GFI LANguard System Integrity Monitor
August 01, 2003
GFI Software USA, Inc.Product:
- Ease of Use:
- Value for Money:
- Overall Rating:
Supports only Windows 2000/XP, and does not actively prevent changes.
A good basic tool for monitoring and alerting on unauthorized changes to selected files.
GFI LANguard System Integrity Monitor (SIM) detects whether files have been changed on a Windows 2000/XP system. It identifies exactly which files have been changed, making it easy to restore the system to its original state, although it does not provide any utility for automatic recovery - you have to have secured original copies of these files elsewhere.
SIM may be configured to watch any files of your choice, including operating system files. It works by computing an MD5 checksum for each file to be monitored. These checksums are then stored in a database for comparison with checksums generated later. MD5 checksums are computed again at scheduled intervals and compared with the stored values.
If a changed file is detected, an email is sent automatically to the system administrator. Besides scanning individual files, it can also be configured to scan folders, in which case it can scan the folder and all its contents for changes and/or detect added, deleted, or renamed files.
Installation is straightforward and creates a default scan job, which monitors key Windows system files. This default job may be modified in any way to suit your particular requirements, including customising the email alert message, changing the schedule, and selecting more files to be watched. You can also create other (multiple) scan jobs, each with a different schedule. Each scan job can be configured to send email alerts to different administrators, if required.
The alerts give full details of the change detected - it is not necessary to refer to a system log to obtain all the information required to reverse the unauthorised changes made. However, SIM itself is tamperproof because it also logs all changes to an undeletable file called the Windows Security Event Log, which is available for later analysis. For this purpose, integration is provided with GFI LANguard Security Event Log Monitor (SELM), which is an optional extra-cost program for managing multiple installations of SIM centrally. SELM also categorizes the changes detected by how serious they are. It has some additional functionality that detects failed unauthorized access attempts, admin logons outside normal hours and other suspicious activity.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator