Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Detecting File Alteration

From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Wed, 6 Sep 2006 16:15:58 -0400
Mister Dookie wrote:

Yes. Windows is preferred since we are trying to deploy host
integrity monitoring within an Active Directory (AD) environment. GPL
Tripwire is available for UNIX. Basically what we are trying to do is
if we have a sensitive file "TradeSecrets.pdf" or "Salaries.xls"
located either on a shared drive or local/remote drive, we want to
monitor if that file gets DELETED, RENAMED, COPIED, or MOVED either
within the file system or to an external drive. Systernals' REGMON
and FILEMON in combination achieve much of this with some manual
parsing and sorting, but I was just wondering if there was a better
solution.         



In an AD environment, you can utilize AUDITING on file shares to do the
same thing.  Couple this with a limited ACL and you'll be set.

Kind Regards,

JMB

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: