Re: Logging admin access to workstations
From: Radoslav Dejanoviæ (radoslav.dejanovic@zagreb.hr)Date: 03/15/02
- Previous message: The Crocodile: "RE: Best way to deploy MS security patches ??"
- In reply to: Alan Cooper: "Logging admin access to workstations"
- Next in thread: jklemenc@fnal.gov: "Re: Logging admin access to workstations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Radoslav Dejanoviæ <radoslav.dejanovic@zagreb.hr> To: Alan Cooper <imalcooper@yahoo.com>, security-basics@securityfocus.com Date: Fri, 15 Mar 2002 09:36:41 +0100
On Wednesday 13 March 2002 19:22, Alan Cooper wrote:
> me what they are doing if access is granted, their IP
> address, time of day, etc? Is there a better way
> approach this problem?
It might be better solution to (if you can, of course) do
some packet sniffing on the machine - this way you can be
practically undetectable (if you work with network administrators),
and at the same time you'll get not just a log file of something being
accessed or transferred, but the data that were being accessed, too. This
way you can recreate intruders activities and see what (s)he's been trying
to do, without giving notice to the intruder. If someone is really
stealing the data, you can use this approach to have some material
evidence - and that's very important if you want to have someone fired or
maybe even jailed.
-- Radoslav Dejanovic Senior Associate to Mayor's Office City of Zagreb, Croatia
- Previous message: The Crocodile: "RE: Best way to deploy MS security patches ??"
- In reply to: Alan Cooper: "Logging admin access to workstations"
- Next in thread: jklemenc@fnal.gov: "Re: Logging admin access to workstations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
