Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: secure server

Hybrid View

  1. #1
    Senior Member
    Join Date
    Apr 2005
    Posts
    123

    secure server

    Hello everyone, i wonder if anyone can point me to the right direction.
    I want to create account profiles, so that i can control the users desktop, and limit there access to certain parts on there workstation, preventing also from using usb pen drivers, etc.
    And i also what to audit everthing that goes on the network.
    If anyone deletes a file, or folder, i would like to be noticed. I know this will creat an amount of log, but i need that.
    I want to prevent someone inside the company to be able to steal information, and if someone copys the information to a pen, i want to be noticed.
    Is there a software that is able to log all of this activity.
    Where can i find step by step to create user profiles?
    Thanks.
    My Best Regards

  2. #2
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    as far as doing most of what your looking for with restrictions and such you would probably want to use Active Directory. Now if cost is involved this may not be a good option as its expensive.

    The other option would be to use the local security policy provided in windows. It may not give you as much control and easily accessible logs as you may want but here is a link to that option

    https://www.microsoft.com/resources/....mspx?mfr=true

    as far as locking down ports. Im not sure if either of the 2 prior options provide that feature (Im sure someone else will know for sure) if they do not then you can try a program called "portslock" its a shareware program I never purchased the full version but the trial program was pretty nice for a local computer setup.

    http://www.devicelock.com/pl/

    hope that helps.
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

  3. #3
    As far as what's built into Windows, there is no way to log what files have been deleted by who...unless someone else here has discovered something I'm unaware of? I had this question come up some months back from a client and had to explain that without a third party solution, that level of logging cannot be done within Windows alone.

  4. #4
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Quote Originally Posted by AngelicKnight
    As far as what's built into Windows, there is no way to log what files have been deleted by who...unless someone else here has discovered something I'm unaware of? I had this question come up some months back from a client and had to explain that without a third party solution, that level of logging cannot be done within Windows alone.
    You are a better man than I. I have never been able to explain why I cant tell you who deleted what when.

    I've tried. Always get the same reaction - blank stare.

    So did the user understand, and if so - what did you say?
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  5. #5
    No, the user didn't understand until several attempts to drill it in (I remember she specifically said "I find that hard to believe"), but basically I explained that all security logging that takes place occurs in Event Viewer, which does not offer any options for logging when specific files are deleted by specific users (especially when the user is deleting something remotely via a network share). I assured her that the only way to create such an in-depth logging solution would be to go with a third party program -- and of course they were way too cheap-minded to consider such a thing.

    If memory serves correct, at the most you can sort of log file access attempts from users directly logged in to the server, and even that is a long shot.

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Wow

    I always thought you could do this with auditing???

    http://support.microsoft.com/kb/814595

    This step-by-step article describes how to use Windows Server 2003 auditing to track user activities and system-wide events in Active Directory.

    When you use Windows Server 2003 auditing, you can track both user activities and Windows Server 2003 activities which are named events, on a computer. When you use auditing, you can specify which events are written to the Security log. For example, the Security log can maintain a record of both valid and invalid logon attempts and events that relate to creating, opening, or deleting files or other objects. An audit entry in the Security log contains the following information: • The action that was performed.
    • The user who performed the action.
    • The success or failure of the event and the time that the event occurred.
    MLF
    Last edited by morganlefay; January 3rd, 2008 at 07:29 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    That would be darn handy...Does 2000 server have that feature too?

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    yeap...goes all the way back to NT 4.0

    although there was no AD...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    i know that windows log event will serve my needs, that's why im asking if you know a software that will log everything on the network, including what are the users doing with the shared informations, if are copying, or deleting, etc. Im not asking for a freeware software, i don't mind to pay for a good software, all i need is that he does everything i need.
    Like i said, need a software or something, that can log everything is going on the server, file deleted, copy,cut, everything. And another software or the same, that can "sniff" the network. I would love to have the ability to be noticed through mail, or a database ,if someone copy to a pen, or send by mail, or burn a cd, information from the server.

    I'm asking this to you, because a company that i work, a person started to work there with the intension of stealing information, and she did. So i want to close down everything i can.
    Thats why i need to limit the access to pen drivers, and to be noticed, when someone moves around information.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I would suggest that the first thing you need to do is sit down and define your security model.

    What users need to be able to do to perform their jobs and what they do not.

    Then lock them down as best you can, and log the rest. The problem with logging IMHO is that it is after the event and too late?

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  2. Covert Channels
    By hatebreed2000 in forum The Security Tutorials Forum
    Replies: 1
    Last Post: March 22nd, 2005, 09:31 AM
  3. Replies: 0
    Last Post: August 3rd, 2004, 05:32 PM
  4. Central Secure Logging in a Win2k Environment
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 5
    Last Post: March 4th, 2004, 05:00 PM
  5. Security Basics by Sharepro
    By Zato in forum Newbie Security Questions
    Replies: 3
    Last Post: December 24th, 2003, 08:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •