Re: [fw-wiz] Traffic Monitoring
From: Rama krishna prasad (rkp_at_intotoinc.com)
To: Zahid Ahmad Khan <firstname.lastname@example.org> Date: Wed, 07 May 2003 09:14:27 +0530
If the customer is paranoid about Employees cheating them, not only
Email traffic to be checked, but also web based emails (Note that
web based emails don't follow SMTP, POP3, IMAP protocols) are to
be checked. FTP access to outside world has to be checked and http
traffic going to outside world also to be checked etc..
Zahid Ahmad Khan wrote:
>A research organization has asked me to look at an interesting
>situation. They are paranoid about pilferage of research work and want
>to monitor and log all email traffic (Vectors and contents of POP, SMTP
>& IMAP). They require the following:
>1) Log all in and out bound emails (All employees have been duly
>informed of the fact).
>2) Generate email vector logs.
>3) Flag and stop any email with unauthorized contents.
>4) Only interested in traffic on the WAN and Internet interface (E-1,
>E-3, OC-3, POS)
>5) Do not want to log or see any internal traffic which might be contain
>sensitive R&D info.
>I was thinking of putting together a system using pcap for capturing
>traffic and using/developing an analysis reporting engine. Due to the
>urgency of client requirements, I will appreciate if anyone could let me
>know of any good analysis and reporting tools/systems or even a complete
>monitoring system. At this moment I am open any inputs regarding
>commercial as well as open source tools/products.
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.476 / Virus Database: 273 - Release Date: 4/24/2003
>firewall-wizards mailing list
firewall-wizards mailing list