Can items copied off a Network be tracked

is it possible to track every item that is copied off the network or computer to an external device?
J.R. SitmanIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Natively, no. You can set up server auditing but I cannot find that document that it will tell if files were copied to an external device
0
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
it is possible if you create a log file for it when you're copying it.
Or probably with a third party software, but the regular is that is not trackable.
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Yes.

Use something like tshark, or similar tool. If there's not a decode plugin for your protocol + data you'll have to write one.

Then just run tshark on the device acting as network connection for your external device.

If you're using a NAS device, then be sure to run tshark on same LAN segment, to ensure you pickup all activity, rather than just partial activity.

Even simpler, just place data behind Apache + login for each user + capture Apache log data related to files of interest.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Dr. KlahnPrincipal Software EngineerCommented:
If Windows Explorer is used, maybe.  From a security standpoint, no.  Or at least it can be made very difficult.  Here's a counterexample.

Instead of using Windows Explorer to copy the file, write a program to do the copying.  Have it open 2,000 random files, read all of them, open equivalent files on the target device, but copy only the chosen one to the target device using direct I/O instead of the file system, and then send padding gibberish that will be rejected by the device but makes it look like the sent length is a different, longer file.

Now (a) Windows Explorer wasn't used, so you can't audit that, (b) the copying program read all the files so you don' t know which one it chose, (c) all those files were created on the target device to fill up your logs, (d) it has deliberately misled you about the length of the file it copied and (e) all you can say is that "the real file was shorter than this length."
0
McKnifeCommented:
Windows' auditing options offer to audit removable devices as a category, that is, setup auditing for future devices that are not even present at the moment. Have a look at https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-removable-storage
As client OS, you'd need windows 8.x or win10, win7 cannot do this.
0
Naveen SharmaCommented:
Implement Data Loss Prevention (DLP) technology which allow you to track your organization's sensitive data from where it is stored, where it is being sent and who is accessing it.

Below information may be helpful to you:

https://community.spiceworks.com/topic/937845-tracking-data-transfer-to-usb-device

Monitor the Use of Removable Storage Devices:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj574128(v=ws.11)

Tracking removable storage with the Windows Security Log:
https://www.ultimatewindowssecurity.com/blog/default.aspx?p=2a77fab3-d5ea-4c78-a187-864be1855f03

Enable auditing on Windows Server 2012:
https://www.lepide.com/how-to/enable-file-folder-access-auditing-windows-server-2012.html
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
J.R. SitmanIT DirectorAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.