Security Basics mailing list archives
RE: Network Folder Security
From: Anthony J Placilla <anthony_placilla () suth com>
Date: Fri, 05 May 2006 08:01:50 -0400
On Thu, 2006-05-04 at 18:00 -0400, Kevin Wetzel wrote:
Load ntsyslog and send all auditing events to a linux system and review that instead of your logs. Its "nearly" invisible. That way you can see who did it on your syslog server even if they delete the windows logs on the server... Kevin Wetzel ISP Toolz http://www.isptoolz.com/ P 202-558-4061 F 202-478-0781How familiar are you with enabling and configuring event auditing? That will cause selected events to be recorded in the Security Event Log. [If the perpetrator is using an administrator account, they can purge the logs, but it should be pretty obvious that they have done so....] David Gillett-----Original Message----- From: Ruiz, Rolando [mailto:rolando_ruiz () jetaviation com] Sent: Wednesday, May 03, 2006 1:28 PM To: gillettdavid () fhda edu; john () johnmachell wanadoo co uk; security-basics () securityfocus com Subject: Network Folder Security Hello security community, I wonder if anyone can help me police my own staff. I find that changes happen to folder security after they have been set. Someone is obviously going in there and changing things and not confessing that they have. I suspect there is a disgruntle employee or two making these changes. Is there a way (easy or difficult) to see who has made changes to a folder's security settings? Regards, Rolando Ruiz
Another option is to set up a Snare client on the box http://www.intersectalliance.com/projects/SnareWindows/ and point the logs to your favorite syslog server for analysis -- Tony Placilla, RHCT anthony_placilla () suth com Sr. InfoSec Architect GPG-Key-ID: 1024D/C78F8B64 http://pgp.mit.edu Key fingerprint = A8D5 7AFF CE88 4179 C792 D9A9 F197 2A15 C78F 8B64
Current thread:
- Network Folder Security Ruiz, Rolando (May 04)
- RE: Network Folder Security David Gillett (May 04)
- RE: Network Folder Security Kevin Wetzel (May 04)
- RE: Network Folder Security Anthony J Placilla (May 05)
- RE: Network Folder Security Kevin Wetzel (May 04)
- Re: Network Folder Security Raoul Armfield (May 08)
- Re: Network Folder Security Bill Cullen (May 16)
- RE: Network Folder Security David Gillett (May 04)