• No results found

Successful File Server Auditing: Looking beyond native auditing

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Successful File Server Auditing: Looking beyond native auditing"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

www.lepide.com

Successful File Server Auditing:

Looking beyond native auditing

Whitepaper

(2)

1. Introduction

File system auditing deals with security of Windows file servers, protecting business critical data and ensuring service availability with minimum downtime. File system administrators need to be fully cognizant of all the happenings in the file server environment including file access information, file system events and other activities. Latest reports on changes to Files, Folders, Shares and Permissions helps in maintaining a safe and secure File system environment, eliminates security threats and also helps in sustaining compliance.

Of all the user-initiated events related to file servers, file access is of primary importance as once a user gets access to a file or folder, a number of changes can be affected by him cascading the damage. Thus, scrutinizing File access related changes helps in mitigating a majority of risks originating out of it.

File system auditing is no more just about passive auditing of past events. Admins look for a system that can generate real – time alerts for critical events, so that necessary action could be taken to avoid the possibility of any damage or loss arising out of it. File System auditing solutions also assume importance in sustaining compliance as they offer a centralized pool of File server audit data that can be archived for a long period of time to meet various standards such as SOX, HIPAA, and PCI etc.

2. Need and Importance of File Server Auditing

Windows File system could be used as storehouse of critical business data and network shared application. Any unauthorized access to File servers and undesirable changes to shares and permissions may expose sensitive data resulting in business loss. Hence, administrators need to monitor in real time who accessed what and when; also what changes were made to shares and permissions and who all could benefit from such change. Organizations face the internal requirement of comprehensive File system auditing because of a number of reasons:

To prevent unauthorized access to sensitive business data.

Analyze access rights given to users and their uses thereof to mitigate any risk arising out of it.

Keep File systems safe from intentional changes to Permissions to misuse the privilege. Eliminate destructive changes to File and Folders that could result in data loss.

Monitor the activities of delegated users to eliminate risk factors.

Archive changes to support forensic investigations of events occurring years ago.

Get event details in simple understandable English instead of complex jargons of native event viewer.

Apart from the internal File system auditing requirements, there are a number of external factors that make File system auditing a necessity:

(3)

Various industry specific compliances such as SOX, HIPAA, PCI etc. lay down a number of regulations that can be fulfilled only through comprehensive auditing.

Having a demonstrative capability of performing File system auditing can infuse confidence in various stakeholders thus increasing reputation of the organization.

File system auditing can help you present event logs in the required format for the purpose of litigation.

3. Options available for File System Auditing 3.1 Native Auditing

Native File system auditing too can present the Who, What, When and Where information about File system events but requires a disproportionate amount of effort as logs are scattered around with a lot of unuseful data. Windows event viewer can help Admins to analyze File system logs manually, but it may take a lot of time to uncover the facts and that too not in a desirable format. For serious File system auditing requirement, it would be unwise to consider native auditing as an option. Native File system auditing suffers from a number of drawbacks such as:

A single event such as copying a file from one location to another could generate a bulk of event logs. Reconstructing the move in plain English from such logs can take a lot of time and effort.

Native auditing lacks comprehensive reporting feature which is a necessity for successful file server auditing.

There is no provision to generate instant alert on critical changes that can leave Admins in dark and also increase the response time to corrective measures if any at all that takes place.

No built-in reports to meet compliance requirements. Admins need to manually go through tons of event logs data and find the required information.

Absence of a centralized platform to look into the File system event logs means Admins need to visit each file server in the network and set auditing rules and collect required insight.

There is a chance of precious data loss on account of log overwrites in absence of proper settings.

Inefficient storage means inability to support long-term archiving which in turn could result in compliance violations.

3.2 File System auditing: Third Party Solutions

To overcome the above mentioned short comings, you can use commercial File System auditing solutions available in the market. They not only help you to get around the limitations of native auditing, but also offer a host of other benefits that are important to ensure secure file system environment. In today’s world, File system auditor is no longer merely a tool to satisfy external auditing requirements; organizations are considering it as an apt tool to aid in securing sensitive

(4)

business data and generate useful information for intelligent decision making regarding file system environment.

4. A practical approach apt for the real world

LepideAuditor for File Server (LAFS) is a powerful tool to audit all file servers in the network and generate reports on them. Software is more than just a tool to satisfy compliance requirements; it ensures that critical business data stored on File systems is safe from unauthorized access and modifications. It offers a host of features that are important from real world perspective of auditing File systems in the network:

Provides Who, What, When and Where information for all access attempts and changes made to Files, Folders, Shares and Permissions on the File server.

Reports on all access rights given to users and Files and Folders that they are accessing to give complete control to administrators.

Consolidates event logs from all File servers in the network and reports and alerts on important event from a centralized platform.

Archives event logs for a longer period of time thus helping in staying compliant and forensic investigations.

Generates real-time alerts on critical events such as unauthorized access to folders containing sensitive data and deletion or modification to important files.

5. LepideAuditor for File Server vs. Native Auditing

SL No. Feature LepideAuditor for File Server Native Auditing

1. Track File server changes to give Who, What, When and Where

information for each change. Yes

Difficult to identify the changes as there could be multiple log entries for a single change.

2. Tracks Files and Folders access/share and permission changes.

Yes. Alerts and Built-in reports to track File and Folder access related changes.

Need to analyze logs manually to find out such changes. 3. Compliance support Yes. Long term archiving and

customizable built-in reports help you to stay complaint to industry acts and standards.

Difficult to support long-term

archiving and search required information from cryptic logs. 4. Real-time Alert Yes. Allows you to set instant

(5)

alerts for the changes that you think are important.

No 5. Consolidated Logs Yes. Acts as a centralized

platform to collect logs from all File servers in the network and report and alert on them.

No

6. Reporting on event logs Yes. Offers a number of built-in reports to give detail information about each change.

No built-in reports. Need to get

information through Windows event viewer. 7. Schedule Report feature Yes. Automatic generation

and delivery of reports at specified email address.

No 8. Easy identification of changes Yes. Highlights different types

of changes in different color with old and new value.

No 9. Long term archiving Yes. Archive event logs for

years in secure and efficient storage of SQL server.

Inefficient storage. Takes lot of

memory space for archiving event logs.

10. Granular rollback of changes Yes. Identify unwanted changes easily and rollback with just a few clicks.

Cumbersome process to identify unwanted changes followed by

complex set of steps for granular rollback.

6. Get an edge over native auditing

As you can see from the comparison chart above, software offers clear advantages over native auditing. When it comes to real world scenario, you cannot leave a system as important as File server, on native auditing. LepideAuditor for File server is a must for administrators to satisfy internal and external audit requirements. It offers immense benefits in comparison to small cost that one has to pay for it.

(6)

About company

Lepide Software Pvt. Ltd. is a leading provider of Network management, Server management and IT management solutions. Company has offered a number of cutting edge technological tools to serve these areas. LepideAuditor for File Server is yet another addition to the list of software products from the company that has won accolades from the industry. Strength of the company lies in deep industry experience and expertise of technical workforce that helps in producing cost-effective solutions. To know more about the company visit:

http://www.lepide.com/

Sales, Support Contact information

Contact:

+ 1-800-814-0578

For Sales: sales [@] lepide.com

For Support: support [@] lepide.com

References

Download now ( PDF - 6 Page - 345.58 KB )

Related documents

Access All Your Files on All Your Devices

IceBOX Delivers File Sharing & BYOD: • Cloud-based file sharing (hosted or enterprise options) • BYOD Accessibility – Any Device, Any Client, Any

Storage Intelligence, Optimization and Security with File Reporter

By inventorying your network storage’s volumes and shares, files and folders, as well as the rights and permissions associated with each, File Reporter can filter and

Auditing File and Folder Access

This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the “Materials”) and this site and

Simbirsk Technologies Ltd.

In order to set the same file access permissions on a Windows-based server, you may need to give full permissions for the files and directories to the user with the IUSR

The Maximum Security Marriage:

Such MFM solutions are also beneficial to any company looking to ensure employees can access files on the corporate server via mobile phones and iPads, which do not have native

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

The actual file auditing process that captures real-time file access and changes within file audit events.. By analyzing these events in real-time, you are able to get information

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

All the changes to user accounts and user permissions in Active Directory, Exchange Server, Group Policy, File System and SQL Server are logged as needed. We also audit all the

Dell Compellent Storage Center

New to Windows Server 2012, a Scale-Out File Server allows the storage of server application data, such as Hyper-V virtual machine files, on file shares4. All files shares are