Office security
June 8, 2008 1:59 PM Subscribe
Office Security - How do I record/monitor our office computers?
We have about 8 PCs and 3 new Macs in our office.
Since we have deal with some sensitive data files, we would like to be able to monitor our computers. Is there any free or low cost solution for such purpose?
We mainly concern about usb drives, unauthorized uploading, and other illlegal activities through our computers in the office.
We won't be able to monitor every moment of the computer use.... but we would like to retroactively check on computer use after any illegal activities such as someone uploading sensitive files to their email or web drives.. and/or some one downloading sensitive files to their ipods or usb drives...
We do not have actual server, but we are suppose to use one shared drive and not save any data to individual computers..
We have about 8 PCs and 3 new Macs in our office.
Since we have deal with some sensitive data files, we would like to be able to monitor our computers. Is there any free or low cost solution for such purpose?
We mainly concern about usb drives, unauthorized uploading, and other illlegal activities through our computers in the office.
We won't be able to monitor every moment of the computer use.... but we would like to retroactively check on computer use after any illegal activities such as someone uploading sensitive files to their email or web drives.. and/or some one downloading sensitive files to their ipods or usb drives...
We do not have actual server, but we are suppose to use one shared drive and not save any data to individual computers..
You could also install VNC on all the desktops -- there are numerous "record a screenshot" apps that can run with VNC. You could log all the JPG's to a single workstation/server.
posted by SirStan at 2:08 PM on June 8, 2008
posted by SirStan at 2:08 PM on June 8, 2008
Do all 11 computers need access to this sensitive data? Do all employees need access?
You can do a lot just by limiting the people who have permission to see the files and by limiting the computers that have access.
It sounds like a small company, so I doubt you have an HR department with legal resources, but some sort of contract may be a low cost way to insure so "social security" (heh) around the office...
Beyond that the scope of what you're tying do quickly falls out of the realm of "free or low cost" and becomes a large project in and of itself. There are entire IT firms which specialize in what you're proposing.
Browse the computer security shelf at Barnes and Noble sometime.
posted by wfrgms at 2:13 PM on June 8, 2008
You can do a lot just by limiting the people who have permission to see the files and by limiting the computers that have access.
It sounds like a small company, so I doubt you have an HR department with legal resources, but some sort of contract may be a low cost way to insure so "social security" (heh) around the office...
Beyond that the scope of what you're tying do quickly falls out of the realm of "free or low cost" and becomes a large project in and of itself. There are entire IT firms which specialize in what you're proposing.
Browse the computer security shelf at Barnes and Noble sometime.
posted by wfrgms at 2:13 PM on June 8, 2008
Unfortunately, I think you have a bit of a untenable situation- high requirements with low budget.
If it was me, I would work on prevention. If you are in a situation where you have sensitive data, you simply can't allow people to have free reign on their desktop PCs. If data=money and data loss = money loss, then you have to treat all data access like a bank treats its cash. First thing is to create a security policy on the systems (as others have mentioned) that doesn't allow removable storage of any kind. Second, use some sort of access control on the network, both physically with your LAN and logically with limited accounts. And, unfortunately, physical locks on the hardware. All the computer security in the world can't stop someone from popping open a computer and swiping the hard drive.
Further, you need to make sure you have a good firewall that will stop unauthorized access from the outside. Good, secure and tested backups in place to be able to recover from data loss.
Beyond that, I don't know. I know auditing solutions exist, but I think they are pricey.
posted by gjc at 2:46 PM on June 8, 2008
If it was me, I would work on prevention. If you are in a situation where you have sensitive data, you simply can't allow people to have free reign on their desktop PCs. If data=money and data loss = money loss, then you have to treat all data access like a bank treats its cash. First thing is to create a security policy on the systems (as others have mentioned) that doesn't allow removable storage of any kind. Second, use some sort of access control on the network, both physically with your LAN and logically with limited accounts. And, unfortunately, physical locks on the hardware. All the computer security in the world can't stop someone from popping open a computer and swiping the hard drive.
Further, you need to make sure you have a good firewall that will stop unauthorized access from the outside. Good, secure and tested backups in place to be able to recover from data loss.
Beyond that, I don't know. I know auditing solutions exist, but I think they are pricey.
posted by gjc at 2:46 PM on June 8, 2008
Further, you need to make sure you have a good firewall that will stop unauthorized access from the outside.
Since they have 11 PC's and and don't want to spend money, I would assume they are running a consumer grade internet connection with a NATing router. Simply not using port forwarding and disabling UPNP would be functionally identical to a $2000 Cisco router (I doubt the OP wants remote access/VPN!).
posted by SirStan at 2:59 PM on June 8, 2008
Since they have 11 PC's and and don't want to spend money, I would assume they are running a consumer grade internet connection with a NATing router. Simply not using port forwarding and disabling UPNP would be functionally identical to a $2000 Cisco router (I doubt the OP wants remote access/VPN!).
posted by SirStan at 2:59 PM on June 8, 2008
Response by poster: Can I be able to make current Windows XP Pro system (which acts kinda like server now) to become more like real server? what can i do to it?
Currently, it is connect to few shared printers, scanner, back up drive and it contains shared hard drive.
posted by curiousleo at 3:10 PM on June 8, 2008
Currently, it is connect to few shared printers, scanner, back up drive and it contains shared hard drive.
posted by curiousleo at 3:10 PM on June 8, 2008
This thread is closed to new comments.
As for tracking web usage -- you could setup a proxy server to log traffic -- though you would have to make some assumptions. Then tell everyone they cant use non-work email accounts at work.
But in reality -- it sounds like a fairly hostile workplace you are attempting to create here. I would quit if you monitored my computer.
posted by SirStan at 2:06 PM on June 8, 2008 [1 favorite]