Educause Security Discussion mailing list archives

Re: URL Logging Allowed?

From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Mon, 11 Nov 2013 12:09:24 -0500

Hi Jim,

I think you'll find that a very controversial issue in many institutions.

It comes up because of the various (and hopefully obvious) privacy issues.

There are mitigating circumstances that you might suggest employing. For
example you might keep a in-memory list of URLs and only alert on them
if the URL is seen X amount of times.

This way you aren't logging every single URL and you still get a heads
up when some threshold is crossed.

YMMV but I hope this helps.

Also, given your title I want to take a second to suggest (if you aren't
already a member) you apply for membership to REN-ISAC.
http://www.ren-isac.net/

Cheers,
Harry

On 11/11/2013 12:01 PM, Gramke, Jim wrote:

Hi All,

Does anybody log the URL's which are visited from on campus?     If so, was the decision to do so met with 
resistance, or are there very tight policies around who can use the data?      Perhaps you do it for some groups 
(administration) and not for others (students, faculty?)

I would like to do this, for example, to quickly see which users clicked on a link in a phishing email , or what site 
caused a dozen pcs to download the same malware, or even to block a particular site.

This appears to be a very controversial proposal here, and so I'm wondering if anybody has tried to go down this path.


Thanks,


Jim Gramke, GCED, GSEC
IT  Security Manager
College of St. Benedict | St. John's University
IT Services
Collegeville, MN  56321
Office: 320-363-2785
Email: jgramke () csbsju edu



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
SECURITY automatic digest system
Sent: Sunday, November 10, 2013 11:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: SECURITY Digest - 8 Nov 2013 to 10 Nov 2013 (#2013-197)

[LISTSERV mailing list manager]<http://www.lsoft.com>

[LISTSERV 15.0]<http://listserv.educause.edu/cgi-bin/wa.exe?LIST=SECURITY>




SECURITY Digest - 8 Nov 2013 to 10 Nov 2013 (#2013-197)
Table of contents:

  *   FYI - Adobe account compromise

  1.  FYI - Adobe account compromise
     *   Re: FYI - Adobe account compromise<cid:20250@LISTSERV.EDUCAUSE.EDU> (11/11)
From: Brian Helman <bhelman () SALEMSTATE EDU<mailto:bhelman () SALEMSTATE EDU>>




Browse the SECURITY online archives.<http://listserv.educause.edu/cgi-bin/wa.exe?LIST=SECURITY>


[Anti-Virus 
Filter]<http://www.lsoft.com/products/default.asp?item=secured-by-FS&host=LISTSERV.EDUCAUSE.EDU&wa=http://listserv.educause.edu/cgi-bin/wa.exe>[Powered
 by the LISTSERV Email List Manager]<http://www.lsoft.com/products/listserv-powered.asp>

Current thread:

URL Logging Allowed? Gramke, Jim (Nov 11)
- Re: URL Logging Allowed? Harry Hoffman (Nov 11)
  - Re: URL Logging Allowed? Rich Graves (Nov 11)