Re: [lopsa-tech] Identify illicit behavior

2016-02-19 Thread Mario Obejas
The guy that gave this LISA talk isn't a complete idiot, and even though it was 2010, you might still find some applicable ideas in there: Enterprise-scale Employee Monitoring | USENIX |   | |   | |   |   |   |   |   | | Enterprise-scale Employee Monitoring | USENIXSince June 2009, I have been th

Re: [lopsa-tech] Identify illicit behavior

2016-02-19 Thread Doug Hughes
> Suppose a company has a policy about permitted use of the company laptops > and internet, but you have suspicion that some user(s) are using it for > illicit purposes such as porn. You've already taken measures to prevent > accidental access - content filtering firewall, dns filtering, etc. > > >

Re: [lopsa-tech] Identify illicit behavior

2016-02-19 Thread Jeremy Charles
[mailto:tech-boun...@lists.lopsa.org] On Behalf Of Graham Dunn Sent: Friday, February 19, 2016 9:51 AM To: tech@lists.lopsa.org; Edward Ned Harvey (lopser) Subject: Re: [lopsa-tech] Identify illicit behavior We use OpenDNS Umbrella, with only the malware deny mode on, but everything is logged and

Re: [lopsa-tech] Identify illicit behavior

2016-02-19 Thread Dan Ritter
On Fri, Feb 19, 2016 at 03:12:54PM +, Edward Ned Harvey (lopser) wrote: > Suppose a company has a policy about permitted use of the company laptops and > internet, but you have suspicion that some user(s) are using it for illicit > purposes such as porn. You've already taken measures to preve

Re: [lopsa-tech] Identify illicit behavior

2016-02-19 Thread Graham Dunn
We use OpenDNS Umbrella, with only the malware deny mode on, but everything is logged and OpenDNS will generate a report of flagged URLs, so it's possible to go back to your own systems (we send all DNS/DHCP activity into ELK) and correlate who it was. OpenDNS will also sell you a box that does