Auditing System

BOOBALAN.V
5StarLounger
Posts: 727
Joined: 24 Aug 2017, 07:43

Auditing System

Post by BOOBALAN.V »

Dear Community,

How to find if someone copy our data's in USB. I saw in Transformer movie in which one girl copy some frequency in USB and getting into her friends home but within minutes FBI come to that place and arrest them. How did they find that the girl copy the data and how they find where she is? It may be ridicules to ask this question. But i have a doubt. Could you please tell me can we monitor if some one copy our data or not. In big organization how they monitor this kind of issues. We could block the USB by using Group Policies. But is there any another way to monitor or control this kind of issues. Kindly tell me thanks.

User avatar
HansV
Administrator
Posts: 74155
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Auditing System

Post by HansV »

I don't think there is an easy way to do that.
Regards,
Hans

User avatar
Leif
Administrator
Posts: 7277
Joined: 16 Jan 2010, 08:21
Location: UK/France

Re: Auditing System

Post by Leif »

In my view, you either trust the employee or you do not. If you do, you allow them access to USB drives. If you don't trust them 100%, you block access. Totally.

And it's not just data leaving your company you need to worry about. It's the incoming trojan software on the USB port you also need to think about.

In our company, no ordinary user has any need to access their USB port (apart from mice and keyboard requirements). So our standard policy is to block USB drives. Monitoring activity is all well and good, but not a lot of use after the event.
Leif.

BOOBALAN.V
5StarLounger
Posts: 727
Joined: 24 Aug 2017, 07:43

Re: Auditing System

Post by BOOBALAN.V »

Thank you all. After i saw that transformer movie i thought that we could monitor whether they copy or not. It's just cinema :sad: . Thank you :smile: :smile:

User avatar
StuartR
Administrator
Posts: 11863
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Auditing System

Post by StuartR »

It all depends on the value and sensitivity of the data, and how much time and resources you have to protect it.

You can put superglue in the USB sockets (seriously, some of my customers do this).
You can enable file auditing for the files that you care about and follow up any time anyone touches the file to talk to them about what they did and why.
You can encrypt the data and only allow them to access the exact parts of the data they are allowed to using a program that you control.
StuartR


BOOBALAN.V
5StarLounger
Posts: 727
Joined: 24 Aug 2017, 07:43

Re: Auditing System

Post by BOOBALAN.V »

StuartR wrote:You can enable file auditing for the files that you care about and follow up any time anyone touches the file to talk to them about what they did and why.
Dear sir,
How to enable file auditing for the files. file---> Right Click--->Properties--->Security--->Advanced--->Auditing. I know this much only sir. How to set principals sir? Can we set a principals for Administrative account too ?
StuartR wrote:You can encrypt the data and only allow them to access the exact parts of the data they are allowed to using a program that you control.
Can we encrypt the data like to access the parts of the data only they can allowed to using? How to achieve this sir? Kindly teach me sir. I am very interesting to learn like this stuffs :grin: :grin:

BOOBALAN.V
5StarLounger
Posts: 727
Joined: 24 Aug 2017, 07:43

Re: Auditing System

Post by BOOBALAN.V »

Sir, is Auditing Principals means What are all permissions we are giving to user and not like write, read, full control,etc? Is this right or wrong sir? If it is right, I thought that Auditing means we can monitor like When the file is accessed and which user accessed the file,etc.

User avatar
StuartR
Administrator
Posts: 11863
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Auditing System

Post by StuartR »

You have to enable file audits first. See https://docs.microsoft.com/en-us/window ... y-settings

I can't teach you how to encrypt parts of a file and use code to access it in a controlled way here. That requires significant effort and is easy to get wrong.
StuartR


BOOBALAN.V
5StarLounger
Posts: 727
Joined: 24 Aug 2017, 07:43

Re: Auditing System

Post by BOOBALAN.V »

Thank you so much sir. Now i understand how to set Auditing principals and how it works. We can trace which user tried to open the file or folder and which date and time whether he opened successfully or not. We can trace by audit policy and with the help of event view logs. But sir please tell me, did you mean this kind of stuff or similar to like this? I mean part of data encryption. https://docs.microsoft.com/en-us/sql/re ... mn-of-data

User avatar
StuartR
Administrator
Posts: 11863
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Auditing System

Post by StuartR »

BOOBALAN.V wrote:...did you mean this kind of stuff or similar to like this? I mean part of data encryption. https://docs.microsoft.com/en-us/sql/re ... mn-of-data
Yes, I did mean that kind of stuff, but the really difficult part is how you enable your authorized program to access the required encryption keys without putting them at risk.
StuartR


User avatar
stuck
UraniumLounger
Posts: 7019
Joined: 25 Jan 2010, 09:09
Location: up North (but it's not that grim)

Re: Auditing System

Post by stuck »

The large organisation that I work for uses an application called Lumension (https://www.ivanti.co.uk/products/endpoint-security) to restrict user access to removable media. I doubt it is cheap solution.

Ken