• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

monitor unavuthorized access to laptop w/ Windows 7 pro

Hi guys,

We have a new project which involved laptops which connects via VPN over 3G to the a centralized center of operations.

The client requests to be notified on any intrusion detection which may occur to this laptop (i.e. - USB mass storage device connection, Ethernet connection other than the pre-configured etc...)

Can you kindly recommend us on a product which is able to communicate with remote center - and which will notify in real-time on such breaches?

The laptops are running win 7 Pro x64.

Thanks in advance
0
IT_Group1
Asked:
IT_Group1
  • 3
2 Solutions
 
arnoldCommented:
Symantec EndPoint Protection has the restriction that you want including notification.
The issue is that these laptops presumably are not domain based, i.e. each user may use their own laptop?

using SNMP with evntwin these can be configured to send out an SNMPTRAP to a specific target when an event you designate occurs. (event notification requires the presence of a connection as well as having an SNMPTRAPD server to which this will be sent.)

Configuring event log forwarding might also be an option to consider i.e. when the VPN is established, the eventlog data will be sync into the windows 2008 server.

As noted earlier the difficulty I see is whether the laptops are ever controlled by the person/entity requesting these types of notifications.  A more secure method would be to allow the laptop user access to a terminal server session ONLY while the terminal server is configured not to allow any Local storage/printer attachment.)
0
 
IT_Group1Author Commented:
Thank you Arnold.
I've forwarded your recommendations to our IT staff. Will get back if any other information will be necessary.
0
 
btanExec ConsultantCommented:
1) Devicelock
http://www.devicelock.com/products/features.html

Tamper Protection. Configurable DeviceLock Administrators feature prevents anyone from tampering with DeviceLock settings locally, even users that have local PC system administration privileges.

Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events

Network-Awareness. Administrators can define different online vs. offline security policies for the same user account. A reasonable and often necessary setting on a mobile user’s laptop, for example, is to disable WiFi when docked to the corporate network and enable it when undocked.

Alerting. DeviceLock provides both SNMP and SMTP based alerting capabilities driven by DeviceLock DLP endpoint events for real time notification of sensitive user activities on protected endpoints on the network.

2) Splunk (or SIEM) type based using the evt or evtx log send (as syslog or from snare agent) from the AD or even from the client standalone if need to

http://www.splunk.com/view/splunk-app-for-windows/SP-CAAAHTE

Monitor CPU, memory, network and disk utilization across one or more systems
Monitor Windows Update successful and failed packages, application installations and application crashes on hosts across your environment
Monitor all Windows event logs across your environment, including Application, System and Security

Likewise Splunk has a Enterprise App security from most security device deployed within the Enterprise, pls see below
http://docs.splunk.com/Documentation/ES/2.4/CreateTA/Out-of-the-boxsourcetypes

E.g. OSSEC which has intrusion alert flagged centrally to Splunk as overall @ http://docs.splunk.com/Documentation/ES/latest/CreateTA/Example2OSSEC
0
 
IT_Group1Author Commented:
Guys, thanks for all the alternatives.
We still haven't decided, so for now I'll grant the point evenly.
0
 
IT_Group1Author Commented:
Very good, thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now