I have new found tasks in he workplace, tha require me to rely completey on emote Desktop Connectivity to track down a file contamination/breach type situation.
I am looking for Remote Desktop Forensic tools that are excellent on file searches in all areas of the the file system (mainly Windows XP/Vista OSs) but all Operating Systems are welcome, that can be monitored and ran through remote desktop, leaves little to no footprint on the remote machine that certain searches were conducted, as well as the host machine that is remoted into the machine in question.
Opposite of data preservation and evidence senstivity, I am looking for something that is more search and destroy and purge with secure wiping. If there are tools that have the ability to keep log files of discovered files in certain areas of the drive, that would be great.
FREE and FREE Would be great for such a application cost.
Thanks
I also need to monitor activity on remote computers (employees working at home) for purposes of HIPAA compliance.
Specifically, I need to make sure that PPI (personal patient information) that must be made available to the worker via a terminal application is not being screen-captured (ala Camstudio, etc.) or otherwise saved, copied and/or retransmitted. So, I need to be able to look at removable-device mounts, installed applications, files, email attachments, event logs, etc. No key-logging capability is necessary, and corporate policies cover the legal waterfront regarding employee privacy expectations (I am forced to presume, as I am not a lawyer).
1. We can require the pre-installation of an agent if necessary. (XP/Vista)
2. We can spend "some" money - how much would depend on capabilities, licensing details and competitive alternatives.
3. We don't *have* to run audits (or do collection) in "stealth" mode, although there might be circumstances where we're investigating suspected misappropriation of the information where that would be really desirable.
Thanks for any input you might wish to offer!
….leaves little to no footprint on the remote machine that certain searches were conducted…
You might consider F-Response. Installed remotely, you can then search the drive with your tools locally on your system…the connection is read-only.
HTH
Specifically, I need to make sure that PPI (personal patient information) that must be made available to the worker via a terminal application is not being screen-captured (ala Camstudio, etc.) or otherwise saved, copied and/or retransmitted.
Unfortunately you can only use technology to go so far in this instance. Whats to stop someone from using a mobile phone to photo the screen when the patients data is there, or even simply just writing it down?
Policies, user education and the *strict* application of these policies is required. I have seen instances where organisations have policies in place to cover this, someone then breaks the policy, and the organisation doesn't make an example of them as they don't want to seem to be the bad guy or present information into the public domain that might look bad on the company.
1. What’s the point of having the policy in the first place if you are not going to enforce it?
2. What kind of message does this send out to others who might be doing the same sort of thing?
I sense Harlan comes across a similar scenario when dealing with data breaches, virus proliferation etc during incident response?
I also need to monitor activity on remote computers (employees working at home) for purposes of HIPAA compliance.
Practically speaking, it can't be done in the way that you would like and I wouldn't even try. You could consider a thin client application such as Citrix, where employees would be accessing a remote system. But that would not stop the remote user from capturing the information via an external device.
Nor do I think that you need to. Assuming that you have taken all reasonable steps to ensure compliance, and that all employees have signed agreements binding them to HIPAA requirements, and assuming that you don't have glaring weaknesses in your security or implementation, you have done as much as you can to limit your liability under HIPAA. Any breach of the information at the hands of the employee becomes the employee's liability, not yours.
As for monitoring and restricting access to external devices, you can do the latter via global policy objects IFF the worker's computer is in your domain (though that has its own set of issues). You could use a VPN and a specially configured client to require all net accesses to be via your firewall and you could employ extrusion detection systems and policy-based routers to filter Internet traffic but this all assumes that the worker's desktop becomes part of your domain. And a sophisticated user could get around most of these.
In other words, there are a number of ways to limit your liability that involve nothing more sophisticated than what is done in thousands of corporate networks across the country. But, ultimately, you can't prevent a deliberate attempt to steal protected information.
Look at the incidents in Los Angeles and Pittsburgh where a celebrity's medical information was leaked. In both cases, it was via hospital personnel who had authorized access to the information.