• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 132
  • Last Modified:

How could a small firm detect a large group of files being copied to USB or offsite device

I am looking for an easy and cost effective way to be notified in the event that files are copied to a USB drive or other offsite device.  We have a Windows 2008 R2 server with a few file share folders and 10 users.  I would like to see a clean report of who access what file and when and see if mutiple files ever get copied to a USB drive.
0
dlafferty
Asked:
dlafferty
1 Solution
 
arnoldCommented:
well your qualifiers will not be covered by the following suggestion. Additional steps have to be taken for that.

1) enabling auditing on the shares, will record who accessed/modified/etc. files in the share.
2) using a GPO to disable storage based USB devices, will prevent recognition of USB devices in systems. Symantec end Point and possibly other enterprise type anti-virus/security include an option to record events i.e. usb storage insertion and file copying to it.
3) as to copying files offsite through the internet can only be controlled through the control of access to the internet (proxy server, etc. that limits the destination) the person can always email,
With the proliferation of cloud dropbox, etc.

One option is to use a document management system that requires individuals to check out documents.

Depending on your concern, there are other ways, printing it out, copying the screen, etc.
0
 
btanExec ConsultantCommented:
GPO audit trail is good for audit directory service access
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28466783.html#a40168689

If it is Win8, 2012 above  then audit under Object Access, for Audit Removable Storage will be in GPO instead of directory access
Look for event 4663, which logs successful attempts to write to or read from a removable storage device. Failures will log event 4656. Both events include Task Category = Removable Storage device.
https://technet.microsoft.com/en-us/library/jj574128.aspx

Best will be data leakage s/w e.g. devicelock etc but that can be costly...

Other tools

- LastActivityView collects information and displays a log of actions made by the user and events occurred on this computer https://www.technibble.com/lastactivityview-create-a-log-of-the-last-actions-made-by-the-user/

- A few more tools listed in e.g. USB Security Suite, USBLogView, Right mgmt and Data leakager protection schemes
http://www.experts-exchange.com/Security/Misc/Q_28465859.html
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now