We also use OpenDNS Umbrella. We have deployed their Virtual Appliances inside our network so that the OpenDNS logs show the real IP address of the DNS clients. (Otherwise, our firewall would PAT the addresses on the way out to the Internet.)
We have not yet implemented anything to sniff out people who circumvent the policies that we’ve placed on the OpenDNS servers. We have Palo Alto PA-5050 devices sitting in between our inside network and our production firewall, which we could use for this purpose. We just haven’t gotten that far yet. From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] On Behalf Of Graham Dunn Sent: Friday, February 19, 2016 9:51 AM To: tech@lists.lopsa.org; Edward Ned Harvey (lopser) <lop...@nedharvey.com> Subject: Re: [lopsa-tech] Identify illicit behavior We use OpenDNS Umbrella, with only the malware deny mode on, but everything is logged and OpenDNS will generate a report of flagged URLs, so it's possible to go back to your own systems (we send all DNS/DHCP activity into ELK) and correlate who it was. OpenDNS will also sell you a box that does all that for you. Graham From: Edward Ned Harvey (lopser) <lop...@nedharvey.com><mailto:lop...@nedharvey.com> Reply: Edward Ned Harvey (lopser) <lop...@nedharvey.com><mailto:lop...@nedharvey.com> Date: February 19, 2016 at 10:45:51 AM To: tech@lists.lopsa.org<mailto:tech@lists.lopsa.org> <tech@lists.lopsa.org><mailto:tech@lists.lopsa.org> Subject: [lopsa-tech] Identify illicit behavior Suppose a company has a policy about permitted use of the company laptops and internet, but you have suspicion that some user(s) are using it for illicit purposes such as porn. You've already taken measures to prevent accidental access - content filtering firewall, dns filtering, etc. You want to take reasonable steps to prevent misuse, but you also want to be alerted and catch people, if they try to misuse it. Can you name any products? I'm thinking either some agent that runs on pc's, or something that monitors network traffic and triggers alerts. I'm fully aware of the need for caution in how such tools are applied - both in terms of respecting peoples' privacy, and legal rights, and distinguishing accidental misuse and false positives from real violations. _______________________________________________ Tech mailing list Tech@lists.lopsa.org<mailto:Tech@lists.lopsa.org> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
