DeviceLock provides the capability to audit and shadow copy
data/file transfers via different protocols. Also, you can enable
alerts that are sent when a specific user attempts to access a
specific protocol.
For auditing and shadow copying at the transport level,
DeviceLock uses two types of logging: Audit Logs and Shadow Logs.
The Audit Log is used to audit access to protocols and track what
individual users do. Audit data can be written to the Windows Event
Log, to the DeviceLock proprietary log, or both. To define what log
should be used, set the Audit log type parameter in Service
Options. To view audit log data, use either DeviceLock Service
Audit Log Viewer or DeviceLock Enterprise Server Audit Log
Viewer.
The Shadow Log is used to store a full copy of data/files
transferred via specified protocols. To view shadow log data, use
either DeviceLock Service Shadow Log Viewer or DeviceLock
Enterprise Server Shadow Log Viewer.
Auditing, shadow copying of data transferred via specified
protocols and alert notifications are enabled by defining audit,
shadowing and alerts rules. Each rule associated with a protocol
specifies users or groups the rule applies to and appropriate
audit/shadowing/alerts rights which determine which user actions to
audit/shadow copy and which events will trigger alert
notifications.
You can specify the following audit, shadowing and alerts
rights (alerts rights are exactly the same as audit rights):
- File Sharing:
Audit: Connection Enables
audit logging of user attempts to connect to a file sharing
site.
Audit: Incoming Files
Enables audit logging of user attempts to download a file from a
file sharing site.
Audit: POST Requests Enables
audit logging of user attempts to submit Web form data, such as
user comments to specific files.
Audit: Outgoing Files
Enables audit logging of user attempts to upload a file to a file
sharing site.
Shadowing: Incoming Files
Enables shadow copying of files downloaded from a file sharing
site.
Shadowing: POST Requests
Enables shadow copying of data (user comments to specific files)
entered into Web forms.
Shadowing: Outgoing Files
Enables shadow copying of files uploaded to a file sharing
site.
- FTP:
Audit: Connection Enables
audit logging of user attempts to connect to an FTP
site.
Audit: Incoming Files
Enables audit logging of user attempts to download a file from an
FTP site.
Audit: Outgoing Files
Enables audit logging of user attempts to upload a file to an FTP
site.
Shadowing: Incoming Files
Enables shadow copying of files downloaded from an FTP site.
Shadowing: Outgoing Files
Enables shadow copying of files uploaded to an FTP site.
- HTTP:
Audit: Connection Enables
audit logging of user attempts to open a web page. NOTE: When
this right is enabled, numerous Connection events are recorded in
the Audit Log each time a user attempts to open a web page. This
happens because a web page often requests resources (such as
images, scripts, etc.) from other hosts.
Audit: Incoming Data Enables
audit logging of web pages and objects on web pages: scripts, Flash
files (up to 1.5 MB in size), images (up to 512 KB in size), text
(up to 200 KB in size), etc.
Audit: Incoming Files
Enables audit logging of user attempts to download a file from a
Web site.
Audit: Outgoing Data The
Outgoing Data content type contains no data. This right enables
audit logging of blocked user attempts to open a web page, if the
Audit Denied option is set for the protocol.
Audit: POST Requests Enables
audit logging of user attempts to submit Web form data to a Web
site.
Audit: Outgoing Files
Enables audit logging of user attempts to upload a file to a Web
site.
Shadowing: Incoming Data
Enables shadow copying of web pages and objects on web pages:
scripts, Flash files (up to 1.5 MB in size), images (up to 512 KB
in size), text (up to 200 KB in size), etc.
Shadowing: Incoming Files
Enables shadow copying of files downloaded from a Web site.
Shadowing: Outgoing Data
This right has no impact on shadow copying.
Shadowing: POST Requests
Enables shadow copying of data entered into Web forms.
Shadowing: Outgoing Files
Enables shadow copying of files uploaded to a Web site.
- ICQ/AOL Messenger:
Audit: Connection Enables
audit logging of user attempts to connect to the ICQ and AOL
Instant Messenger server.
Audit: Incoming Messages,
Outgoing Messages Enables audit logging of user attempts to
send and receive instant messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
- IRC:
Audit: Connection Enables
audit logging of user attempts to connect to an IRC server.
Audit: Incoming Messages,
Outgoing Messages Enables audit logging of user attempts to
send and receive instant messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
- Jabber:
Audit: Connection Enables
audit logging of user attempts to connect to a Jabber
server.
Audit: Incoming Messages,
Outgoing Messages Enables audit logging of user attempts to
send and receive instant messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
- Mail.ru Agent:
Audit: Connection Enables
audit logging of user attempts to connect Mail.ru Agent to the
Mail.ru server.
Audit: Incoming Messages,
Outgoing Messages Enables audit logging of user attempts to
send and receive instant messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
- MAPI:
Audit: Connection Enables
audit logging of user attempts to connect the Outlook client to
Microsoft Exchange Server.
Audit: Incoming Messages,Incoming Files Enables audit logging of user attempts to
receive an e-mail message with or without attachments from
Microsoft Exchange Server to the Outlook client.
Audit: Outgoing Messages,
Outgoing Files Enables audit logging of user attempts to send
an e-mail message with or without attachments from the Outlook
client to Microsoft Exchange Server.
Shadowing: Incoming Messages,
Incoming Files Enables shadow copying of received e-mail
messages with or without attachments.
Shadowing: Outgoing Messages,
Outgoing Files Enables shadow copying of sent e-mail messages
with or without attachments.
- Skype:
Audit: Connection Enables
audit logging of user attempts to sign in to a Skype
account.
Audit: Incoming Calls
Enables audit logging of user attempts to receive calls.
Audit: Incoming Messages
Enables audit logging of user attempts to receive instant
messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Calls
Enables audit logging of user attempts to make calls.
Audit: Outgoing Messages
Enables audit logging of user attempts to send instant
messages.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
- SMB:
Audit: Connection Enables
audit logging of user attempts to access a shared resource on an
SMB server. Also, it enables audit logging of attempts from
external computers to access a local shared resource on the
computer where DeviceLock Service runs.
Audit: Incoming Files
Enables audit logging of user attempts to download a file from an
SMB server. Also, it enables audit logging of attempts from
external computers to upload a file to a local shared resource on
the computer where DeviceLock Service runs.
Audit: Outgoing Files
Enables audit logging of user attempts to upload a file to an SMB
server. Also, it enables audit logging of attempts from external
computers to download a file from a local shared resource on the
computer where DeviceLock Service runs.
Shadowing: Incoming Files
Enables shadow copying of files downloaded from an SMB server.
Also, it enables shadow copying of files uploaded from external
computers to a local shared resource on the computer where
DeviceLock Service runs.
Shadowing: Outgoing Files
Enables shadow copying of files uploaded to an SMB server. Also, it
enables shadow copying of files downloaded to external computers
from a local shared resource on the computer where DeviceLock
Service runs.
- SMTP:
Audit: Connection Enables
audit logging of user attempts to connect to an SMTP server.
Audit: Outgoing Messages,
Outgoing Files Enables audit logging of user attempts to
send an e-mail message with or without attachments.
Shadowing: Outgoing
Messages, Outgoing Files Enables shadow copying of sent
e-mail messages with or without attachments.
- Social Networks:
Audit: Connection Enables
audit logging of user attempts to connect to a social networking
site.
Audit: Outgoing Messages
Enables audit logging of user attempts to send messages, comments,
posts, etc.
Audit: Outgoing Files
Enables audit logging of user attempts to upload media and file
content to a social networking site.
Shadowing: Outgoing Messages
Enables shadow copying of sent messages, comments, posts,
etc.
Shadowing: Outgoing Files
Enables shadow copying of files uploaded to a social networking
site.
- Telnet:
Audit: Connection Enables
audit logging of user attempts to connect to a Telnet
server.
- Web Mail:
Audit: Connection Enables
audit logging of user attempts to access Webmail.
Audit: Outgoing Messages,
Outgoing Files Enables audit logging of user attempts to
send an e-mail message with or without attachments.
Shadowing: Outgoing
Messages, Outgoing Files Enables shadow copying of sent
e-mail messages with or without attachments. NOTE: Webmail
services automatically save drafts of messages. DeviceLock handles
saving a draft as sending a message.
- Windows Messenger:
Audit: Connection Enables
audit logging of user attempts to connect to the Windows Messenger
server.
Audit: Incoming Messages,
Outgoing Messages Enables audit logging of user attempts to
send and receive instant messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
- Yahoo Messenger:
Audit: Connection Enables
audit logging of user attempts to connect to the Yahoo Messenger
server.
Audit: Incoming Messages,
Outgoing Messages Enables audit logging of user attempts to
send and receive instant messages.
Audit: Incoming Files
Enables audit logging of user attempts to receive a file.
Audit: Outgoing Files
Enables audit logging of user attempts to send a file.
Shadowing: Incoming Messages
Enables shadow copying of received instant messages.
Shadowing: Incoming Files
Enables shadow copying of received files.
Shadowing: Outgoing Messages
Enables shadow copying of sent instant messages.
Shadowing: Outgoing Files
Enables shadow copying of sent files.
To define the default audit and shadowing rules
1. In the upper-left area of the dialog box,
specify which events are written to the Audit Log. Select the
Audit Allowed check box to audit successful attempts to gain
access to a protocol. Select the Audit Denied check box to
audit unsuccessful attempts to gain access to a protocol.
2. In the upper-left pane of the dialog box, under
Users, click Set Default. The default audit and
shadowing rules apply to the Users and Everyone groups.
To define audit, shadowing and alerts rules for an
additional user or group
1. In the upper-left area of the dialog box,
specify which events are written to the Audit Log. Select the
Audit Allowed check box to audit successful attempts to gain
access to a protocol. Select the Audit Denied check box to
audit unsuccessful attempts to gain access to a protocol. To enable
notification of successful and/or failed attempts to access a
protocol, check Alert Allowed and/or Alert Denied.
All these flags are not linked to users/groups, they are related to
a whole protocol.
DeviceLock sends alerts on the basis of
alert settings. Before enabling alerts for specific events, you
must configure alert settings in Service Options.
2. In the upper-left pane of the dialog box, under
Users, click Add. The Select Users or Groups
dialog box appears.
3. In the Select Users or Groups dialog box,
in the Enter the object names to select box, type the name
of the user or group, and then click OK. The users and
groups that you added are displayed under Users in the
upper-left pane of the Auditing, Shadowing & Alerts
dialog box.
4. In the upper-left pane of the Auditing,
Shadowing & Alerts dialog box, under Users, select
the user or group. You can select multiple users or groups by
holding down the SHIFT key or the CTRL key while clicking
them.
5. In the lower-left pane of the Auditing,
Shadowing & Alerts dialog box, under User's Rights,
select either Allow or Deny to directly allow or deny
the appropriate rights.
In the right pane of the Auditing,
Shadowing & Alerts dialog box, you can specify days and hours
(for example, from 7 AM to 5 PM Monday through Friday) when the
rule for the selected user or group will or will not be active. Use
the left mouse button to select days and hours when the rule is
active (active time). Use the right mouse button to mark days and
hours when the rule is not active (inactive time).