Re: RE: Detecting File Alteration



"Yes. Windows is preferred since we are trying to deploy host integrity
monitoring within an Active Directory (AD) environment. GPL Tripwire
is available for UNIX. Basically what we are trying to do is if we
have a sensitive file "TradeSecrets.pdf" or "Salaries.xls" located
either on a shared drive or local/remote drive, we want to monitor if
that file gets DELETED, RENAMED, COPIED, or MOVED either within the
file system or to an external drive. Systernals' REGMON and FILEMON in
combination achieve much of this with some manual parsing and sorting,
but I was just wondering if there was a better solution"

If your looking for only Deleted, renamed, copied, or moved, windows built in loging capabilities should cover that, along with proper ACL applied.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



Relevant Pages

  • Re: Detecting File Alteration
    ... Windows is preferred since we are trying to deploy host integrity ... > monitoring within an Active Directory environment. ... >> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... >> The NSA has designated Norwich University a center of Academic ...
    (Security-Basics)
  • RE: How to find process behind TCP connection ?
    ... all kinds of things via port TCP/UDP 139. ... I have Windows 2003 server. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • AW: How to stop Admins from sniffing ?
    ... In Germany, for example, there are a number of laws against monitoring of user activity. ... This would prevent network sniffing of web traffic only. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • Re: Detecting File Alteration
    ... monitoring within an Active Directory environment. ... > Tripwire is awfully expensive for a small company... ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • Re: another nc quesiton : tcp tunnels on win32
    ... Its for vpn, but you can use to make tunnels, crypt tunnels and so on. ... how to create TCP tunnels on windows systems? ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)