation/ES/latest/CreateTA/Example2OSSEC
0
 

Author Comment

by:IT_Group1
ID: 39232590
Guys, thanks for all the alternatives.
We still haven't decided, so for now I'll grant the point evenly.
0
 

Author Closing Comment

by:IT_Group1
ID: 39232592
Very good, thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question