check out VontuQuote:
i don't mind to pay for a good software
Printable View
check out VontuQuote:
i don't mind to pay for a good software
I would suggest that the first thing you need to do is sit down and define your security model.
What users need to be able to do to perform their jobs and what they do not.
Then lock them down as best you can, and log the rest. The problem with logging IMHO is that it is after the event and too late?
i use arcserv tape backup, so even if someone deletes, and if im noticed by the system, i can always confirm if the data is supost to be deleted, and if not, i can restore the information
You can use Group Policy to lock down the users systems...and what they can and cant do...
Auditing to track the users actions.
I would also define your security model as suggested and an AUP
MLF
I have configured GPO, increased security. But the users need access to the information and the still can send by email. I tried to download Vontu End Point Data Monitoring & Prevention, and Vontu Network Data & Prevention but there is no option that allows me to download, and i even registered.
I tried to contact vontu personnel, but my email returned saying that the email wasn't delivered.
Where can i get some vontu demo? And where can i buy it?
If you setup a syslog server, you can use snare to forward the Windows event logs. I've been looking into ossim as a way to collect all the data I want and then setup alerts based on the events logged.
I have a Cisco MARS box for logging important network events, but the number of systems I have to log surpasses the ability of my MARS. I could always implement more MARS, but it's expensive.
My initial testing with ossim has been great. However, I've only had about a week or so of testing before I had to drop everything for this huge project I've been working on of 3 weeks now.
Doesn't work all the time.. Most use nightly backups, so if a user creates a document in the morning and it gets deleted in the afternoon there won't be any backup to restore.Quote:
Originally Posted by yuris
One thing to note about File and Object auditing, it has a tendency to generate a HUGE amount of logging data.