-
January 3rd, 2008, 08:09 PM
#11
i don't mind to pay for a good software
check out Vontu
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
January 3rd, 2008, 08:11 PM
#12
I would suggest that the first thing you need to do is sit down and define your security model.
What users need to be able to do to perform their jobs and what they do not.
Then lock them down as best you can, and log the rest. The problem with logging IMHO is that it is after the event and too late?
-
January 3rd, 2008, 08:19 PM
#13
Senior Member
i use arcserv tape backup, so even if someone deletes, and if im noticed by the system, i can always confirm if the data is supost to be deleted, and if not, i can restore the information
-
January 3rd, 2008, 08:22 PM
#14
You can use Group Policy to lock down the users systems...and what they can and cant do...
Auditing to track the users actions.
I would also define your security model as suggested and an AUP
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
January 13th, 2008, 12:47 PM
#15
Senior Member
I have configured GPO, increased security. But the users need access to the information and the still can send by email. I tried to download Vontu End Point Data Monitoring & Prevention, and Vontu Network Data & Prevention but there is no option that allows me to download, and i even registered.
I tried to contact vontu personnel, but my email returned saying that the email wasn't delivered.
Where can i get some vontu demo? And where can i buy it?
-
January 13th, 2008, 01:37 PM
#16
If you setup a syslog server, you can use snare to forward the Windows event logs. I've been looking into ossim as a way to collect all the data I want and then setup alerts based on the events logged.
I have a Cisco MARS box for logging important network events, but the number of systems I have to log surpasses the ability of my MARS. I could always implement more MARS, but it's expensive.
My initial testing with ossim has been great. However, I've only had about a week or so of testing before I had to drop everything for this huge project I've been working on of 3 weeks now.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
January 16th, 2008, 11:23 AM
#17
Originally Posted by yuris
i use arcserv tape backup, so even if someone deletes, and if im noticed by the system, i can always confirm if the data is supost to be deleted, and if not, i can restore the information
Doesn't work all the time.. Most use nightly backups, so if a user creates a document in the morning and it gets deleted in the afternoon there won't be any backup to restore.
One thing to note about File and Object auditing, it has a tendency to generate a HUGE amount of logging data.
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By hatebreed2000 in forum The Security Tutorials Forum
Replies: 1
Last Post: March 22nd, 2005, 09:31 AM
-
By nebulus200 in forum Other Tutorials Forum
Replies: 0
Last Post: August 3rd, 2004, 05:32 PM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 5
Last Post: March 4th, 2004, 05:00 PM
-
By Zato in forum Newbie Security Questions
Replies: 3
Last Post: December 24th, 2003, 08:25 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|