Re: Assurance in serverland question

[Chris Adams]

Proof is actually somewhat difficult to prove in court but outside of the legal aspects, using something like a network traffic analyzer and a host based IDS such as tripwire would provide sufficient logs of suspicious activity. You can also use MAC time information of the file (more difficult if there are many users). Using several tools would be the best way, just ensure the data from the tool is stored securely and that time is synchronized on all systems to make comparisons easier. Network analysis would require monitoring ALL traffic which can be very difficult to do but some companies do it.

Chris

On 7/12/06, Rion D'Luz <[EMAIL PROTECTED]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all:

        Any opinion on the best way to monitor the file transfers  and|or
general activities  ofa user w/out going to the extreme of keylogging etc.?
What is|are  the most effective and|or least intrusive options?
For instance:
        joedokes works for acme.widget and has auth access to sensitive
information, both in file and db format; each accessed remotely from servers
as such. What can be done to insure that if joe decides to x-fer the
company jewels to his local machine that it is audited and can be used
as proof?
TIA
RIon
- --


Beware when truth is called treason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEtYyj94WPEVwn1ncRAhboAJ9Hi3Z2QsWaVFMiAZm4BK9sd5xT0QCgh88/
zBGY+mcVMvdFxF1TZjoEcC8=
=MqUR
-----END PGP SIGNATURE-----

--
Chris
www.chrisadams.org
www.linuxchris.com
AOL and Yahoo IM - fan0of0as
MSN Messenger - [EMAIL PROTECTED]