Re: Detecting File Alteration
- From: "Mister Dookie" <misterdookie@xxxxxxxxx>
- Date: Wed, 6 Sep 2006 12:58:43 -0400
Yes. Windows is preferred since we are trying to deploy host integrity
monitoring within an Active Directory (AD) environment. GPL Tripwire
is available for UNIX. Basically what we are trying to do is if we
have a sensitive file "TradeSecrets.pdf" or "Salaries.xls" located
either on a shared drive or local/remote drive, we want to monitor if
that file gets DELETED, RENAMED, COPIED, or MOVED either within the
file system or to an external drive. Systernals' REGMON and FILEMON in
combination achieve much of this with some manual parsing and sorting,
but I was just wondering if there was a better solution.
On 9/5/06, offset <offset@xxxxxxxxxxxxxxxx> wrote:
I dont recall if your original email required this to run on windows or *nix.
I've used samhain on *nix with no issues, not sure about windows.
http://www.la-samhna.de/samhain/
-off
On Thu, Aug 31, 2006 at 11:44:14PM -0400, Mister Dookie wrote:
> Tripwire is awfully expensive for a small company... there must be
> something in the freeware realm or at least something cheaper that
> accomplishes the same thing as Tripwire.
>
> On 8/31/06, Peter Marshall <petermmarshall@xxxxxxxxxxx> wrote:
> > Tripwire as well . . .
> >
> >-----Original Message-----
> >From: Saqib Ali [mailto:docbook.xml@xxxxxxxxx]
> >Sent: Thursday, August 31, 2006 3:49 PM
> >To: Mister Dookie
> >Cc: security-basics@xxxxxxxxxxxxxxxxx
> >Subject: Re: Detecting File Alteration
> >
> >Filemon???
> >http://www.sysinternals.com/Utilities/Filemon.html
> >
> >filters as well....
> >
> >--
> >Saqib Ali, CISSP, ISSAP
> >Support http://www.capital-punishment.net
> >-----------
> >"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
> >Day of Resurrection)" Al-Quran 6:15
> >-----------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Re: Detecting File Alteration
- From: Mister Dookie
- Re: Detecting File Alteration
- From: offset
- Re: Detecting File Alteration
- Prev by Date: Re: Device Authentication - The answer to attacks lauched using stolen passwords?
- Next by Date: Re: Detecting File Alteration
- Previous by thread: Re: Detecting File Alteration
- Next by thread: Re: Detecting File Alteration
- Index(es):
Relevant Pages
|
