RE: Alert for web-based email sites

["Paul D. Shaffer" <paulshaf () earthlink net>]

This question came up a number of times at our site.  After trying it both
ways, we settled on the following philosophical grounds:  Why attempt to
catch your own people doing something they are naturally inclined towards
and is predominantly low-risk anyway, which the company has defined as
wrong?  Isn't it better and easier to simply block access (via the web
proxy, for example) and allow the security guys to concentrate on more
important matters, rather than being preoccupied with what ends up becoming
a constant distraction?  Just food for thought...

Paul

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Sheahan,
Paul (PCLN-NW)
Sent: Tuesday, December 18, 2001 11:13 AM
To: Snort List (E-mail)
Subject: [Snort-users] Alert for web-based email sites



Hello,

I'd like to create a rule in Snort to alert me anytime someone opens an SSL
session at www.hotmail.com (since it is against our security policy to
access web email).
I would ideally like to do this for all webmail related sites but I'm not
sure how to go about it. For example, it's OK for a user to go to
www.yahoo.com but not to get webmail from Yahoo.

Is there anyone else out there doing checks for this type of thing?



Thanks,
Paul


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users