mailing list archives
Re: monitoring acess to servers
From: Enrico <enricosec () yahoo com br>
Date: Sun, 17 Oct 2010 13:23:49 -0200
Em 13/10/2010 15:34, danuxx () gmail com escreveu:
You might want to check a DLP (data leak prevention) solution offered by AVs companies.
Sent via BlackBerry from Danux Network
From: Alexander Klimov<alserkli () inbox ru>
Sender: listbounce () securityfocus com
Date: Mon, 11 Oct 2010 15:54:01
To:<security-basics () securityfocus com>
Subject: Re: monitoring acess to servers
On Tue, 14 Sep 2010, Juan B wrote:
I was hired to by an owner of a company, he gave me a task, he wants
to monitor access to few folders on few file servers (windows) he
has there some confidential information, the things gets a bite
complicated couse he wants to monitor also and be alerted if the sys
admins access the folders so Im looking for a solution
(product/software??) that will read the logs of a server and export
it say to a remote server where the admins dont have access to and
also will send a mail to the owner of the company if someone access
a specific folder in that server. the process should work so that
the sys admins cant modify those logs, I know its problematic but I
must find a solution, and also I can come with a solution that cost
1 million dollar couse the owner wont implement a thing. also any
insights about that kind of a project are most welcomed ( gaps, how
long it takes to implement, etc).
Access monitoring can be bypassed because the data which is so
important is likely to be regularly backed up (by admins, I guess).
Once it is backed up to external media, it can be accessed without
triggering the alerts.
Why not simply encrypt the data and distribute keys only to people who
needs access (no to admins)?
With a DLP software you can take all the hashs of the files on that
server or folders and monitor where that files are being sent by who and
you will have the backup problem pointed out. An implemntation of a
complete DLP solution, acording to the more optimistic vendors can take
a year, Gartner talks about at least two years to have the first results
and says that this kind of technology will be mature by 2015. I would
say definitly that a DLP soulution is not the way to go here.
There are also encryption solutions (like Mcafee encryption suits) that
provide remote folder encryption, even those solutions have features
like key recovery, that will allow an admin to have access to the
encryption keys when a user forget it. These are all complex and
expensive soultions. You can also go for truecrypt, an open sorce with
will allow you to encrypt a volume, this solution does not provide
recovery keys. The only problem is how you will exchange de encryption
keys, because if you send by e-mail the admins can get the keys as well.
So what I would try before going for a more robust solution is:
1) Install truecrypt.
2) Create an encrypted volume.
3) When truecrypt asks you to enter the encryption key tell your boss to
enter a strong key.
4) Tell him that the only way someone can access the data in the volume
is by knowing this key and there is no way to recover the key, so he
will have to take care of that.
5) Ask him not to store this key anywhere in the company.
6) If he needs someone else to access the volume ask him to communicate
the encryption key by phone, which is not monitored by the admins and
will not leave any trace, make sure no one is listening. The problem is
how many people will have to have this key as this solution doesn't
scale and doesn't provide a secure way of exchanging the key.
PS.: you will have to find a way to store the encrypted volume in a
network file folder.
Fale com seus amigos de graça com o novo Yahoo! Messenger
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.