Home page logo
/

basics logo Security Basics mailing list archives

Re: Spying in a corporate environment
From: Tremaine Lea <tremaine () gmail com>
Date: Tue, 27 Nov 2007 15:14:32 -0700

Niksun is an excellent appliance, although Narus is also worth a look. Narus is what was deployed by the NSA at AT&T that caused all that fuss ;)


---
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"



On 27-Nov-07, at 2:52 PM, Chris Barber wrote:

Have you looked at NetVCR by Niksun.  It is a network appliance that
captures all network traffic. from a span port on a switch.  You can
rebuild E-Mails, webpages, etc.  If the traffic crosses the wire this
box captures it.  Depending on the drive space you can capture days
worth of traffic.

Chris.

On 11/20/07, Col <colweb () gmail com> wrote:
Hi everyone,

In my job we have to investigate people on our network for various reasons.

Increasingly I am finding I need some sort of tool to help me out.
Preferably something that I can run on a server, point at a client or
a user account and have it monitor that user/machine activity over a
period of time.

The best tool would have these sorts of features:-

Audit log - everything the user does (shared drives, applications, web
sites visited)
Data copy - copy data from the machine, including from pen drives
(automatically would be nice)
Offline logging - ability to log what the user does with the machine
when its off the network
Alerting system - alert me when the user does something defined in a rule

Has anyone come across a tool that does any of these things?

I guess the best solution would be to write something in house, as it
would almost never get picked up by Anti Virus scanners, but obviously
that's a lot of effort.

Any pointers appreciated, thanks in advance.

Regards,

Colin.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault