RE: Spying in a corporate environment

You could always set exceptions to the spy software in your AV solution.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Col
Sent: Tuesday, November 20, 2007 9:49 PM To: security-basics@securityfocus.com
Subject: Spying in a corporate environment

Hi everyone,

In my job we have to investigate people on our network for various reasons.

Increasingly I am finding I need some sort of tool to help me out. Preferably something that I can run on a server, point at a client or a user account and have it monitor that user/machine activity over a period of time.

The best tool would have these sorts of features:-

Audit log - everything the user does (shared drives, applications, web sites visited)
Data copy - copy data from the machine, including from pen drives (automatically would be nice)
Offline logging - ability to log what the user does with the machine when its off the network
Alerting system - alert me when the user does something defined in a rule

Has anyone come across a tool that does any of these things?

I guess the best solution would be to write something in house, as it would almost never get picked up by Anti Virus scanners, but obviously that's a lot of effort.

Any pointers appreciated, thanks in advance.

Regards,

Colin.

• This message: [ Message body ]
• Next message: Col: "Re: Spying in a corporate environment"
• Previous message: Albert T: "Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall?"
• In reply to: Col: "Spying in a corporate environment"
• Next in thread: Col: "Re: Spying in a corporate environment"
• Reply: Col: "Re: Spying in a corporate environment"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]