Re: Linux or Unix distribution for network sniffing

[John Morrison <john.morrison101 () gmail com>]

Apologies that does look like a "sales guy" kind of thing to say, now
I reread it.

Hristiyan says "We have a proxy which is dealing with our HTTP traffic
but some people are playing smart trying to use some anonymizers to
access restricted websites."

To me what he wants to do is not best achieved by sniffing the packets
and spending, potentially, hundreds of hours reviewing the data and
then trying to present it to management to act on. IMHO he would be
better off with a solution that is designed for this purpose. Squid
and lists from squid guard may be enough if Hristiyan wants to block,
but monitoring and reporting is another matter. There are many
products, including DLP products, from a variety of sources including
all the big names (Symantec, McAfee, Novell, etc.) that all require
investment in other products to gain the most from them. My suggestion
was intended to get Hristiyan to think of a solution in a different
direction, rather than get stuck in the "if all you have is a hammer
all problems begin to look like nails" rut. My suggestion of WebSense
was due to my familiarity with the product. I know it does what I
suggested might be a better solution.

If we continue the thread down this track does anyone have experience
of Open Source products that may provide a solution?

On 24 June 2010 15:47,  <jcoyle () winwholesale com> wrote:
> sales guy...
>
>
>
>
> From:       John Morrison <john.morrison101 () gmail com>
> To:         Hristiyan Lazarov <hristiyan.lazarov () gmail com>
> Cc:         security-basics () securityfocus com
> Date:       06/24/2010 10:46 AM
> Subject:    Re: Linux or Unix distribution for network sniffing
> Sent by:    listbounce () securityfocus com
>
>
>
> Hristiyan,
>
> You could try a using some of the products from a company like
> WebSense. Their web protection product can be found here:
>       http://www.websense.com/content/WebSecurityOverview.aspx
>
> It can make a record of each page visited by each user for reporting
> purposes and can block undesirable sites and anonymisers.
>
> On 22 June 2010 10:12, Hristiyan Lazarov <hristiyan.lazarov () gmail com>
> wrote:
> > Hello, I'm new to this mail list so lets first introduce myself - my
> > name is Hristiyan Lazarov and I'm currently working as an Enterprise
> > Security Specialist for a UK based company.
> >
> > I'm looking to implement in our organisation *NIX based network
> > sniffer. Basically, I want to trace and record every single packet
> > that is coming to, or going out from my network.
> >
> > We are working with sensitive information, that's why my employer want
> > me to record the traffic at least 1 month back. We have a proxy which
> > is dealing with our HTTP traffic but some
> > people are playing smart trying to use some anonymizers to access
> > restricted websites.
> >
> > Any suggestions would be greatly appreciated.
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your company
> and how your customers can tell if a site is secure. You will find out how
> to test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted to
> help you ensure efficient ongoing management of your encryption keys and
> digital certificates.
> >
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> ------------------------------------------------------------------------
>
>
>
>
> *********************************************************************************************
> This email message and any attachments is for use only by the named addressee(s) and may contain confidential, 
> privileged and/or proprietary information.  If you have received this message in error, please immediately notify the 
> sender and delete and destroy the message and all copies.  All unauthorized direct or indirect use or disclosure of 
> this message is strictly prohibited.  No right to confidentiality or privilege is waived or lost by any error in 
> transmission.
> *********************************************************************************************

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------