We use OpenDNS Umbrella, with only the malware deny mode on, but everything is logged and OpenDNS will generate a report of flagged URLs, so it's possible to go back to your own systems (we send all DNS/DHCP activity into ELK) and correlate who it was. OpenDNS will also sell you a box that does all that for you.
Graham From: Edward Ned Harvey (lopser) <lop...@nedharvey.com> Reply: Edward Ned Harvey (lopser) <lop...@nedharvey.com> Date: February 19, 2016 at 10:45:51 AM To: tech@lists.lopsa.org <tech@lists.lopsa.org> Subject: [lopsa-tech] Identify illicit behavior Suppose a company has a policy about permitted use of the company laptops and internet, but you have suspicion that some user(s) are using it for illicit purposes such as porn. You've already taken measures to prevent accidental access - content filtering firewall, dns filtering, etc. You want to take reasonable steps to prevent misuse, but you also want to be alerted and catch people, if they try to misuse it. Can you name any products? I'm thinking either some agent that runs on pc's, or something that monitors network traffic and triggers alerts. I'm fully aware of the need for caution in how such tools are applied - both in terms of respecting peoples' privacy, and legal rights, and distinguishing accidental misuse and false positives from real violations. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
