Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Auditing of Samba activity and SOX

from [Peter . McLarty] Network Security [Permanent Link]
Subject: Auditing of Samba activity and SOX
Date: Thu, 3 Feb 2005 13:49:03 +0930 
Hi
I am having some discussions with a client about a solution to access 
reports on a Unix server and our proposal is and has been in the past for 
our customers  to use Samba to do this. Some of the trouble comes from the 
big 4 consulting house which is there SOX auditor
This customer is balking  due to their organisation having to be SOX 
compliant. 
The complaint is that a user could view or edit a sensitive file /report 
and as Samba has no capability to audit all the users activity and on the 
face of it this is a somewhat valid argument.

Obviously other organisations are SOX compliant and using Samba so there 
has to be a solution. My initial thought is to use Unix auditing  by 
enabling the HP-UX trusted computing.

How have other organisations been able to meet SOX with Samba servers


Cheers

Peter 





-- 
This transmission is for the intended addressee only and is confidential 
information. If you have received this transmission in error, please notify the 
sender and delete the transmission. The contents of this e-mail are the opinion 
of the writer only and are not endorsed by the Mincom Group of companies unless 
expressly stated otherwise.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: app to create large files so I can check traffic at the firewall, Nazareno Vicente Feito
Next by Date:  Re: Need secure firewall for SOHO, Rob Creely
Previous by Thread:  Fwd: Need secure firewall for SOHO - Sender is forged (SPF Fail), John Gisler
Next by Thread:  Re: Auditing of Samba activity and SOX, Joachim Schipper
Indexes:  [Date] [Thread] [Top] [All Lists]