Solved

How could a small firm detect a large group of files being copied to USB or offsite device

Posted on 2015-01-21
2
119 Views
Last Modified: 2015-02-06
I am looking for an easy and cost effective way to be notified in the event that files are copied to a USB drive or other offsite device.  We have a Windows 2008 R2 server with a few file share folders and 10 users.  I would like to see a clean report of who access what file and when and see if mutiple files ever get copied to a USB drive.
0
Comment
Question by:dlafferty
2 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 40563631
well your qualifiers will not be covered by the following suggestion. Additional steps have to be taken for that.

1) enabling auditing on the shares, will record who accessed/modified/etc. files in the share.
2) using a GPO to disable storage based USB devices, will prevent recognition of USB devices in systems. Symantec end Point and possibly other enterprise type anti-virus/security include an option to record events i.e. usb storage insertion and file copying to it.
3) as to copying files offsite through the internet can only be controlled through the control of access to the internet (proxy server, etc. that limits the destination) the person can always email,
With the proliferation of cloud dropbox, etc.

One option is to use a document management system that requires individuals to check out documents.

Depending on your concern, there are other ways, printing it out, copying the screen, etc.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40563685
GPO audit trail is good for audit directory service access
http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28466783.html#a40168689

If it is Win8, 2012 above  then audit under Object Access, for Audit Removable Storage will be in GPO instead of directory access
Look for event 4663, which logs successful attempts to write to or read from a removable storage device. Failures will log event 4656. Both events include Task Category = Removable Storage device.
https://technet.microsoft.com/en-us/library/jj574128.aspx

Best will be data leakage s/w e.g. devicelock etc but that can be costly...

Other tools

- LastActivityView collects information and displays a log of actions made by the user and events occurred on this computer https://www.technibble.com/lastactivityview-create-a-log-of-the-last-actions-made-by-the-user/

- A few more tools listed in e.g. USB Security Suite, USBLogView, Right mgmt and Data leakager protection schemes
http://www.experts-exchange.com/Security/Misc/Q_28465859.html
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question