Solved

monitor unavuthorized access to laptop w/ Windows 7 pro

Posted on 2013-06-03
5
322 Views
Last Modified: 2013-06-09
Hi guys,

We have a new project which involved laptops which connects via VPN over 3G to the a centralized center of operations.

The client requests to be notified on any intrusion detection which may occur to this laptop (i.e. - USB mass storage device connection, Ethernet connection other than the pre-configured etc...)

Can you kindly recommend us on a product which is able to communicate with remote center - and which will notify in real-time on such breaches?

The laptops are running win 7 Pro x64.

Thanks in advance
0
Comment
Question by:IT_Group1
  • 3
5 Comments
 
LVL 78

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39217950
Symantec EndPoint Protection has the restriction that you want including notification.
The issue is that these laptops presumably are not domain based, i.e. each user may use their own laptop?

using SNMP with evntwin these can be configured to send out an SNMPTRAP to a specific target when an event you designate occurs. (event notification requires the presence of a connection as well as having an SNMPTRAPD server to which this will be sent.)

Configuring event log forwarding might also be an option to consider i.e. when the VPN is established, the eventlog data will be sync into the windows 2008 server.

As noted earlier the difficulty I see is whether the laptops are ever controlled by the person/entity requesting these types of notifications.  A more secure method would be to allow the laptop user access to a terminal server session ONLY while the terminal server is configured not to allow any Local storage/printer attachment.)
0
 

Author Comment

by:IT_Group1
ID: 39218161
Thank you Arnold.
I've forwarded your recommendations to our IT staff. Will get back if any other information will be necessary.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 39218340
1) Devicelock
http://www.devicelock.com/products/features.html

Tamper Protection. Configurable DeviceLock Administrators feature prevents anyone from tampering with DeviceLock settings locally, even users that have local PC system administration privileges.

Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events

Network-Awareness. Administrators can define different online vs. offline security policies for the same user account. A reasonable and often necessary setting on a mobile user’s laptop, for example, is to disable WiFi when docked to the corporate network and enable it when undocked.

Alerting. DeviceLock provides both SNMP and SMTP based alerting capabilities driven by DeviceLock DLP endpoint events for real time notification of sensitive user activities on protected endpoints on the network.

2) Splunk (or SIEM) type based using the evt or evtx log send (as syslog or from snare agent) from the AD or even from the client standalone if need to

http://www.splunk.com/view/splunk-app-for-windows/SP-CAAAHTE

Monitor CPU, memory, network and disk utilization across one or more systems
Monitor Windows Update successful and failed packages, application installations and application crashes on hosts across your environment
Monitor all Windows event logs across your environment, including Application, System and Security

Likewise Splunk has a Enterprise App security from most security device deployed within the Enterprise, pls see below
http://docs.splunk.com/Documentation/ES/2.4/CreateTA/Out-of-the-boxsourcetypes

E.g. OSSEC which has intrusion alert flagged centrally to Splunk as overall @ http://docs.splunk.com/Documentation/ES/latest/CreateTA/Example2OSSEC
0
 

Author Comment

by:IT_Group1
ID: 39232590
Guys, thanks for all the alternatives.
We still haven't decided, so for now I'll grant the point evenly.
0
 

Author Closing Comment

by:IT_Group1
ID: 39232592
Very good, thanks
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question