Educause Security Discussion
mailing list archives
Re: URL Logging Allowed?
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Mon, 11 Nov 2013 12:09:24 -0500
I think you'll find that a very controversial issue in many institutions.
It comes up because of the various (and hopefully obvious) privacy issues.
There are mitigating circumstances that you might suggest employing. For
example you might keep a in-memory list of URLs and only alert on them
if the URL is seen X amount of times.
This way you aren't logging every single URL and you still get a heads
up when some threshold is crossed.
YMMV but I hope this helps.
Also, given your title I want to take a second to suggest (if you aren't
already a member) you apply for membership to REN-ISAC.
On 11/11/2013 12:01 PM, Gramke, Jim wrote:
Does anybody log the URL's which are visited from on campus? If so, was the decision to do so met with
resistance, or are there very tight policies around who can use the data? Perhaps you do it for some groups
(administration) and not for others (students, faculty?)
I would like to do this, for example, to quickly see which users clicked on a link in a phishing email , or what site
caused a dozen pcs to download the same malware, or even to block a particular site.
This appears to be a very controversial proposal here, and so I'm wondering if anybody has tried to go down this path.
Jim Gramke, GCED, GSEC
IT Security Manager
College of St. Benedict | St. John's University
Collegeville, MN 56321
Email: jgramke () csbsju edu
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of
SECURITY automatic digest system
Sent: Sunday, November 10, 2013 11:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: SECURITY Digest - 8 Nov 2013 to 10 Nov 2013 (#2013-197)
[LISTSERV mailing list manager]<http://www.lsoft.com>
SECURITY Digest - 8 Nov 2013 to 10 Nov 2013 (#2013-197)
Table of contents:
* FYI - Adobe account compromise
1. FYI - Adobe account compromise
* Re: FYI - Adobe account compromise<cid:20250@LISTSERV.EDUCAUSE.EDU> (11/11)
From: Brian Helman <bhelman () SALEMSTATE EDU<mailto:bhelman () SALEMSTATE EDU>>
Browse the SECURITY online archives.<http://listserv.educause.edu/cgi-bin/wa.exe?LIST=SECURITY>
by the LISTSERV Email List Manager]<http://www.lsoft.com/products/listserv-powered.asp>