RE: web monitoring tool

[Chris Santerre <csanterre () MerchantsOverseas com>]

Dialup may cause you more headaches. The may get malware into your network
thru there. I would have the exec's bosses literally signoff on a piece of
paper saying they understand that you can't be held accountable to network
security if they put a big hole in your configuration.

I tell my bosses the same. If you don't give me the control, you can't blame
me when something happens thru a weak link. 

I've also seen execs fired due to surfing habits. 

The ONLY person in a company that can surf without fear is.......Sysadmin ;)

> -----Original Message-----
> From: Imran Khan [mailto:ikhan () eudoramail com]
> Sent: Wednesday, April 09, 2003 8:00 PM
> To: security () nscs uk com; security-basics () securityfocus com
> Subject: Re: web monitoring tool
>
>
>
> I do agree with you Byrne and many others who sent responses 
> to my query. I cannot agree enough that this is strange 
> one... It is also a deviation from an overall corporate 
> security policy. But executives are executives after all!!!
>
> I did relay my concern earlier today and made a 
> recommendation that these executives use a dialup connection 
> if they need to keep their privacy and sanity of others...
>
> I have yet to find out the real objective behind this requirement!
>
>
> Thanks every one who responded.
>
> Cheers, 
> Imran
>
>
>
> --
>
> On Wed, 9 Apr 2003 17:46:49   
>  Byrne Ghavalas wrote:
> > Hi Imran,
> >
> > The goal certainly is a strange one...
> >
> > Assuming that all the traffic goes through a firewall, I would assume
> > that you could assign static IP addresses (or reserved DHCP 
> addresses)
> > to these manager's machines.  Then, you could create a rule on the
> > firewall to allow the traffic through, but without logging.
> >
> > If the firewall does not support the option of no logging, 
> then I would
> > say that the only other option I can think of is providing 
> the group of
> > managers with their own Internet connection.
> >
> > Also, if the managers use different workstations, this option won't
> > really
> > be effective.
> >
> > As the traffic has to end up going through the firewall one way or
> > another,
> > I can't see any desktop solution solving your problem.
> >
> > I must admit that it is rather bizarre that your boss would want to
> > disable logging for these users. I can understand the your boss is
> > probably thinking of the privacy for those managers, but 
> logging is not
> > really supposed to be used to spy on users activities, but rather to
> > spot anomalies and hopefully help with troubleshooting and forensic
> > investigations... Hopefully any staff that have access to this log
> > information are trusted staff members with well-written contracts ;-)
> >
> > I would try and convince your boss otherwise, but either 
> way, good luck
> > in resolving your problem.
> >
> > Kind regards
> >
> > Byrne Ghavalas
> >
> >
> > ----- Original Message -----
> > From: "Imran Khan" <ikhan () eudoramail com>
> > To: <security-basics () securityfocus com>
> > Sent: Wednesday, April 09, 2003 1:11 PM
> > Subject: Re: web monitoring tool
> >
> >
> > > couldn't find any matter on this one on the security focus 
> website...
> > > I am looking for an application to block net utilization at the
> > desktop level.
> > > My boss wants to keep a select group's (mostly senior managers)
> > internet use confidential. She wants this to be done locally (desktop
> > application), so no logs are generated on the network admin end.
> > > Is this doable?
> > >
> > > Thanks for all the responses...
> > >
> > > Imran
> > >
> > >
> > > Need a new email address that people can remember
> > > Check out the new EudoraMail at
> > > http://www.eudoramail.com
> > >
> > > -------------------------------------------------------------------
> > > Is SPAM over-loading your e-mail server, disk space or bandwidth?
> > > SurfControl E-Mail Filter is flexible, intelligent and 
> policy-driven
> > > protection.
> > > http://www.securityfocus.com/SurfControl-security-basics2
> > > Download your free fully functional trial, complete with 30-days of
> > free technical support.
> > > Stop SPAM before it stops you.
> > > -------------------------------------------------------------------
>
>
> Need a new email address that people can remember
> Check out the new EudoraMail at
> http://www.eudoramail.com
>
> -------------------------------------------------------------------
> Is SPAM over-loading your e-mail server, disk space or bandwidth?
> SurfControl E-Mail Filter is flexible, intelligent and policy-driven
> protection.
> http://www.securityfocus.com/SurfControl-security-basics2
> Download your free fully functional trial, complete with 
> 30-days of free technical support.
> Stop SPAM before it stops you.
> -------------------------------------------------------------------

-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------