[fw-wiz] Traffic Monitoring

From: Zahid Ahmad Khan (zahid_at_expertsystems.net)
Date: 05/06/03

  • Next message: Strydom, Willie: "[fw-wiz] PIX 520 not booting"
    To: <firewall-wizards@nfr.com>
    Date: Tue, 6 May 2003 09:54:13 +0500

    A research organization has asked me to look at an interesting
    situation. They are paranoid about pilferage of research work and want
    to monitor and log all email traffic (Vectors and contents of POP, SMTP
    & IMAP). They require the following:
    1) Log all in and out bound emails (All employees have been duly
    informed of the fact).
    2) Generate email vector logs.
    3) Flag and stop any email with unauthorized contents.
    4) Only interested in traffic on the WAN and Internet interface (E-1,
    E-3, OC-3, POS)
    5) Do not want to log or see any internal traffic which might be contain
    sensitive R&D info.
    I was thinking of putting together a system using pcap for capturing
    traffic and using/developing an analysis reporting engine. Due to the
    urgency of client requirements, I will appreciate if anyone could let me
    know of any good analysis and reporting tools/systems or even a complete
    monitoring system. At this moment I am open any inputs regarding
    commercial as well as open source tools/products.

    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.476 / Virus Database: 273 - Release Date: 4/24/2003
    firewall-wizards mailing list

  • Next message: Strydom, Willie: "[fw-wiz] PIX 520 not booting"