Home > Ask the Enterprise Desktop Experts > Questions & Answers > Hunt down a hacker
Ask The Enterprise Desktop Expert: Questions & Answers
EMAIL THIS

Hunt down a hacker

Wes Noonan EXPERT RESPONSE FROM: Wes Noonan

Pose a Question
Other Enterprise Desktop Categories
Meet all Enterprise Desktop Experts
Become an Expert for this site


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 14 January 2007
We have a W2K3 file server (with SAN attached arrays) that a user has deleted files from. Is there a way to discover who this person is? Do the log files capture this information or would we have to put a monitoring tool on the server and hope to capture future activity? We plan on tightening the permissions but I wondered if there would be any history available.

>
This is a function of the auditing capabilities of the file server and can be enabled using the native tools. This is done by both enabling the Auditing functionality in the Auditing Tab of the Advanced Security settings for the given folders/file system as well as enabling the appropriate Audit Policy for your environment using Group Policy/the Local Security Policy of the system in question. Unfortunately, if you weren't auditing to begin with, there won't be a historical record.

If you are going to enable this degree of auditing, I would strongly recommend the use of third-party log management/security monitoring tools such as NetIQ Security Manager, LogLogic or ArcSight ESM. These tools can both manage the quantity of logs as well as the volume of events. Doing otherwise, in my experience, results in auditing policies that are effectively worthless because data is near impossible to find. It is also difficult to manage the volume of data (which can exceed gigabytes of data per day).


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Desktop Solutions - Windows for Enterprise
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts