|
1. |
Are there any differences
in tracking changes if the application is web enabled? |
|
| |
Since SecurTrac™
is running on server side and hooked to the Domino core. SecurTrac™
is only concerned about database updates, regardless if the changes are
coming from Web or Notes clients. The same is true for Mail Monitoring.
SecurTrac™ can log the mail no matter if it is sent from a Notes
client, web browser or SMTP client (Outlook). |
| |
|
|
2. |
Can you have multiple configuration
documents (monitors) for the same database? |
|
| |
Yes, you can have multiple
monitors monitoring different actions. For example, if you want to log
Open, Update, Delete and Create actions, but you don't want to get notified
on any Open actions, you can configure two monitors. The first monitor
will be logging all open activities to the document. The second monitor
will log all update, delete and create actions and it can be configured
to notify you of these actions.
|
| |
Config1: Open -> Log only
Config2: Update, Delete and Create -> Log and Notify
|
|
| |
|
|
3.
|
How does SecurTrac™
secure itself? |
|
| |
The SecurTrac™ log and configuration databases
are designed to be protected by Domino security. The database will be
strictly controlled to be accessed by authorized parties only. This can
be easily implemented by proper setting of the Log database ACL. In addition,
the access of the SecurTrac™ Log and Configuration databases can
also be monitored by SecurTrac™ itself.
You can create the following two database monitors to prevent granted
users from illegally modifying/deleting the logs and monitors.
|
| |
1) Monitor database "SecurTrac\Sctcfg.nsf"
Actions: create/update/delete/design/ACL
Set the following formula for the Criteria to Match
Form != "FLogCollectorSetupDoc"
** Anybody did any update in the database will be logged.
2) Monitor database "SecurTrac\Sctlog.nsf"
Actions: delete/design/ACL (**NO create, or it will be in a
loop!!)
|
|
| |
Even the administrator can’t change
the log file without an entry being recorded.
The Administrator can change the design of the log database, but that action
will be recorded as well. |
| |
|
|
4. |
How does SecurTrac™
handle replication? |
|
| |
There are two types
of replication, client to server and server to server.
Case A: Client to Server
Suppose that the user has a replica of database on his mobile notebook
and replicate with the server. SecurTrac™ will record a list of
actions:
|
| |
- Open: Documents pulled from server
to workstation (So, we know what documents were retrieved by
user)
- Update: Document updates pushed from workstation to server
(So, we know what documents were updated by the user)
- Delete: Document deletions pushed from workstation to server
(So, we know what documents were deleted by the user)
- Create: Document creations pushed from workstation to server
(So, we know what documents were created by the user)
In the Log,
Initiator = User Name, Action time = Time of Replication
|
|
| |
Note: Since SecurTrac™ is monitored
on server side, so all the logs are based on the change of server database
copy. |
| |
|
| |
Case B: Server to Server
Suppose there are two servers, say Server A and Server B. The user changed
documents in the database replica on Server A and then the database was
synchronized between Server A and Server B. Since the changes were made
directly in database on Server A, so SecurTrac™ would log exactly
what had happened (Open, Update, Delete and Create). |
| |
Initiator = User Name, Action time
= Time of the Update
Last Update Person = Username, Last Update Time = Time of the
update
|
|
| |
|
| |
When the changes were replicated from Server
A to Server B, SecurTrac™ will record a list of actions: |
| |
- Open: Documents pulled from server
B to Server A
- Update: Document updates pushed from Server A to server B
- Delete: Document deletions pushed from Server A to server
B
- Create: Document creations pushed from Server A to server
B
|
|
| |
In the Log, |
| |
Initiator = Server A, Action time
= Time of Replication
Last Update Person = Username, Last Update Time = Time of the
update
|
|
| |
Initiator = Server A, Action time = Time
of Replication
Last Update Person = Username, Last Update Time = Time of the update
|
| |
|
|
5. |
What server resources area
required and what is the server load? |
|
| |
SecurTrac™ requires at
least 32MB of RAM resources in addition to the memory requirement for
Domino server and at least 50MB hard disk space on the
Domino server where the software resides. There are built-in housekeeping
features that can archive the data and begin a new log. If there are a
significant number of transactions, then additional storage is required.
The server load of SecurTrac™ will depend on the number of monitors and
transactions processed. A 10% server load is typical. |
| |
|
|
6. |
How is the software licensed?
|
|
| |
SecurTrac™ is
licensed on a per server basis. There is a license key for each server
installation. |
| |
|
|
7. |
Can the reporting and alert
notifications be sent to other people besides the network administrator?
|
|
| |
SecurTrac™ permits
the logs to be viewed by specified individuals. The notifications can
also be sent to specify individuals. For example, there may a human resources
database that has a monitor configured. The alerts can be directed to
a contact in the human resources department instead of the IT administrator.
|
| |
|
|
8. |
What is the support policy?
|
|
| |
SecurTrac™ has
two maintenance plans – Maintenance and Maintenance Plus. These
plans provide web, email and phone support. Maintenance Plus includes
product upgrades Please contact us for more details on pricing and details. |
| |
|
|
9. |
Do I have to get alerts
for all events or can I prepare reports with the log information? |
|
| |
SecurTrac™ has
logs that will contain the information based on the settings in the monitors.
You do not have to enable alerts. All of the monitor information is processed
into a Notes database file. It is easy to browse through the logs to view
entries. Data can be exported into a spreadsheet or other program for
reports. There is a ready made reporting pack called
Integra for
SecurTrac which allow for summarizations of vital information and will
give you in depth analysis of the data gathered by SecurTrac. |
| |
|
|
10. |
Can I search for events
and perform hunts? |
|
| |
The SecurTrac™
log database is a Notes database thereby allowing easy searching of events. |
| |
|
|
11. |
What if I only want to track
specific criteria such as email subjects – do I have to track everything
or can I filter? |
|
| |
The monitors offer various
tabs that permit only specific items to be logged. For example, if the
ACL of a database is to be monitored, then the monitor will only log that
criteria. Often, companies want more specific items to be monitored. For
example, a company may want to monitor email that has "Confidential"
in the subject line. SecurTrac™ permits Notes formulas to be used
to filter events so as to track and alert based on the criteria formulas. |
| |
|
|
12. |
If I create detailed monitors
and I want to delete them, do I lose all my work and have to recreate later?
|
|
| |
SecurTrac™ can
easily enable or disable monitors. Perhaps a specific database is being
tracked for a period. The monitor can be enabled and then disabled, should
there no longer be a need for Tracking. All formulas and information in
the monitor are saved and available should the monitor need to be enabled
again. |
| |
|
|
13. |
If someone uses and external
editors, such as Notepad, to edit the notes.ini, what happens? |
|
| |
SecurTrac™ will
record the event and all the changes regardless of the editor being used.
An alert will be sent out should that be configured. |
| |
|
|
14. |
Can I monitor SecurTrac™
Configuration document change? |
|
| |
Yes. The SecurTrac™ Configuration document
is just one of the Domino databases on the server.
Steps:
1. Create a Database Monitor
2. Enter filename "SecurTrac\SctCfg.nsf"
3. Select the action: Create, Update and Delete
4. Set the following formula for the Criteria to Match
Form != "FLogCollectorSetupDoc"
5. Select "All fields"
6. Save and Close the document.
|
| |
|
|
15. |
Does SecurTrac™ support
Domino clustered server? |
|
| |
Yes, SecurTrac™ does
support Domino cluster environment. |
| |
|
|
16. |
Does SecurTrac™ support
partition server? |
|
| |
SecurTrac works fine on partitioned servers. But the install program or uninstall program is not partitoned servers aware.
So, for partitioned servers, you have to run the setup program for each server.
Please note that the SecurTrac program files (in Domino directory) will be over-written each time.
|
| |
|
|
17. |
What kind of administration
client does SecurTrac™ support? |
|
| |
SecurTrac™ can be administrated by:
· Lotus Notes R5/6/7/8/8.5 client |
| |
|
|
18. |
What OS platform does SecurTrac™
support? |
|
| |
SecurTrac™ currently
runs on Windows 2016/2019/2022 server, as well as Linux and AIX
servers. |
| |
|
|
19. |
What version of Domino server
does SecurTrac™ support? |
|
| |
SecurTrac™ can run on Domino server 10.x, 11.x, 12.x, 14x |
| |
|
|
20. |
Will SecurTrac™ impose
additional workload on your Domino server? |
|
| |
Yes, SecurTrac™
is similar to other server add-on modules such as anti-virus programs.
It will impose an additional workload to the server. However, SecurTrac™
is designed to be light and fast. The actual load depends on how much
information you have selected to log. |
| |
|
|
21. |
How are Adminp renames/updates
recorded by SecurTrac™? Are changes made from a server-based agent
signed by a particular user distinguishable from client updates by that
user? |
|
| |
Admin process activity is recorded as a server activity.
The initiator field in the SecurTrac™ log will display the server
id.
If a scheduled agent
is run from the server, SecurTrac™ will log the activity as a server
action, as specified in initiator field in the SecurTrac™ . The
log entry will display the server id.
If the scheduled agent is
run from the server but signed by a user id, SecurTrac™ will log
the action as a user action. The initiator field in the SecurTrac™
log will show the user id that signed the scheduled agent.
|
| |
|
|
22. |
Can alerts be sent via a
means other than e-mails? |
|
| |
Since SecurTrac™ is running on Domino
server, Domino server add-ons can be configured to send SMS or page to the
administrator if any suspicious activities occur. Extracomm's ExtraFax can
provides real time SMS notification. |
| |
|
|
23. |
Is a DSAPI filter used in SecurTrac? |
|
| |
Yes, SecurTrac introduced DSAPI filter since 2.4 to log IP address of the remote web browser client. |
| |
|