Re: Monitoring sys admins activities

[Rolf Huisman <r.l.r.huisman () gmail com>]

Dear julian,

Monitoring a file, means you need something guarding the file the owner trusts enough.
That thing guarding it, could be a system, administrator, 3rd party or himself.
If he trusts a, he can use b:
   System, access logs
   Administrators, their access logs
    3rd party, access logs of a remote storage provider
   Himself, encrypt the data so only he can read the data or build and run his own fileserver.

So, its not really solvable in a real usable way.
However, the reason behind this question is usually that the owner is worried about the customer database (or similar) 
being copied. A nice trick for that is to add dummy values and addresses in them that you monitor. If someone sends a 
mail to that address: bingo, you sue them. If your firewall sees that special dummy guid: trip mine, drop the 
connection, alert the admins.  

With regards,

Rolf Huisman

Op 13 sep. 2010 om 23:40 heeft Juan B <juanbabi () yahoo com> het volgende geschreven:

> Hi Great list members !!  
>
> I was hired to by an owner of a company, he gave me a task, he wants to monitor access to few folders on few file 
> servers (windows) he has there some confidential information, the things gets a bite complicated couse he wants to 
> monitor also and be alerted if the sys admins access the folders so Im looking for a solution (product/software??) 
> that will read the logs of a server and export it say to a remote server where the admins dont have access to and 
> also will send a mail to the owner of the company if someone access a specific folder in that server. the process 
> should work so that the sys admins cant modify those logs, I know its problematic but I must find a solution, and 
> also I can come with a solution that cost 1 million dollar couse the owner wont implement a thing. also any insights 
> about that kind of a project are most welcomed ( gaps, how long it takes to implement, etc).  
>
> also I talked to the sys admins in the site, there are not against this kind of project, they want to be monitored so 
> if a problem happens they say that the logs will tell that they didnt were the guys that coused the problem.  
>
> thanks for your help!!  
>
> Juan
>
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------