Re: sniffer black box
From: Nosnos (nosnos94_at__NO_wanadoo_SPAM_.fr)
Date: 10/30/03
- Previous message: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
- In reply to: Peter Eberz: "Re: sniffer black box"
- Next in thread: Nico Kadel-Garcia: "Re: sniffer black box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 10:11:16 +0100
> Hello,
> beside the technical posibilities of doing so you should consider as well
> your local law on this topic before ending in jail. The regulations are
> different from country to country and I am not an expert on it at all. The
> legal regulations normaly limit what you are allowed to do and if you are
> allowed to collect the date how long are you allowed to store it. Further,
> normaly the employees must be informed that such a sniffer exists on the
> network. Just to lay out a few cases to make it clear how sensitive this
Yes, my Boss tell me that before installing the black box, every employees
will be informed of the system, and must sign up a paper (a charter) in
which are specify that the company's network must not be using for personal
usage.
> topic is:
> One of your colleags is sending an email to his doctor. You are not
> suppost to read that nor to store this in a database where maybe someone
> else can read it as well.
Yes, it is not planned to store the contains of mail or of files downloaded.
The box will just store at least the source (IP or hostname) and the
destination (url, IP, hostname), the protocol ... and maybe other
informations (that the law permit).
> When you are going to log smtp traffic I don't now if you are allowed to
> read the emails of your boss? If you use secured smtp there is no
> information to retrieve at all except that someone sends an email.
> An other issue is the security of that sniffer machine that stores all
> this sensible informations. You have to secure it very well that nobody
> else gets access to the collected data.
Yes it is very critique to have a secure environment ...
>
> Depending on what kind of problems you are facing there might be better
> and easier solutions.
> - If there is access to internet services that are not related to work.
> (eDonkey,..)
> Block traffic to these ports on the firewall.
Yes, but our goal is just loging traffic and securing our own box, security
of the network is for the admnistrator
> - If a single user is utilizing all the bandwidth from your external
> connection.
> Use a packet shaper or any other way of bandwidth control.
> - Access to non work related websites.
> Create a simple log which contains just date,time,local computer, user
> name and the URL. Make an internal agreement inside your company that this
> list will be published on your intranet and can be viewed by everyone.
Yes ;))
> Use a Proxy to do further filtering.
Just a question that is coming to my mind : to filter all the traffic with a
sniffer, must we installed a proxy and configure it to redirect all the
traffic toward the proxy ?
This method will be a little harder to do
>
>
> Bye,
> Peter
>
- Previous message: Skybuck Flying: "Re: without selecting the right interface communication won't work ?"
- In reply to: Peter Eberz: "Re: sniffer black box"
- Next in thread: Nico Kadel-Garcia: "Re: sniffer black box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
