Security Basics mailing list archives
Re: Monitoring sys admins activities
From: Rolf Huisman <r.l.r.huisman () gmail com>
Date: Wed, 15 Sep 2010 08:28:51 +0200
Dear julian, Monitoring a file, means you need something guarding the file the owner trusts enough. That thing guarding it, could be a system, administrator, 3rd party or himself. If he trusts a, he can use b: System, access logs Administrators, their access logs 3rd party, access logs of a remote storage provider Himself, encrypt the data so only he can read the data or build and run his own fileserver. So, its not really solvable in a real usable way. However, the reason behind this question is usually that the owner is worried about the customer database (or similar) being copied. A nice trick for that is to add dummy values and addresses in them that you monitor. If someone sends a mail to that address: bingo, you sue them. If your firewall sees that special dummy guid: trip mine, drop the connection, alert the admins. With regards, Rolf Huisman Op 13 sep. 2010 om 23:40 heeft Juan B <juanbabi () yahoo com> het volgende geschreven:
Hi Great list members !! I was hired to by an owner of a company, he gave me a task, he wants to monitor access to few folders on few file servers (windows) he has there some confidential information, the things gets a bite complicated couse he wants to monitor also and be alerted if the sys admins access the folders so Im looking for a solution (product/software??) that will read the logs of a server and export it say to a remote server where the admins dont have access to and also will send a mail to the owner of the company if someone access a specific folder in that server. the process should work so that the sys admins cant modify those logs, I know its problematic but I must find a solution, and also I can come with a solution that cost 1 million dollar couse the owner wont implement a thing. also any insights about that kind of a project are most welcomed ( gaps, how long it takes to implement, etc). also I talked to the sys admins in the site, there are not against this kind of project, they want to be monitored so if a problem happens they say that the logs will tell that they didnt were the guys that coused the problem. thanks for your help!! Juan ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Monitoring sys admins activities Juan B (Sep 14)
- Re: Monitoring sys admins activities Rolf Huisman (Sep 15)
- <Possible follow-ups>
- Re: Monitoring sys admins activities krymson (Sep 14)
- Re: Monitoring sys admins activities Fred Concklin (Sep 15)
- Re: Monitoring sys admins activities Ali Demiröz (Sep 15)
- Re: Monitoring sys admins activities Champ Clark III [Softwink] (Sep 16)