Home page logo

basics logo Security Basics mailing list archives

Re: monitoring acess to servers
From: Enrico <enricosec () yahoo com br>
Date: Sun, 17 Oct 2010 13:23:49 -0200

Em 13/10/2010 15:34, danuxx () gmail com escreveu:
You might want to check a DLP (data leak prevention) solution offered by AVs companies.
Sent via BlackBerry from Danux Network

-----Original Message-----
From: Alexander Klimov<alserkli () inbox ru>
Sender: listbounce () securityfocus com
Date: Mon, 11 Oct 2010 15:54:01
To:<security-basics () securityfocus com>
Subject: Re: monitoring acess to servers

On Tue, 14 Sep 2010, Juan B wrote:
I was hired to by an owner of a company, he gave me a task, he wants
to monitor access to few folders on few file servers (windows) he
has there some confidential information, the things gets a bite
complicated couse he wants to monitor also and be alerted if the sys
admins access the folders so Im looking for a solution
(product/software??) that will read the logs of a server and export
it say to a remote server where the admins dont have access to and
also will send a mail to the owner of the company if someone access
a specific folder in that server. the process should work so that
the sys admins cant modify those logs, I know its problematic but I
must find a solution, and also I can come with a solution that cost
1 million dollar couse the owner wont implement a thing. also any
insights about that kind of a project are most welcomed ( gaps, how
long it takes to implement, etc).
Access monitoring can be bypassed because the data which is so
important is likely to be regularly backed up (by admins, I guess).
Once it is backed up to external media, it can be accessed without
triggering the alerts.

Why not simply encrypt the data and distribute keys only to people who
needs access (no to admins)?

With a DLP software you can take all the hashs of the files on that server or folders and monitor where that files are being sent by who and you will have the backup problem pointed out. An implemntation of a complete DLP solution, acording to the more optimistic vendors can take a year, Gartner talks about at least two years to have the first results and says that this kind of technology will be mature by 2015. I would say definitly that a DLP soulution is not the way to go here.

There are also encryption solutions (like Mcafee encryption suits) that provide remote folder encryption, even those solutions have features like key recovery, that will allow an admin to have access to the encryption keys when a user forget it. These are all complex and expensive soultions. You can also go for truecrypt, an open sorce with will allow you to encrypt a volume, this solution does not provide recovery keys. The only problem is how you will exchange de encryption keys, because if you send by e-mail the admins can get the keys as well.

So what I would try before going for a  more robust solution is:

1) Install truecrypt.
2) Create an encrypted volume.
3) When truecrypt asks you to enter the encryption key tell your boss to enter a strong key. 4) Tell him that the only way someone can access the data in the volume is by knowing this key and there is no way to recover the key, so he will have to take care of that.
5) Ask him  not to store this key anywhere in the company.
6) If he needs someone else to access the volume ask him to communicate the encryption key by phone, which is not monitored by the admins and will not leave any trace, make sure no one is listening. The problem is how many people will have to have this key as this solution doesn't scale and doesn't provide a secure way of exchanging the key.

PS.: you will have to find a way to store the encrypted volume in a network file folder.

Fale com seus amigos de gra├ža com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]