My current organization is in need of software that can log what files are being transfered from a machine to a flash drive.
We need to ensure that if an employee tries to remove data form the organization we can log and tell which files are being transfered.
Any advice or opinions of software that can do this for us?
Thank you
KayWhy,
I worked 2 years in a governmental department as a IS consultant where sensitive data resided in the network.
Even if you find a reliable software that will track the transfers people can always change a name, create a zip file or do other stuff to cover the transfer.
Our call was deactivate the USB ports from the BIOS and of course password protect the BIOS. The only issue with this solution is that you will need to find ps/2 keyboards and mouses. Employees weren't allow to use webmail either to cover that option.
is there not a way of just recording all file locations and names of all files transfered from HDD or network to USB?
is there not a way of just recording all file locations and names of all files transfered from HDD or network to USB?
I haven't looked closely at this issue, but my knee-j**k reaction is the same as chrisdavies. How hard can this be? I recall that when MS Vista shipped, we learned that, bowing to Big Media, MS had spared no expense to encrypt "premium content" end-to-end throughout the system. That seems like a much more difficult problem to solve than journaling file transactions via USB.
Then again, I'm not an OS developer, and everything looks easy if you don't have to do it yourself. )
/scott
Interesting problem, theres one solution of course of putting superglue in the usb ports and hoping like hell that nobody realises that you can buy USB pci cards, add your own hard drive over external sata or by opening the box, steal a hard drive, use firewire, burn a cd rom, dropbox, netcat, ftp, custom web upload pages, rapidshare, etc.
That being said, getting shot of usb and webmail is a nice start.
Im not aware of any program that would log this kind of activity, it should be possible to write one but it wouldnt be easy, you could write your own custom usb driver, or attempt to hook into the existing ones and im not sure how feasible that really is.
A nice quite hacky way to do it (and who doesnt like a badly implemented quick fix?) would be to enumerate the files on a usb device repeatedly and log that. But then you have the filename change problem, which I suppose you could overcome with hashing, but then a hash can be changed and unless you keep a constantly updated hash database of every file on the hard disk and in ram… its pointless.
So you could mirror every usb write over the network to a central store and log it that way, but you can overcome that with encryption…
Looks like an uphill and utterly unwinnable battle to me to be honest. Break out the superglue.
We use a Checkpoint EndPoint Security for locking down USB and other external media and tracking files.
Thanks, rwuiuc. I was unfamiliar with Checkpoint. From
"Administrators can also centrally monitor and audit file operations on removable devices, such as which files were moved to or from individual devices, and when. Email alerts can be configured to notify administrators about specific events."
Looks like a good solution.
/scott
Looks like a good solution.
Step 1. Open file topsekrit.txt
Step 2. Ctrl-A, copy to clipboard
Step 3. Alt tab to timesheet
Step 4. Paste document into cell
Step 5. Save timesheet.xls to usb stick.
Looks like a great solution until you try to bypass it.
Step 5. Save timesheet.xls to usb stick.
Looks like a great solution until you try to bypass it.
I thought rwuiuc was saying they're using it successfully to lock down USB ports, which, it seems to me, would prevent Step 5. Am I missing something?
Please note, I'm not a checkpoint user; just curious.
/scott
There are so many ways to get data out of information systems. Most computers now are coming out with USB 3, eSATA & firewire not to mention all the cloud storage options, file transfer via remote login (logmein, gotomypc) etc and blocking all this is inhibiting to normal business and a losing battle that will cost heaps in administration.
I think the best option is inform all the employees that their computers are being monitored and on their last day they are required to take their computer to IT for forensic imaging which will be preserved and used in evidence should the need arise….. and follow through. An employee would then have to either be dumb or have nothing to lose to try it.
Either that or use thin clients with no USB port, but it depends on your user's computing needs.