Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: URL Logging Allowed?
From: Rich Graves <rgraves () CARLETON EDU>
Date: Mon, 11 Nov 2013 11:32:19 -0600

We've been logging URLs, for phishing and malware remediation, since about 2010. I keep trying to have a serious 
conversation about privacy here, but it's usually cut short with "don't worry, we trust you." Um, that's not the 
point...

I exclude facebook.com, *.edu, *.gov, and a few other domains because of the low signal/noise+privacy ratio.

As previously discussed here, short of full URL logging, you can get some idea of who has visited hostile sites with a 
combination of DNS query logging and netflow. You need both because most web browsers will do DNS lookups for all links 
on a page, even if the user never clicks them.

You can mitigate the privacy implications of any sort of logging with truncation, hashing, and reversible obfuscation. 
1226522706a22b87bc141260c073fd9d can be just as useful as khfdurb.jimdo.com/. 2299920641 can be just as useful as 
137.22.1.1. Design your query interface so that it displays personal identifiable information only when requested.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault