Comments on: Files and directory access loging http://itknowledgeexchange.techtarget.com/itanswers/files-and-directory-access-loging/ Sat, 18 May 2013 17:13:23 +0000 hourly 1 By: nalluk http://itknowledgeexchange.techtarget.com/itanswers/files-and-directory-access-loging/#comment-45277 nalluk Wed, 20 Jul 2005 16:26:02 +0000 #comment-45277 We do generate a daily report containing all files and directories accessed every day by resources and users on any given server in multiple Domains. Try using EventTracker Enterprise Eventlog Management software from Prism Microsystems, Inc. Not only it does what you need it also does SOX, GLBA and HIPPA Compliance reports.

]]> By: itdefpat1 http://itknowledgeexchange.techtarget.com/itanswers/files-and-directory-access-loging/#comment-45278 itdefpat1 Tue, 28 Jun 2005 17:53:09 +0000 #comment-45278 Yes, auditing every event is a big load (pun also intended). Mainframes could do all that, but it is not at all common on any distributed platform (like windows, or generic unix). Mostly, you would have to have that kind of function built into the APPLICATION. The closest to that would be to build folder rights so that only a specific application could access the files there (users get no direct access to data). Not easy, unless using a DB or ERP system.

If the application doesnt (or you aren’t building the app) do enough audit, authentication and authorization, then you would have to do a proxy scenario (the proxy might do it). But to get off the shelf proxy means mostly only http apps (or build the proxy for the app – again, not pretty).

Maybe you want to control access to the share. Would putting the server on an isolated network segment work. That would provide protection, authentication and alerting.

This is all very complex, tricky and time consuming. Yuck.

Like the other guy said, the boss is asking for way more than what can be managed. This doesn’t even take into account all the manpower to review all those logs (windows sys logs. After all, you just want to know about violations, not that people are opening files all day long, right? Yikes.

And is there a policy to mandate this type of review?
Is there a process to manage (and staff to support).

Maybe what you want is strong authentication? Through in some crypto on the files; this might be a PKI. The firewall isolation noted above, with strong authentication is probably the easiest and provides a good return on ivestment, low maintenance and management efforts, decent reporting and alerting.

IT Defense

]]>