Home page logo
/

basics logo Security Basics mailing list archives

RE: Remote monitoring
From: "Kevin Ortloff" <Kevin.Ortloff () j2global com>
Date: Fri, 16 Nov 2007 09:48:35 -0800

are you looking for internet activity only or something else?

For internet activity, using a squid proxy would work pretty well with
something like SARG ( an app ) to parse the info into readable info.
This is unix apps, but I think windows has similar apps.

You can also boost up your logging capabilities via active directories
group policy. Capture whatever you want in there. The problem here is
getting the logs to a centralized location. I haven't found the perfect
way to do that yet...

If you want to spy on active sessions. Dameware works beautifully. The
built in windows one might be good, I only tried to use it once, but
from what I remember, it asks the users for permission to join the
session ( this would not be stealth by any means ).





-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Holtz,Robert
Sent: Wednesday, November 07, 2007 9:58 AM
To: WALI
Cc: security-basics
Subject: RE: Remote monitoring

If you're looking to monitor workstation to server activity you can use
the built in network monitor that comes with Windows.  Run it on the
server to watch and filter on the workstation you want to monitor.

To watch all traffic from a given workstation you will want to somehow
monitor their switch port.  This capability will depend heavily on what
types of switches you have in place.  You would forward a copy of all of
their port traffic to a "monitor" port that has a sniffer hooked to it.


 
 If you are not the intended recipient of this message (including
attachments), or if you have received this message in error, immediately
notify us and delete it and any attachments.  If you no longer wish to
receive e-mail from Edward Jones, please send this request to
messages () edwardjones com   You must include the e-mail address that you
wish not to receive e-mail communications.  For important additional
information related to this e-mail, visit
www.edwardjones.com/US_email_disclosure
 
-----Original Message-----
 

From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of WALI
Sent: Wednesday, November 07, 2007 10:55 AM
Cc: security-basics
Subject: Remote monitoring

On my network of Windows XP platform and I need to arbitrarily monitor
the activities of some of the workstations that are connected to Windows
2003 domain. I have domain admin previleges to the network and am also
aware of the local admin password. I understand that there are hundreds
of spyware softwares assigned for this purpose but I was looking for a
freeware, agentless deployment, monitoring thingy.

Anything of this sort out there?


This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates 
which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the 
addressee(s) only.  If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is prohibited.  If you have received this email in error please notify the sender by reply e-mail and delete 
the original message and any copies.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault