Solved

monitor unavuthorized access to laptop w/ Windows 7 pro

Posted on 2013-06-03
5
309 Views
Last Modified: 2013-06-09
Hi guys,

We have a new project which involved laptops which connects via VPN over 3G to the a centralized center of operations.

The client requests to be notified on any intrusion detection which may occur to this laptop (i.e. - USB mass storage device connection, Ethernet connection other than the pre-configured etc...)

Can you kindly recommend us on a product which is able to communicate with remote center - and which will notify in real-time on such breaches?

The laptops are running win 7 Pro x64.

Thanks in advance
0
Comment
Question by:IT_Group1
  • 3
5 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39217950
Symantec EndPoint Protection has the restriction that you want including notification.
The issue is that these laptops presumably are not domain based, i.e. each user may use their own laptop?

using SNMP with evntwin these can be configured to send out an SNMPTRAP to a specific target when an event you designate occurs. (event notification requires the presence of a connection as well as having an SNMPTRAPD server to which this will be sent.)

Configuring event log forwarding might also be an option to consider i.e. when the VPN is established, the eventlog data will be sync into the windows 2008 server.

As noted earlier the difficulty I see is whether the laptops are ever controlled by the person/entity requesting these types of notifications.  A more secure method would be to allow the laptop user access to a terminal server session ONLY while the terminal server is configured not to allow any Local storage/printer attachment.)
0
 

Author Comment

by:IT_Group1
ID: 39218161
Thank you Arnold.
I've forwarded your recommendations to our IT staff. Will get back if any other information will be necessary.
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 39218340
1) Devicelock
http://www.devicelock.com/products/features.html

Tamper Protection. Configurable DeviceLock Administrators feature prevents anyone from tampering with DeviceLock settings locally, even users that have local PC system administration privileges.

Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events

Network-Awareness. Administrators can define different online vs. offline security policies for the same user account. A reasonable and often necessary setting on a mobile user’s laptop, for example, is to disable WiFi when docked to the corporate network and enable it when undocked.

Alerting. DeviceLock provides both SNMP and SMTP based alerting capabilities driven by DeviceLock DLP endpoint events for real time notification of sensitive user activities on protected endpoints on the network.

2) Splunk (or SIEM) type based using the evt or evtx log send (as syslog or from snare agent) from the AD or even from the client standalone if need to

http://www.splunk.com/view/splunk-app-for-windows/SP-CAAAHTE

Monitor CPU, memory, network and disk utilization across one or more systems
Monitor Windows Update successful and failed packages, application installations and application crashes on hosts across your environment
Monitor all Windows event logs across your environment, including Application, System and Security

Likewise Splunk has a Enterprise App security from most security device deployed within the Enterprise, pls see below
http://docs.splunk.com/Documentation/ES/2.4/CreateTA/Out-of-the-boxsourcetypes

E.g. OSSEC which has intrusion alert flagged centrally to Splunk as overall @ http://docs.splunk.com/Documentation/ES/latest/CreateTA/Example2OSSEC
0
 

Author Comment

by:IT_Group1
ID: 39232590
Guys, thanks for all the alternatives.
We still haven't decided, so for now I'll grant the point evenly.
0
 

Author Closing Comment

by:IT_Group1
ID: 39232592
Very good, thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now