Suspicious Activity Monitoring
- From: "Jason T. Hallahan" <jthallah@xxxxxxxxx>
- Date: Tue, 27 Jun 2006 16:01:47 -0400
Hello and good day list,
I am wondering if there are any products, techniques or ideas out
there on how to monitor a remote system (let's start with Windows) in
a networked environment (let's assume Active Directory/Domain) in
order to detect any of the following activity which may or may not be
malicious. For instance:
1) Activating EFS (Encryption) in Windows and encrypting files or folders.
2) Hiding Files/Directories whether they belong to user or system.
3) Unmasking a hidden File/Directory belonging to the system.
4) Removal of Read-Only protection on a File/Directory/Media.
5) Mounting/Unmounting a USB Thumb Drive.
Anybody out there have any ideas or experience on this topic?
Thanks,
Jason
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: RE: Microsoft Active Directory security concerns
- Next by Date: SF new article announcement: Strider URL Tracer with Typo Patrol
- Previous by thread: Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey
- Next by thread: Re: Suspicious Activity Monitoring
- Index(es):
