Re: Ethereal Capture Decoding
From:Date: 10/24/02
- Previous message: : "Re: Ethereal Capture Decoding"
- In reply to: : "Re: Ethereal Capture Decoding"
- Next in thread: Ed: "Re: Ethereal Capture Decoding"
- Reply: Ed: "Re: Ethereal Capture Decoding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Oct 2002 17:13:45 -0700
On Wed, 23 Oct 2002 13:43:40 -0500, Ed <ednot@home.net> wrote:
>In article <k0hdrus9ue454m4p31n0hnv5ictq1u1dc1@4ax.com>,
>chris@nospam.com says...
>> On Wed, 23 Oct 2002 01:02:14 -0500, Ed <ednot@home.net> wrote:
>>
>> >Hello All!!
>> >
>> >We are using Ethereal to monitor our network. This is in the context of
>> >a very clear corporate policy of no privacy, no pornography on the
>> >corporate network. My employer was recently wacked with a sexual
>> >harassment complaint because a manager was showing less than tasteful
>> >jpegs to one of his female subordinates. Hence, the strict and very
>> >clear policy.
>> >
>> >In any case, I've been roped into random checks to make sure everybody
>> >is complying with the new policy. I'm able to rebuild web pages that
>> >have been visited but the owner would like to take it a step further and
>> >actually view any jpegs or other files that were downloaded from web
>> >sites. While I'm able to capture the data stream using the Follow TCP
>> >Stream command, I don't have any clue as to how to convert the stream
>> >into an actual jpg or gif or whatever file. Any help or pointers would
>> >be very much appreciated.
>> >
>> >TIA
>> >Ed
>>
>> If you're employer is serious, then push to buy some software
>> dedicated to this purpose. There are many packages that will monitor
>> and block sites. Capturing the sessions is a feature of some.
>>
>> Buying software will be cheaper in the long run, when you consider
>> your time spent sniffing data streams and the potential for a law
>> suit. Random monitoring may not be an adequate defense in a law
>> suite. Plus to fire someone you need a good log file (btdt).
>>
>Good point!!! I'll put that to them. Any suggestions on the software?
>Personally, I'm not thrilled about pouring through other people's crap
>but the company did get blasted and if they don't do anything about it
>after this has come to their attention the next one would probaably put
>them out of business. They want to be fair. The policy is clear and they
>want clear evidence (the actual photo download) before they fire
>anybody.
>
>Best regards,
>Ed
I demo'd a bunch of different software when we were having the
"problem". Since then, our Corporate office has taken over the
monitoring at the proxy server and some IDS monitoring beyond that.
http://www.websense.com (free 30-day trial)
http://www.securitysoft.com/csn_bus.html.
You can find more searching on Google. You'll also probably find the
really good packages are pricey (over $5k). Most have (or will send
if you ask) demo versions you can setup and show to your employer.
- Next message: davide@yahoo.com: "Re: Which is more secure XP or W2K Pro?"
- Previous message: : "Re: Ethereal Capture Decoding"
- In reply to: : "Re: Ethereal Capture Decoding"
- Next in thread: Ed: "Re: Ethereal Capture Decoding"
- Reply: Ed: "Re: Ethereal Capture Decoding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
