Security Basics mailing list archives
Re: Linux or Unix distribution for network sniffing
From: John Morrison <john.morrison101 () gmail com>
Date: Fri, 25 Jun 2010 14:05:40 +0100
Apologies that does look like a "sales guy" kind of thing to say, now I reread it. Hristiyan says "We have a proxy which is dealing with our HTTP traffic but some people are playing smart trying to use some anonymizers to access restricted websites." To me what he wants to do is not best achieved by sniffing the packets and spending, potentially, hundreds of hours reviewing the data and then trying to present it to management to act on. IMHO he would be better off with a solution that is designed for this purpose. Squid and lists from squid guard may be enough if Hristiyan wants to block, but monitoring and reporting is another matter. There are many products, including DLP products, from a variety of sources including all the big names (Symantec, McAfee, Novell, etc.) that all require investment in other products to gain the most from them. My suggestion was intended to get Hristiyan to think of a solution in a different direction, rather than get stuck in the "if all you have is a hammer all problems begin to look like nails" rut. My suggestion of WebSense was due to my familiarity with the product. I know it does what I suggested might be a better solution. If we continue the thread down this track does anyone have experience of Open Source products that may provide a solution? On 24 June 2010 15:47, <jcoyle () winwholesale com> wrote:
sales guy... From: John Morrison <john.morrison101 () gmail com> To: Hristiyan Lazarov <hristiyan.lazarov () gmail com> Cc: security-basics () securityfocus com Date: 06/24/2010 10:46 AM Subject: Re: Linux or Unix distribution for network sniffing Sent by: listbounce () securityfocus com Hristiyan, You could try a using some of the products from a company like WebSense. Their web protection product can be found here: http://www.websense.com/content/WebSecurityOverview.aspx It can make a record of each page visited by each user for reporting purposes and can block undesirable sites and anonymisers. On 22 June 2010 10:12, Hristiyan Lazarov <hristiyan.lazarov () gmail com> wrote:Hello, I'm new to this mail list so lets first introduce myself - my name is Hristiyan Lazarov and I'm currently working as an Enterprise Security Specialist for a UK based company. I'm looking to implement in our organisation *NIX based network sniffer. Basically, I want to trace and record every single packet that is coming to, or going out from my network. We are working with sensitive information, that's why my employer want me to record the traffic at least 1 month back. We have a proxy which is dealing with our HTTP traffic but some people are playing smart trying to use some anonymizers to access restricted websites. Any suggestions would be greatly appreciated. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs anSSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ********************************************************************************************* This email message and any attachments is for use only by the named addressee(s) and may contain confidential, privileged and/or proprietary information. If you have received this message in error, please immediately notify the sender and delete and destroy the message and all copies. All unauthorized direct or indirect use or disclosure of this message is strictly prohibited. No right to confidentiality or privilege is waived or lost by any error in transmission. *********************************************************************************************
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Linux or Unix distribution for network sniffing Hristiyan Lazarov (Jun 23)
- Re: Linux or Unix distribution for network sniffing John Morrison (Jun 24)
- Re: Linux or Unix distribution for network sniffing jcoyle (Jun 24)
- Re: Linux or Unix distribution for network sniffing John Morrison (Jun 25)
- Re: Linux or Unix distribution for network sniffing Bitu (Jun 28)
- Message not available
- Re: Linux or Unix distribution for network sniffing John Morrison (Jun 28)
- Re: Linux or Unix distribution for network sniffing Enrico (Jun 29)
- Re: Linux or Unix distribution for network sniffing jcoyle (Jun 24)
- Re: Linux or Unix distribution for network sniffing John Morrison (Jun 24)
- RE: Linux or Unix distribution for network sniffing Lauren Twele (Jun 24)
- Re: Linux or Unix distribution for network sniffing Zhu Sha Zang (Jun 25)
- Re: Linux or Unix distribution for network sniffing Bitu (Jun 28)
- Re: Linux or Unix distribution for network sniffing Jonathan Leigh (Jun 24)