Re: Query: internet browsing logs

[Frank Barton <bartonf () HUSSON EDU>]

Roshan, In order to capture the URL for https traffic, you have to
Man-In-The-Middle the SSL session, which would also give you access to the
contents. There are privacy and compliance concerns around that, as if you
MITM everything, you will also see banking sessions, online shopping and
credit card numbers, etc.

We use Cisco Firepower, which will log the full HTTP url, and a hostname
for HTTPS queries.

Frank

On Thu, Oct 11, 2018 at 9:23 AM Roshan Harneker <roshan.harneker () uct ac za>
wrote:

> Hi,
>
>
>
> We have a requirement to be able to collate internet browsing logs that
> will also be able to provide us with detail around URLs visited especially
> when forensic investigations are requested. We don’t have a requirement to
> view the website contents, just websites visited. In the past TMG was used
> as a proxy but since so much traffic is now SSL-based, I wanted to know
> what other universities are using to capture HTTP/HTTPS traffic information
> and being able to tie each URL visited to an identity.
>
>
>
> Regards,
>
> Roshan
>
>
>
> Roshan Harneker
> Senior Manager: Information and Cybersecurity Services
>
> Information & Communication Technology Services (ICTS)
>
> University of Cape Town
> Phone: 021 650 3658
> roshan.harneker () uct ac za
>
> https://csirt.uct.ac.za
>
>
> Disclaimer - University of Cape Town This email is subject to UCT policies
> and email disclaimer published on our website at
> http://www.uct.ac.za/main/email-disclaimer or obtainable from +27 21 650
> 9111. If this email is not related to the business of UCT, it is sent by
> the sender in an individual capacity. Please report security incidents or
> abuse via https://csirt.uct.ac.za/page/report-an-incident.php.


-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University