passive monitoring

Discussion in 'Computer Security' started by Secure Lockdown, May 26, 2004.

  1. i am in a situation where i have been asked to passively monitor (i can't
    tell them i am doing it) the activities on a win 2k server and what
    programs get installed on it.

    i have to give them full admin accounts and full reign over the machine,
    but i have to find a way to inventory the programs installed and track what
    they install. the machine in phisically at another location. i am able to
    connect to it and manipulate it remotely using MS builtin services.

    i was thinking of running baleric on the machine and then running it
    periodically every month or so and compare the results. but wondering if
    you guys have used a better and simpler product. i also don't have much of
    a budget for this. a stealth feature would be handy.

    --
    Secure Lockdown
    Secure Lockdown, May 26, 2004
    #1
    1. Advertising

  2. Secure Lockdown

    zz Guest

    Secure Lockdown wrote:
    > i am in a situation where i have been asked to passively monitor (i can't
    > tell them i am doing it) the activities on a win 2k server and what
    > programs get installed on it.
    >
    > i have to give them full admin accounts and full reign over the machine,
    > but i have to find a way to inventory the programs installed and track what
    > they install. the machine in phisically at another location. i am able to
    > connect to it and manipulate it remotely using MS builtin services.
    >
    > i was thinking of running baleric on the machine and then running it
    > periodically every month or so and compare the results. but wondering if
    > you guys have used a better and simpler product. i also don't have much of
    > a budget for this. a stealth feature would be handy.
    >


    How much software installation and typing can there be on that server? A
    keystroke logger? That can be set to show activity at various levels and
    e-mail you the results.

    Belarc does a pretty good job of inventoring the software.

    g-w
    zz, May 26, 2004
    #2
    1. Advertising

  3. Secure Lockdown

    Martin Guest

    "Secure Lockdown" <> wrote in message
    news:Xns94F4F295028A4securelockdown2123@66.185.95.104...
    > i am in a situation where i have been asked to passively monitor (i can't
    > tell them i am doing it) the activities on a win 2k server and what
    > programs get installed on it.
    >
    > i have to give them full admin accounts and full reign over the machine,
    > but i have to find a way to inventory the programs installed and track

    what
    > they install. the machine in phisically at another location. i am able to
    > connect to it and manipulate it remotely using MS builtin services.
    >
    > i was thinking of running baleric on the machine and then running it
    > periodically every month or so and compare the results. but wondering if
    > you guys have used a better and simpler product. i also don't have much of
    > a budget for this. a stealth feature would be handy.


    have you thought about Aida32? Aida shut down, but it looks like similar
    software is available from http://www.lavalys.com
    >
    > --
    > Secure Lockdown
    >
    Martin, May 26, 2004
    #3
  4. Secure Lockdown

    johns Guest


    > a budget for this. a stealth feature would be handy.


    Gee you freaking Commissar! Why can't you be
    straight up and simply tell them you are monitoring
    operations on that machine? First of all, you jerk,
    you don't need any extra software to do that, and
    second of all ( you immature writer of "i" ), who do
    you think you are fooling ! ANY Windows machine
    can be monitored from a distant machine, and that
    has been built in for years. So, what exactly are you
    up to ?

    johns
    johns, May 26, 2004
    #4
  5. Secure Lockdown

    *Vanguard* Guest

    Secure Lockdown said in
    news:Xns94F4F295028A4securelockdown2123@66.185.95.104:
    > i am in a situation where i have been asked to passively monitor (i
    > can't tell them i am doing it) the activities on a win 2k server and
    > what programs get installed on it.
    >
    > i have to give them full admin accounts and full reign over the
    > machine, but i have to find a way to inventory the programs installed
    > and track what they install. the machine in phisically at another
    > location. i am able to connect to it and manipulate it remotely using
    > MS builtin services.
    >
    > i was thinking of running baleric on the machine and then running it
    > periodically every month or so and compare the results. but wondering
    > if you guys have used a better and simpler product. i also don't have
    > much of a budget for this. a stealth feature would be handy.



    Who actually OWNS the machine that you intend to spy on?
    *Vanguard*, May 27, 2004
    #5
  6. "johns" <> wrote in news:c92nuk$s0s$1
    @kestrel.csrv.uidaho.edu:


    <drivvel snipped>

    > So, what exactly are you
    > up to ?
    >
    > johns


    just need an audit trail of software installed on the server. a before and
    an after picture. a key logger is not an option. i do not want to capture
    data input.

    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, May 28, 2004
    #6
  7. "*Vanguard*" <> wrote in news:Gcdtc.1152
    $eY2.226@attbi_s02:

    > Who actually OWNS the machine that you intend to spy on?
    >


    they do but we paid for it. does that make any sense?

    as stated in other post. i don't want to use a key logger. the data input
    is confidential and i don't want to see it.

    i just need a program inventory audit trail on a regular basis. the support
    agreement states that they will not install non-approved software otherwise
    we will not support it. i don't think i can enforce it anyways, but at
    least i will have some sort of proof that they voided the agreement.

    baleric is good. but i don't think i can run it remotely via command line,
    can i? i tested the free ver. on a test box, it leaves a lot of junk.

    --
    Secure Lockdown
    Secure Lockdown, May 28, 2004
    #7
  8. Secure Lockdown <> wrote in
    news:Xns94F6CCE41A2F9securelockdown2123@66.185.95.104:

    > "johns" <> wrote in news:c92nuk$s0s$1
    > @kestrel.csrv.uidaho.edu:
    >
    >
    > <drivvel snipped>
    >
    >> So, what exactly are you
    >> up to ?
    >>
    >> johns

    >
    > just need an audit trail of software installed on the server. a before
    > and an after picture. a key logger is not an option. i do not want to
    > capture data input.
    >


    p.s. johns, you gotta loosen up, dude. you keep that up and you will give
    yourself a heart attack at a young age. :)

    --
    Secure Lockdown
    Secure Lockdown, May 28, 2004
    #8
  9. zz <> wrote in
    news:N8%sc.13279$:

    > Secure Lockdown wrote:
    >> i am in a situation where i have been asked to passively monitor (i
    >> can't tell them i am doing it) the activities on a win 2k server and
    >> what programs get installed on it.
    >>
    >> i have to give them full admin accounts and full reign over the
    >> machine, but i have to find a way to inventory the programs installed
    >> and track what they install. the machine in phisically at another
    >> location. i am able to connect to it and manipulate it remotely using
    >> MS builtin services.
    >>
    >> i was thinking of running baleric on the machine and then running it
    >> periodically every month or so and compare the results. but wondering
    >> if you guys have used a better and simpler product. i also don't have
    >> much of a budget for this. a stealth feature would be handy.
    >>

    >
    > How much software installation and typing can there be on that server?
    > A keystroke logger? That can be set to show activity at various levels
    > and e-mail you the results.
    >
    > Belarc does a pretty good job of inventoring the software.
    >
    > g-w


    no keyloggers allowed. :)

    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, May 28, 2004
    #9
  10. "Martin" <> wrote in news:c92aeb$avq$1
    @hercules.btinternet.com:

    > have you thought about Aida32? Aida shut down, but it looks like similar
    > software is available from http://www.lavalys.com


    thaks, i will look into it.

    --
    Secure Lockdown
    Secure Lockdown, May 28, 2004
    #10
  11. Secure Lockdown

    zz Guest

    Secure Lockdown wrote:

    > zz <> wrote in
    > news:N8%sc.13279$:
    >
    >
    >>Secure Lockdown wrote:
    >>
    >>>i am in a situation where i have been asked to passively monitor (i
    >>>can't tell them i am doing it) the activities on a win 2k server and
    >>>what programs get installed on it.
    >>>
    >>>i have to give them full admin accounts and full reign over the
    >>>machine, but i have to find a way to inventory the programs installed
    >>>and track what they install. the machine in phisically at another
    >>>location. i am able to connect to it and manipulate it remotely using
    >>>MS builtin services.
    >>>
    >>>i was thinking of running baleric on the machine and then running it
    >>>periodically every month or so and compare the results. but wondering
    >>>if you guys have used a better and simpler product. i also don't have
    >>>much of a budget for this. a stealth feature would be handy.
    >>>

    >>
    >>How much software installation and typing can there be on that server?
    >>A keystroke logger? That can be set to show activity at various levels
    >>and e-mail you the results.
    >>
    >>Belarc does a pretty good job of inventoring the software.
    >>
    >>g-w

    >
    >
    > no keyloggers allowed. :)
    >


    Spying software is more than keyloggers although they often are part of
    the spying software. Some keep track of file access or other things that
    might help you track changes to the computer.

    Belarc can be installed and run and then removed so no one knows it took
    an inventory. Re-install and run when needed. It usually only takes a
    couple of minutes to install and run.

    g-w
    zz, May 28, 2004
    #11
  12. zz <> wrote in news:gKvtc.15436$eH1.6877940
    @newssvr28.news.prodigy.com:


    >>
    >> no keyloggers allowed. :)
    >>

    >
    > Spying software is more than keyloggers although they often are part of
    > the spying software. Some keep track of file access or other things that
    > might help you track changes to the computer.
    >
    > Belarc can be installed and run and then removed so no one knows it took
    > an inventory. Re-install and run when needed. It usually only takes a
    > couple of minutes to install and run.
    >
    > g-w


    thanks. but, my prob is, i have to run this remotely. i can't assess the
    machine phisically.

    --
    Secure Lockdown
    Secure Lockdown, May 28, 2004
    #12
  13. Secure Lockdown

    *Vanguard* Guest

    Secure Lockdown said in
    news:Xns94F6CECB7C4Csecurelockdown2123@66.185.95.104:
    > "*Vanguard*" <> wrote in
    > news:Gcdtc.1152 $eY2.226@attbi_s02:
    >
    >> Who actually OWNS the machine that you intend to spy on?
    >>

    >
    > they do but we paid for it. does that make any sense?


    That does NOT answer the question! Doesn't matter who paid for it. It
    matters who is the OWNER! If you sold it to them at no cost to them or
    gifted it to them, THEY are the owner, not you. If you LEASED it to
    them then you are still the owner, but make damn sure they know the
    hardware and software was leased instead of sold or gifted.

    Does the sales contract or service contract actually declare that you
    are allowed to spy on their host? I really doubt it. If it is NOT in
    the sales or service contract, and if it is their property, and if you
    deliberately and covertly install spy software on that machine, even if
    just supposedly an inventory program, you may find out how quickly your
    butt will end up in court. You spying without a court order on property
    or premises not belonging to you will not only get you paying for
    settling the civil suit but also subject you to be charged in a criminal
    suit where all your records and assets can be seized during the trial.
    The State Attorney can put a company out of business pending the outcome
    of a criminal trial.

    > as stated in other post. i don't want to use a key logger. the data
    > input is confidential and i don't want to see it.
    >
    > i just need a program inventory audit trail on a regular basis. the
    > support agreement states that they will not install non-approved
    > software otherwise we will not support it. i don't think i can
    > enforce it anyways, but at least i will have some sort of proof that
    > they voided the agreement.
    >
    > baleric is good. but i don't think i can run it remotely via command
    > line, can i? i tested the free ver. on a test box, it leaves a lot of
    > junk.


    You think they cannot monitor their off-network traffic to note your
    unauthorized inbound remote access? Anything you are trying to do will
    get killed as soon as they implement a firewall. They may log all
    inbound hacker attempts, and that would include you. Any local program
    that has not been authorized to have an Internet connection would be
    viewed as a trojan. Without us knowing the conditions of transfer of
    ownership (which, apparently to you, is really a lease) then you sound
    like someone trying to hack someone else's property.

    If you paid for it but they possess it, did ownership *actually*
    transfer to them? Doesn't matter if it was a gift. Ownership is
    ownership, and once you transfer it then you don't have it anymore. Or
    did you lease the computer to them at no cost to them and you still
    retain ownership? A sale or gifting of property transfers ownership.
    Leasing does not. Sounds like you need to notify them that to enforce
    the conditions of your LEASE that you need to install inventoring
    software that will monitor what programs have been installed.

    A search at Google on, say, "software hardware inventory remote access",
    turns up lots of inventorying products. Just be damn sure WHO is the
    actual owner of the property and what was agreed upon in the contracts.
    If you don't cover your butt with some legal asbestos then expect to get
    royally reamed and burned.

    --
    ____________________________________________________________
    *** Post replies to newsgroup. Share with others.
    *** Email domain = ".com" *AND* append "=NEWS=" to Subject.
    ____________________________________________________________
    *Vanguard*, May 28, 2004
    #13
  14. "*Vanguard*" <> wrote in
    news:mrztc.2290$js4.555@attbi_s51:

    > Secure Lockdown said in
    > news:Xns94F6CECB7C4Csecurelockdown2123@66.185.95.104:
    >> "*Vanguard*" <> wrote in
    >> news:Gcdtc.1152 $eY2.226@attbi_s02:
    >>
    >>> Who actually OWNS the machine that you intend to spy on?
    >>>

    >>
    >> they do but we paid for it. does that make any sense?

    >
    > That does NOT answer the question! Doesn't matter who paid for it. It
    > matters who is the OWNER! If you sold it to them at no cost to them or
    > gifted it to them, THEY are the owner, not you. If you LEASED it to
    > them then you are still the owner, but make damn sure they know the
    > hardware and software was leased instead of sold or gifted.
    >
    > Does the sales contract or service contract actually declare that you
    > are allowed to spy on their host? I really doubt it. If it is NOT in
    > the sales or service contract, and if it is their property, and if you
    > deliberately and covertly install spy software on that machine, even if
    > just supposedly an inventory program, you may find out how quickly your
    > butt will end up in court. You spying without a court order on

    property
    > or premises not belonging to you will not only get you paying for
    > settling the civil suit but also subject you to be charged in a

    criminal
    > suit where all your records and assets can be seized during the trial.
    > The State Attorney can put a company out of business pending the

    outcome
    > of a criminal trial.
    >
    >> as stated in other post. i don't want to use a key logger. the data
    >> input is confidential and i don't want to see it.
    >>
    >> i just need a program inventory audit trail on a regular basis. the
    >> support agreement states that they will not install non-approved
    >> software otherwise we will not support it. i don't think i can
    >> enforce it anyways, but at least i will have some sort of proof that
    >> they voided the agreement.
    >>
    >> baleric is good. but i don't think i can run it remotely via command
    >> line, can i? i tested the free ver. on a test box, it leaves a lot of
    >> junk.

    >
    > You think they cannot monitor their off-network traffic to note your
    > unauthorized inbound remote access? Anything you are trying to do will
    > get killed as soon as they implement a firewall. They may log all
    > inbound hacker attempts, and that would include you. Any local program
    > that has not been authorized to have an Internet connection would be
    > viewed as a trojan. Without us knowing the conditions of transfer of
    > ownership (which, apparently to you, is really a lease) then you sound
    > like someone trying to hack someone else's property.
    >
    > If you paid for it but they possess it, did ownership *actually*
    > transfer to them? Doesn't matter if it was a gift. Ownership is
    > ownership, and once you transfer it then you don't have it anymore. Or
    > did you lease the computer to them at no cost to them and you still
    > retain ownership? A sale or gifting of property transfers ownership.
    > Leasing does not. Sounds like you need to notify them that to enforce
    > the conditions of your LEASE that you need to install inventoring
    > software that will monitor what programs have been installed.
    >
    > A search at Google on, say, "software hardware inventory remote

    access",
    > turns up lots of inventorying products. Just be damn sure WHO is the
    > actual owner of the property and what was agreed upon in the contracts.
    > If you don't cover your butt with some legal asbestos then expect to

    get
    > royally reamed and burned.
    >


    you make very good points re: ownership. i guess they do own it. running
    programs on it without their authorization would be unethical and
    considered a breach of trust.

    what i might do is just tell them i need to install a new prog, install
    baleric and not tell them what it does.
    --
    Secure Lockdown
    Secure Lockdown, May 30, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    XSPC Passive Aluminium Reservoir @ Viperlair

    Silverstrand, Aug 25, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    978
    Silverstrand
    Aug 25, 2005
  2. Michel Hoogervorst

    Disable passive ftp in Mozilla 1.4

    Michel Hoogervorst, Jul 29, 2003, in forum: Firefox
    Replies:
    0
    Views:
    7,304
    Michel Hoogervorst
    Jul 29, 2003
  3. brian

    ftp passive command

    brian, Nov 22, 2003, in forum: Cisco
    Replies:
    0
    Views:
    564
    brian
    Nov 22, 2003
  4. Matthias Fischer

    Any chance for passive FTP with this config?

    Matthias Fischer, Jan 31, 2004, in forum: Cisco
    Replies:
    0
    Views:
    617
    Matthias Fischer
    Jan 31, 2004
  5. Martial

    passive ftp on CSS 11150 fails

    Martial, Nov 24, 2004, in forum: Cisco
    Replies:
    1
    Views:
    510
    Martial
    Dec 1, 2004
Loading...

Share This Page