Audit script that upon a recognized event, sends notifications to given email address with the relevant alert.
The script is run thru an interface using the continuum portal (https://www.continuum.net/) , to a series of customers who have Windows computers. Access to this portal will be provided.
The script will leave a text file (xml is fine) that holds local configuration data. No encrypted data on the local machine is permitted.
Audit of the Desktop & Laptop Computer Systems including:
- Usage of computers outside normal business hours (custom per practice timeframes)
- Unauthorized access attempts (as recorded in the system logs)
- Listing of when external hard drives are attached and if they are secure
- Encryption confirmation of hard drive
- Device relocation (stolen, etc) thru network interface monitoring
- Configuration change to each computer system
The script sends two types of alerts:
- Notice – based on business logic in our service, a notice is sent if an audit is slightly outside of the boundary.
- Warning – This is a concern that will require the attention of the compliance officer. These are compiled and emailed to the compliance officer weekly, or daily based on severity.
User Login timeframes:
- If a computer log shows USER login after 5pm and before 8pm weekdays, a NOTICE is generated.
- If a computer log shows USER login after 8pm and before 7am weekdays, a WARNING is generated.
Unauthorized access attempts
- Logs are scanned for 3 or more attempts to access within a 15 minute period. If 3 or more are detected, a NOTICE is generated.
- If 5 or more are detected, a WARNING is generated.
External Hard Drive
- Attaching of any external hard drive or USB will generate a NOTICE
- Attaching of any external hard drive or USB that is NOT encrypted will generate a WARNING
- If the computer changes the last octet of the IP address (possibly moved in the building), a NOTICE is generated.
- If the computer changes the IP more substantially, the SNM or the Gateway, a WARNING is generated.