Re: Re: monitoring acess to servers

[krymson () gmail com]

Well, first of all, the fundamental purpose of IT is to automate. But that's beside the point...

Second, I think you may have missed the part the OP said about these being admins he wants to monitor. These are admins 
who can change/wipe logs or do any number of things to avoid a daily (or hourly...) parse of the logs. On a Windows 
file server. For a, presumably, non-technical manager to review.

I'll admit, your suggestion is fine, but it's all about where you want to fall on the line between "no security" and 
"perfect security." The good ol' art of security! :)


<- snip ->
Has everyone gotten so lazy that they must Automate everything? All one needs to do to resolve this issue is write a 
filter to look through the logs daily for access to the specific folders. I would hope that it is already part of your 
daily tasks to review the logs. If you must automate you could use MOM.

Adam L. Simms

Founder

Bay IT Consultants

Sent from my Verizon Wireless BlackBerry

-----Original Message-----

From: Juan B <juanbabi (at) yahoo (dot) com [email concealed]>

Sender: listbounce (at) securityfocus (dot) com [email concealed]

Date: Tue, 14 Sep 2010 09:46:01

To: <security-basics (at) securityfocus (dot) com [email concealed]>

Subject: monitoring acess to servers

Hi Great list members !!

I was hired to by an owner of a company, he gave me a task, he wants to monitor access to few folders on few file 
servers (windows) he has there some confidential information, the things gets a bite complicated couse he wants to 
monitor also and be alerted if the sys admins access the folders so Im looking for a solution (product/software??) that 
will read the logs of a server and export it say to a remote server where the admins dont have access to and also will 
send a mail to the owner of the company if someone access a specific folder in that server. the process should work so 
that the sys admins cant modify those logs, I know its problematic but I must find a solution, and also I can come with 
a solution that cost 1 million dollar couse the owner wont implement a thing. also any insights about that kind of a 
project are most welcomed ( gaps, how long it takes to implement, etc).

also I talked to the sys admins in the site, there are not against this kind of project, they want to be monitored so 
if a problem happens they say that the logs will tell that they didnt were the guys that coused the problem.

thanks for your help!!

Juan

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------