January 3rd, 2008, 08:09 PM
check out Vontu
i don't mind to pay for a good software
The object of war is not to die for your country but to make the other bastard die for his - George Patton
January 3rd, 2008, 08:11 PM
I would suggest that the first thing you need to do is sit down and define your security model.
What users need to be able to do to perform their jobs and what they do not.
Then lock them down as best you can, and log the rest. The problem with logging IMHO is that it is after the event and too late?
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
January 3rd, 2008, 08:19 PM
i use arcserv tape backup, so even if someone deletes, and if im noticed by the system, i can always confirm if the data is supost to be deleted, and if not, i can restore the information
January 3rd, 2008, 08:22 PM
You can use Group Policy to lock down the users systems...and what they can and cant do...
Auditing to track the users actions.
I would also define your security model as suggested and an AUP
How people treat you is their karma- how you react is yours-Wayne Dyer
January 13th, 2008, 12:47 PM
I have configured GPO, increased security. But the users need access to the information and the still can send by email. I tried to download Vontu End Point Data Monitoring & Prevention, and Vontu Network Data & Prevention but there is no option that allows me to download, and i even registered.
I tried to contact vontu personnel, but my email returned saying that the email wasn't delivered.
Where can i get some vontu demo? And where can i buy it?
January 13th, 2008, 01:37 PM
If you setup a syslog server, you can use snare to forward the Windows event logs. I've been looking into ossim as a way to collect all the data I want and then setup alerts based on the events logged.
I have a Cisco MARS box for logging important network events, but the number of systems I have to log surpasses the ability of my MARS. I could always implement more MARS, but it's expensive.
My initial testing with ossim has been great. However, I've only had about a week or so of testing before I had to drop everything for this huge project I've been working on of 3 weeks now.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
January 16th, 2008, 11:23 AM
Doesn't work all the time.. Most use nightly backups, so if a user creates a document in the morning and it gets deleted in the afternoon there won't be any backup to restore.
Originally Posted by yuris
One thing to note about File and Object auditing, it has a tendency to generate a HUGE amount of logging data.
Experience is something you don't get until just after you need it.
By ThePreacher in forum Miscellaneous Security Discussions
Last Post: December 14th, 2006, 09:37 PM
By hatebreed2000 in forum The Security Tutorials Forum
Last Post: March 22nd, 2005, 09:31 AM
By nebulus200 in forum Other Tutorials Forum
Last Post: August 3rd, 2004, 06:32 PM
By Tiger Shark in forum The Security Tutorials Forum
Last Post: March 4th, 2004, 05:00 PM
By Zato in forum Newbie Security Questions
Last Post: December 24th, 2003, 08:25 PM