Re: Traffic Monitoring

[Paul Dokas <dokas () cs umn edu>]

On Tue, 6 May 2003 09:54:13 +0500, "Zahid Ahmad Khan" <zahid () expertsystems net> wrote:
> A research organization has asked me to look at an interesting
> situation. They are paranoid about pilferage of research work and want
> to monitor and log all email traffic (Vectors and contents of POP, SMTP
> & IMAP). They require the following:
>  
> 1) Log all in and out bound emails (All employees have been duly
> informed of the fact).
> 2) Generate email vector logs.
> 3) Flag and stop any email with unauthorized contents.
> 4) Only interested in traffic on the WAN and Internet interface (E-1,
> E-3, OC-3, POS)
> 5) Do not want to log or see any internal traffic which might be contain
> sensitive R&D info.

You've got to be kidding.  If these are their requirement, then why are
they attached to the Internet at all?  Email is the moron's file transfer
protocol, therefore I suggest that you're only going to catch morons by
examining email.

Anyone who's serious about stealing information and has half a brain is
not going to use the Internet connection at all.  They're going to walk
out the front door with a CD-R or a couple of floppies.

Paul
-- 
Paul Dokas                                            dokas () cs umn edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards