Re: Spying in a corporate environment

[Tremaine Lea <tremaine () gmail com>]

Niksun is an excellent appliance, although Narus is also worth a  
look.  Narus is what was deployed by the NSA at AT&T that caused all  
that fuss ;)


---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"



On 27-Nov-07, at 2:52 PM, Chris Barber wrote:

> Have you looked at NetVCR by Niksun.  It is a network appliance that
> captures all network traffic. from a span port on a switch.  You can
> rebuild E-Mails, webpages, etc.  If the traffic crosses the wire this
> box captures it.  Depending on the drive space you can capture days
> worth of traffic.
>
> Chris.
>
> On 11/20/07, Col <colweb () gmail com> wrote:
> > Hi everyone,
> >
> > In my job we have to investigate people on our network for various  
> > reasons.
> >
> > Increasingly I am finding I need some sort of tool to help me out.
> > Preferably something that I can run on a server, point at a client or
> > a user account and have it monitor that user/machine activity over a
> > period of time.
> >
> > The best tool would have these sorts of features:-
> >
> > Audit log - everything the user does (shared drives, applications,  
> > web
> > sites visited)
> > Data copy - copy data from the machine, including from pen drives
> > (automatically would be nice)
> > Offline logging - ability to log what the user does with the machine
> > when its off the network
> > Alerting system - alert me when the user does something defined in  
> > a rule
> >
> > Has anyone come across a tool that does any of these things?
> >
> > I guess the best solution would be to write something in house, as it
> > would almost never get picked up by Anti Virus scanners, but  
> > obviously
> > that's a lot of effort.
> >
> > Any pointers appreciated, thanks in advance.
> >
> > Regards,
> >
> > Colin.