Security Basics mailing list archives
Suspicious Activity Monitoring
From: "Jason T. Hallahan" <jthallah () gmail com>
Date: Tue, 27 Jun 2006 16:01:47 -0400
Hello and good day list, I am wondering if there are any products, techniques or ideas out there on how to monitor a remote system (let's start with Windows) in a networked environment (let's assume Active Directory/Domain) in order to detect any of the following activity which may or may not be malicious. For instance: 1) Activating EFS (Encryption) in Windows and encrypting files or folders. 2) Hiding Files/Directories whether they belong to user or system. 3) Unmasking a hidden File/Directory belonging to the system. 4) Removal of Read-Only protection on a File/Directory/Media. 5) Mounting/Unmounting a USB Thumb Drive. Anybody out there have any ideas or experience on this topic? Thanks, Jason --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Suspicious Activity Monitoring Jason T. Hallahan (Jun 27)
- <Possible follow-ups>
- Re: Suspicious Activity Monitoring john . fellers (Jun 28)