Security Basics mailing list archives

RE: web monitoring tool

From: "Douglas K. Fischer" <fischerdk () purefm net>
Date: Fri, 11 Apr 2003 23:08:43 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lots of excellent points made in this thread.

1. Before you do anything, have a CYA memo of some sort from a superior,
ESPECIALLY if this request places any action in direct or inferred
opposition to corporate policy or legal reporting/auditing requirements.
It's hard to say (and frankly irrelevant) why the executives want their
surfing totally confidential. However, if there would be any backlash from
this action, you need to minimize your own exposure. (My general rule of
thumb is to have clear support for everything I do. If I can't point to a
policy or regulation that supports an action, I make sure someone over me
has provided some form of e-mail or memo that will offer such support.)

2. Chances are in addition to not wanting anything logged, the executives
also do not want any of the traffic observed. I would tend to agree with
the proponents for a separate dial-up or broadband Internet connection and
a separate PC/laptop to totally isolate this "executive surfing" from your
enterprise network. That is the cleanest way.

3. Perhaps suggesting that the execs do their "confidential surfing" from a
home connection or other non-corporate location would be in order. It would
be far simpler as far as keeping the traffic confidential. (Frankly,
depending on their reasons for wanting to keep their activities invisible,
the very act of making this request would arouse suspicion and start
vicious rumours. Simply doing the surfing from home would have allowed them
to keep things quiet and not have to involve anyone at the office.)

Doug
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPpeDOp938qfSpraDEQIeLwCgvhhQtBj6mC/wmOVnw0kdMAZEidQAoMvy
Ga/9fuqdr+Mmj9GaxHz82Z3G
=xAn1
-----END PGP SIGNATURE-----

-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

Re: web monitoring tool, (continued)
- Re: web monitoring tool Justin F. Knox (Apr 10)
- RE: web monitoring tool Michael Parker (Apr 10)
  - RE: web monitoring tool Tim Heagarty (Apr 10)
  - Re: web monitoring tool Kenzo (Apr 10)
    - Re: web monitoring tool Peter Pandev (Apr 12)
- RE: web monitoring tool Trevor Cushen (Apr 10)
  - RE: web monitoring tool Burton M. Strauss III (Apr 10)
- RE: web monitoring tool Robinson, Sonja (Apr 10)
- Re: web monitoring tool Imran Khan (Apr 10)
  - RE: web monitoring tool David Gillett (Apr 10)
    - RE: web monitoring tool Douglas K. Fischer (Apr 12)
    - Re: web monitoring tool Jon Pastore (Apr 14)
    - RE: web monitoring tool Ken Kousky (Apr 14)
- RE: web monitoring tool Chris Berry (Apr 10)
- RE: web monitoring tool Chris Santerre (Apr 11)
- RE: web monitoring tool Imran Khan (Apr 14)