An IT administrator called today looking for a solution that would help him record accesses to a payroll signature file that is kept on a pen drive.
His situation was that his payroll system was kept in a secure location and the pen drive containing the signature is used on each of the checks, was kept in a secure location away from the server. To ensure that that someone didn’t use the payroll system with any other signature file than the one on the secure pen drive, he needed to records all accesses to the signature files on the pen drive.
His goal was simple: generate a report showing all accesses to signature file while it plugged into the payroll system server. He had looked at USB protection systems and many offer auditing of the files on the drive, but fell short when the file was copied to the hard drive. In other words, someone could copy the signature file to the hard drive, give the pen drive back and print checks all day using the signature file on the hard drive.
With one simple rule in FileSure, he was able to completely solve his problem: “Audit ALL access to *.sig files, on all drives, for all users.” FileSure not only audited all the accesses, but also recorded what program was being used to access those files.
Perfect.
Friday, October 24, 2008
Monday, October 20, 2008
A disconnected StopCopy.
We just got a call from a StopCopy user and while he was very happy with it, he did have a question: “I see all the users file activity while they are on network, right here in the StopCopy console….but what about when they take their laptop out of the office? What happens then? Does the product still work?”
We replied “Yes, StopCopy continues to protect files even if disconnected from the network, but since the laptop isn’t on the network the file operations alerts can’t be sent to the StopCopy console.” We then told him that the next time the laptop was connected to the network, he could use the “View remote log” button and it will display the file operation audit log from that machine…which shows both blocked operations AND allowed operations, both while connected to the network and disconnected from it.
StopCopy is a great little product.
We replied “Yes, StopCopy continues to protect files even if disconnected from the network, but since the laptop isn’t on the network the file operations alerts can’t be sent to the StopCopy console.” We then told him that the next time the laptop was connected to the network, he could use the “View remote log” button and it will display the file operation audit log from that machine…which shows both blocked operations AND allowed operations, both while connected to the network and disconnected from it.
StopCopy is a great little product.
Friday, October 17, 2008
DJs and StopCopy
You know, you never know where intellectual property and file protection will come in handy.
Today a DJ firm's owner called me up and bought StopCopy for all their mobile DJ PCs. Seems that one of the firms major assets is the music library - and it's all on MP3 files on each mobile workstation. The owner had been thinking how easy it would be for his employees to just copy all the music and playlists, just a few minutes with a plugged-in iPod Touch and he would have a new competitor.
While he was on the phone with me he installed and tested StopCopy and was absolutely thrilled. One request - the message that comes up when copying is pretty corporate - could he change it? Of course! Now it's all MC Hammer - "Can't touch this!"
It's amazing what y'all think up! Give me a call, I'd love to hear how you're using FileSure and StopCopy!
Today a DJ firm's owner called me up and bought StopCopy for all their mobile DJ PCs. Seems that one of the firms major assets is the music library - and it's all on MP3 files on each mobile workstation. The owner had been thinking how easy it would be for his employees to just copy all the music and playlists, just a few minutes with a plugged-in iPod Touch and he would have a new competitor.
While he was on the phone with me he installed and tested StopCopy and was absolutely thrilled. One request - the message that comes up when copying is pretty corporate - could he change it? Of course! Now it's all MC Hammer - "Can't touch this!"
It's amazing what y'all think up! Give me a call, I'd love to hear how you're using FileSure and StopCopy!
FileSure and Lower Taxes?
There's only one thing that makes me happier than making a customer happy - and that's making a customer happy who is helping lower my taxes!
Today I was on the phone with Joe in Arkansas. Joe works for an organization that does Medicare validation, checking to make sure that all the charges are valid. With access to lots of patient data you know that data privacy is vitally important to them. HIPPA, enough said.
Anyway, Joe brought his compliance officer in to take a look at FileSure. He wanted to make sure that he was doing the right thing. Her eyes immediately fastened on the data scrolling by in the real-time console. "He shouldn't be accessing that file!" she said.
The real-time console made it obvious what FileSure did - with the forensic analysis tool and the reporting system, the verdict was easy. "This is really impressive."
I love this product!
Today I was on the phone with Joe in Arkansas. Joe works for an organization that does Medicare validation, checking to make sure that all the charges are valid. With access to lots of patient data you know that data privacy is vitally important to them. HIPPA, enough said.
Anyway, Joe brought his compliance officer in to take a look at FileSure. He wanted to make sure that he was doing the right thing. Her eyes immediately fastened on the data scrolling by in the real-time console. "He shouldn't be accessing that file!" she said.
The real-time console made it obvious what FileSure did - with the forensic analysis tool and the reporting system, the verdict was easy. "This is really impressive."
I love this product!
Sunday, October 12, 2008
NetWare File Auditing? No problem.
A consultant called the other day looking for help on an auditing solution for a Windows 2000 Server. The wrinkle? One of the file shares on the server was actually connected to a remote NetWare server! Ahh, good old Gateway Services for Netware. So workstation accesses were being redirected through the Windows server to the NetWare disk. His question - could we audit NetWare servers?
Well, no. But good news - we don't even need to! In FileSure 2.0, we added code to pick up network accesses. As a result, the FileSure 2.0 installation on the Windows Server can audit the NetWare shares. All we had to do is change a couple of rules and NetWare auditing was running.
OK, fine and good and that customer has a solution. But, the consultant asked - what if the workstations were using Client Services for NetWare from their workstations? Again, no problem. Install the new FileSure 2.0 Workstation on those desktops and laptops and you'll have your solution.
What's really amazing is that this same approach lets our customers audit network storage files, too!
Pretty cool!
Well, no. But good news - we don't even need to! In FileSure 2.0, we added code to pick up network accesses. As a result, the FileSure 2.0 installation on the Windows Server can audit the NetWare shares. All we had to do is change a couple of rules and NetWare auditing was running.
OK, fine and good and that customer has a solution. But, the consultant asked - what if the workstations were using Client Services for NetWare from their workstations? Again, no problem. Install the new FileSure 2.0 Workstation on those desktops and laptops and you'll have your solution.
What's really amazing is that this same approach lets our customers audit network storage files, too!
Pretty cool!
Friday, October 10, 2008
Stress Testing FileSure 2.0
One of the things I've come to realize about software development is that most of the hard work we do is hidden from you, much like most of an iceberg is hidden. I thought I'd tell you about one of the many tests we've been running on the new 2.0 version of FileSure.
This test created 100 unique files every second for hours on end. Now that's extreme - each hour we'd be creating 360,000 files. Your servers would probably experience something like that only if there was major problem. Anyway, we discovered that after several hours FileSure would run out of memory and crash. So what to do?
Well, we could ignore it and hope it never happened. But our years of experience tells us that we have to fix these kind of issues.
The root problem that we had to address was the consolidation store.
It's a memory structure that collapses duplicate events to reduce auditing noise, which is one of the coolest features of FileSure.
Anyway, the store is a very efficient data structure, but in this test the problem is that every file is unique.
Since other tables were using indexes in the file list, we couldn’t just zap the old file entries without running thru all the related structures and also clean those up….what a mess.
Well…like many things in life, you find a compromise. Here is what we decided and while we don’t like it much, it does work well and even running our very ugly stress test the FileSure Service doesn’t get over 100 MB.
And the solution is….nice and simple…if the store has more than 100,000 files; delete it and recreate it. The downside? After 100,000 unique files has been audited, is it possible that a few events might not get consolidated correctly.
Let me know if we worried too much about this!
Referenced product details: http://www.bystorm.com/Products/FileSure
This test created 100 unique files every second for hours on end. Now that's extreme - each hour we'd be creating 360,000 files. Your servers would probably experience something like that only if there was major problem. Anyway, we discovered that after several hours FileSure would run out of memory and crash. So what to do?
Well, we could ignore it and hope it never happened. But our years of experience tells us that we have to fix these kind of issues.
The root problem that we had to address was the consolidation store.
It's a memory structure that collapses duplicate events to reduce auditing noise, which is one of the coolest features of FileSure.
Anyway, the store is a very efficient data structure, but in this test the problem is that every file is unique.
Since other tables were using indexes in the file list, we couldn’t just zap the old file entries without running thru all the related structures and also clean those up….what a mess.
Well…like many things in life, you find a compromise. Here is what we decided and while we don’t like it much, it does work well and even running our very ugly stress test the FileSure Service doesn’t get over 100 MB.
And the solution is….nice and simple…if the store has more than 100,000 files; delete it and recreate it. The downside? After 100,000 unique files has been audited, is it possible that a few events might not get consolidated correctly.
Let me know if we worried too much about this!
Referenced product details: http://www.bystorm.com/Products/FileSure
Subscribe to:
Posts (Atom)
