Snort mailing list archives
RE: Alert for web-based email sites
From: "Paul D. Shaffer" <paulshaf () earthlink net>
Date: Tue, 18 Dec 2001 15:35:19 -0700
This question came up a number of times at our site. After trying it both ways, we settled on the following philosophical grounds: Why attempt to catch your own people doing something they are naturally inclined towards and is predominantly low-risk anyway, which the company has defined as wrong? Isn't it better and easier to simply block access (via the web proxy, for example) and allow the security guys to concentrate on more important matters, rather than being preoccupied with what ends up becoming a constant distraction? Just food for thought... Paul -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Sheahan, Paul (PCLN-NW) Sent: Tuesday, December 18, 2001 11:13 AM To: Snort List (E-mail) Subject: [Snort-users] Alert for web-based email sites Hello, I'd like to create a rule in Snort to alert me anytime someone opens an SSL session at www.hotmail.com (since it is against our security policy to access web email). I would ideally like to do this for all webmail related sites but I'm not sure how to go about it. For example, it's OK for a user to go to www.yahoo.com but not to get webmail from Yahoo. Is there anyone else out there doing checks for this type of thing? Thanks, Paul _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert for web-based email sites Sheahan, Paul (PCLN-NW) (Dec 18)
- Re: Alert for web-based email sites Chris Green (Dec 18)
- RE: Alert for web-based email sites Abe L. Getchell (Dec 18)
- RE: Alert for web-based email sites Paul D. Shaffer (Dec 18)
- Re: Alert for web-based email sites Chris Green (Dec 18)