Juniper SSG or netscreen Firewalls, so no iptables or shell scripting in the same way you could with software firewalls. As far as mail and web ports ... even you give too much leeway. my list is more like
Web: 80 and 443 mail: 25 (and only to my mail servers) icmp: always useful Custom state specific services or vendor services if any, but in the last year most have switched over to VPN based traffic and the rest make the user connect to their service via dial-up modem. No dns, ntp, imap, pop etc etc etc. unless its through the VPN. On Wed, May 23, 2012 at 4:25 AM, Benjamin Tayehanpour < [email protected]> wrote: > Depending on what firewall software you are using on your router, you > could just write a simple shell script which updates the firewall entries > to reflect the contents of said blacklists. What are you using? iptables? > > I suppose they weren't smart enough, since you know of those times! :) > > Mail and web. That is, ports 25 (SMTP), 80 (HTTP), 110 (POP3), 143 (IMAP) > 443 (HTTPS), 465 (SSMTP), 585 (IMAP4-SSL), 993 (IMAPS), 995 (SSL-POP)? How > about ICMP traffic? > > > On 23 May 2012 10:32, sanga collins <[email protected]> wrote: > >> A log is a record. In this case I am recording traffic and not content. >> Regardless of semantics we play on the ethical side of the court. >> >> Known Proxy: Squidguard and Dans Guardian blacklists are kept up to date >> so i don't have to chase them down myself. >> Blocking in the firewall is painful. It means i have to maintain a list >> of IP's or domains in more than 30 firewalls spread across the country. >> When i could just use Squid+DansG in one location >> >> Yes there are ways of obfuscating traffic to make it appear as something >> else. But i can count on 1 hand the number of times an individual has been >> smart enough to do that let alone spell the word. >> >> We block all outbound ports except mail, and web. But these days all you >> need is port 80 to connect to a proxy server that then opens playboy.comon >> port80 for you. I never know you are on >> playboy.com until the sexual harrasment lawsuit comes down the pipe or a >> visitor to one of our nursing facilities claims that an resident was busy >> watching porn in the dining room ... >> >> What to do? >> >> >> On Wed, May 23, 2012 at 3:02 AM, Benjamin Tayehanpour < >> [email protected]> wrote: >> >>> In that case, you are logging, not recording as you previously stated. >>> There is a difference, so please refrain from mixing those two terms in the >>> future. "Monitoring" is an umbrella word which could entail both logging >>> and recording or even none of them and instead other approaches. >>> >>> And, as long as you don't record, you are staying on the ethical side of >>> things, I suppose :) >>> >>> Although, I am a bit curious. What, exactly, entails "known proxy"? Do >>> you keep a list of them? In that case, why not block them outright in the >>> firewall? Also, there are ways of obfuscating traffic to make it >>> indistinguishable from "legitimate" traffic. How do you counter that? >>> >>> Wouldn't it be easier just to block all outgoing ports except the ones >>> you use in your line of work? That way you would blanket-block almost every >>> public proxy out there, and there would be less traffic to monitor. >>> >>> >>> On 23 May 2012 09:52, sanga collins <[email protected]> wrote: >>> >>>> The process of blocking requires monitoring. I believe blocking is >>>> acting on monitored traffic, is it not? >>>> >>>> I think there is a misunderstanding as to what my monitoring entails. I >>>> can not read a users email or view the website they are viewing live. All i >>>> can see is what site was visited, when, and from which computer. Basic >>>> information available in all routing equipment. On this basic information >>>> rules are set in the organization with penalties for violating the rules. >>>> If you access a known proxy or i determine you are circumventing the >>>> monitoring, i dont need to know why you did it, or where you went. The fact >>>> that you did, on a computer that isnt yours is grounds for termination >>>> >>>> >>>> >>>> On Wed, May 23, 2012 at 2:45 AM, Victor van Reijswoud < >>>> [email protected]> wrote: >>>> >>>>> How long are records kept? Who is able to access and examine them? >>>>> These are important issues when 'everything' is monitored. >>>>> >>>>> For medical information (as you refer to) this has been arranged by >>>>> law in most countries. Is this also arranged for data/information >>>>> related to computer use of individuals in your organisation? >>>>> >>>>> Un-ethical is a strong word but I feel it more transparent to block >>>>> than to monitor 'everything'. >>>>> >>>>> >>>>> On Wed, May 23, 2012 at 7:27 AM, Sanga Collins < >>>>> [email protected]> wrote: >>>>> > Why is it un ethical? You work in our office using our computers >>>>> handling patient medical information and financial data. The govt mandates >>>>> we keep a 'paper trail' of everything coming and going. We also clearly >>>>> state in the terms of employment that all Internet traffic is monitored. >>>>> > >>>>> > Don't see the unethical part. >>>>> > >>>>> > Besides most routers and networking equipment log all traffic anyway. >>>>> > >>>>> > Sent from my mobile device >>>>> > >>>>> > On May 23, 2012, at 9:19 AM, Victor van Reijswoud < >>>>> [email protected]> wrote: >>>>> > >>>>> >> +1 >>>>> >> >>>>> >> >>>>> >> On Wed, May 23, 2012 at 7:13 AM, Benjamin Tayehanpour >>>>> >> <[email protected]> wrote: >>>>> >>> Recording traffic is even worse than outright blocking it, from an >>>>> ethical >>>>> >>> point of view. It's quite fun, though :) >>>>> >>> >>>>> >>> >>>>> >>> On 22 May 2012 16:09, Sanga Collins <[email protected]> >>>>> wrote: >>>>> >>>> >>>>> >>>> We don't block apps or websites we haut record everything. HR has >>>>> new >>>>> >>>> employees sign terms of use. If they are violated the employee is >>>>> >>>> terminated. Use of proxies or circumvention techniques counts as 2 >>>>> >>>> violations. Leaving 1 violation for termination. >>>>> >>>> >>>>> >>>> Each year your violations reset to zero and all cases are >>>>> investigated >>>>> >>>> since spam, spyware or viruses can also cause traffic to be >>>>> recorded that is >>>>> >>>> not allowed. >>>>> >>>> >>>>> >>>> Btw we allow far book twitter and social networking sites. But if >>>>> you >>>>> >>>> spend majority of your day 'networking' then that counts as a >>>>> violation :) >>>>> >>>> >>>>> >>>> Sent from my mobile device >>>>> >>>> >>>>> >>>> On May 22, 2012, at 4:02 PM, erias swraggy <[email protected]> >>>>> wrote: >>>>> >>>> >>>>> >>>>> I think its a total waste of time especially with the existence >>>>> and >>>>> >>>>> free use of Bennett Haselton's circumventors such as >>>>> >>>>> https://jellykey.info/ and many more others. >>>>> >>>>> >>>>> >>>>> On 5/22/12, Victor van Reijswoud <[email protected]> >>>>> wrote: >>>>> >>>>>> Indeed OT but interesting. From a technical perspective >>>>> blocking is >>>>> >>>>>> easy, but from a human perspective this is more difficult. I >>>>> created a >>>>> >>>>>> very bad situation when I first blocked FB in an organisation >>>>> (on >>>>> >>>>>> request of the management). Blocking working hours was the >>>>> solution >>>>> >>>>>> (interesting to see how many people liked to stay after working >>>>> >>>>>> hours). >>>>> >>>>>> >>>>> >>>>>> What about blocking hotmail, gmail and other freemail when all >>>>> people >>>>> >>>>>> have office mail? I tend to block these as well in office hours. >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> On Tue, May 22, 2012 at 9:55 AM, Kyle Spencer < >>>>> [email protected]> >>>>> >>>>>> wrote: >>>>> >>>>>>> Hi Joseph, >>>>> >>>>>>> >>>>> >>>>>>> This is slightly OT, but I've always been of the opinion that >>>>> -- in >>>>> >>>>>>> general >>>>> >>>>>>> -- business networks shouldn't blacklist content. There's a >>>>> few >>>>> >>>>>>> reasons >>>>> >>>>>>> for >>>>> >>>>>>> this: >>>>> >>>>>>> >>>>> >>>>>>> 1) Blacklisting applications and websites quickly (and >>>>> inevitably) >>>>> >>>>>>> becomes >>>>> >>>>>>> a >>>>> >>>>>>> wild goose chase. New sites, services, and workarounds pop up >>>>> all the >>>>> >>>>>>> time >>>>> >>>>>>> and your users will find them (unless you white-list). If >>>>> bandwidth >>>>> >>>>>>> is >>>>> >>>>>>> your >>>>> >>>>>>> concern, just implement per-host throttling. >>>>> >>>>>>> >>>>> >>>>>>> 2) Office Internet connections are many people's only access >>>>> to the >>>>> >>>>>>> Internet >>>>> >>>>>>> in Uganda. Therefore, I believe we should ensure they have >>>>> access to >>>>> >>>>>>> the >>>>> >>>>>>> full (undiluted) experience. >>>>> >>>>>>> >>>>> >>>>>>> 3) People need mental down-time in order to be fully >>>>> productive. If >>>>> >>>>>>> my >>>>> >>>>>>> staff are doing their jobs well, why should I care if they >>>>> browse >>>>> >>>>>>> Facebook >>>>> >>>>>>> or watch Youtube videos from time-to-time? >>>>> >>>>>>> >>>>> >>>>>>> 4) This is ultimately an HR/management issue, not a technical >>>>> one. If >>>>> >>>>>>> your >>>>> >>>>>>> staff spend all of their time on Facebook and Youtube, the >>>>> problem is >>>>> >>>>>>> the >>>>> >>>>>>> behavior and not the sites themselves. If you simply ban >>>>> Facebook and >>>>> >>>>>>> Youtube, your staff will find something else to waste their >>>>> time on. >>>>> >>>>>>> It's >>>>> >>>>>>> better to focus your efforts on finding ways to inspire a >>>>> strong >>>>> >>>>>>> work-ethic >>>>> >>>>>>> in your staff -- ideally through an atmosphere of trust (see >>>>> items #1, >>>>> >>>>>>> #2, >>>>> >>>>>>> and #3). >>>>> >>>>>>> >>>>> >>>>>>> Regards, >>>>> >>>>>>> Kyle Spencer >>>>> >>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> On Tue, May 22, 2012 at 11:28 AM, KIYINI JOSEPH < >>>>> [email protected]> >>>>> >>>>>>> wrote: >>>>> >>>>>>>> >>>>> >>>>>>>> I Dont think we all use these but,...................... >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> http://www.techrepublic.com/blog/10things/the-top-10-apps-being-blacklisted-in-the-enterprise/3228?tag=mantle_skin;content >>>>> >>>>>>>> -- >>>>> >>>>>>>> KyaiJoe >>>>> >>>>>>>> _______________________________________________ >>>>> >>>>>>>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>>>>>>> >>>>> >>>>>>>> Send messages to this mailing list by addressing e-mails to: >>>>> >>>>>>>> [email protected] >>>>> >>>>>>>> Mailing list archives: >>>>> http://www.mail-archive.com/[email protected]/ >>>>> >>>>>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >>>>>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>>>>>>> >>>>> >>>>>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> >>>>>>>> http://www.infocom.co.ug/ >>>>> >>>>>>>> >>>>> >>>>>>>> The above comments and data are owned by whoever posted them >>>>> >>>>>>>> (including >>>>> >>>>>>>> attachments if any). The mailing list host is not responsible >>>>> for >>>>> >>>>>>>> them >>>>> >>>>>>>> in >>>>> >>>>>>>> any way. >>>>> >>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> _______________________________________________ >>>>> >>>>>>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>>>>>> >>>>> >>>>>>> Send messages to this mailing list by addressing e-mails to: >>>>> >>>>>>> [email protected] >>>>> >>>>>>> Mailing list archives: >>>>> http://www.mail-archive.com/[email protected]/ >>>>> >>>>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >>>>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>>>>>> >>>>> >>>>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> >>>>>>> http://www.infocom.co.ug/ >>>>> >>>>>>> >>>>> >>>>>>> The above comments and data are owned by whoever posted them >>>>> >>>>>>> (including >>>>> >>>>>>> attachments if any). The mailing list host is not responsible >>>>> for them >>>>> >>>>>>> in >>>>> >>>>>>> any way. >>>>> >>>>>> _______________________________________________ >>>>> >>>>>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>>>>> >>>>> >>>>>> Send messages to this mailing list by addressing e-mails to: >>>>> >>>>>> [email protected] >>>>> >>>>>> Mailing list archives: >>>>> http://www.mail-archive.com/[email protected]/ >>>>> >>>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >>>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>>>>> >>>>> >>>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> >>>>>> http://www.infocom.co.ug/ >>>>> >>>>>> >>>>> >>>>>> The above comments and data are owned by whoever posted them >>>>> (including >>>>> >>>>>> attachments if any). The mailing list host is not responsible >>>>> for them >>>>> >>>>>> in >>>>> >>>>>> any way. >>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> >>>>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>>>> >>>>> >>>>> Send messages to this mailing list by addressing e-mails to: >>>>> >>>>> [email protected] >>>>> >>>>> Mailing list archives: >>>>> http://www.mail-archive.com/[email protected]/ >>>>> >>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>>>> >>>>> >>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> >>>>> http://www.infocom.co.ug/ >>>>> >>>>> >>>>> >>>>> The above comments and data are owned by whoever posted them >>>>> (including >>>>> >>>>> attachments if any). The mailing list host is not responsible >>>>> for them in >>>>> >>>>> any way. >>>>> >>>> _______________________________________________ >>>>> >>>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>>> >>>>> >>>> Send messages to this mailing list by addressing e-mails to: >>>>> >>>> [email protected] >>>>> >>>> Mailing list archives: >>>>> http://www.mail-archive.com/[email protected]/ >>>>> >>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >>>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>>> >>>>> >>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> >>>> http://www.infocom.co.ug/ >>>>> >>>> >>>>> >>>> The above comments and data are owned by whoever posted them >>>>> (including >>>>> >>>> attachments if any). The mailing list host is not responsible for >>>>> them in >>>>> >>>> any way. >>>>> >>> >>>>> >>> >>>>> >>> >>>>> >>> _______________________________________________ >>>>> >>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>> >>>>> >>> Send messages to this mailing list by addressing e-mails to: >>>>> [email protected] >>>>> >>> Mailing list archives: >>>>> http://www.mail-archive.com/[email protected]/ >>>>> >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>> >>>>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> >>> http://www.infocom.co.ug/ >>>>> >>> >>>>> >>> The above comments and data are owned by whoever posted them >>>>> (including >>>>> >>> attachments if any). The mailing list host is not responsible for >>>>> them in >>>>> >>> any way. >>>>> >> _______________________________________________ >>>>> >> The Uganda Linux User Group: http://linux.or.ug >>>>> >> >>>>> >> Send messages to this mailing list by addressing e-mails to: >>>>> [email protected] >>>>> >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>>> >> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> >> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >> >>>>> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> http://www.infocom.co.ug/ >>>>> >> >>>>> >> The above comments and data are owned by whoever posted them >>>>> (including attachments if any). The mailing list host is not responsible >>>>> for them in any way. >>>>> > _______________________________________________ >>>>> > The Uganda Linux User Group: http://linux.or.ug >>>>> > >>>>> > Send messages to this mailing list by addressing e-mails to: >>>>> [email protected] >>>>> > Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>>> > Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> > To unsubscribe: http://kym.net/mailman/options/lug >>>>> > >>>>> > The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> http://www.infocom.co.ug/ >>>>> > >>>>> > The above comments and data are owned by whoever posted them >>>>> (including attachments if any). The mailing list host is not responsible >>>>> for them in any way. >>>>> _______________________________________________ >>>>> The Uganda Linux User Group: http://linux.or.ug >>>>> >>>>> Send messages to this mailing list by addressing e-mails to: >>>>> [email protected] >>>>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>>> >>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>>> http://www.infocom.co.ug/ >>>>> >>>>> The above comments and data are owned by whoever posted them >>>>> (including attachments if any). The mailing list host is not responsible >>>>> for them in any way. >>>>> >>>> >>>> >>>> >>>> -- >>>> Sanga M. Collins >>>> Network Engineering >>>> ~~~~~~~~~~~~~~~~~~~~~~~ >>>> Google Voice: (954) 324-1365 >>>> E- fax: (435) 578 7411 >>>> >>>> _______________________________________________ >>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>> Send messages to this mailing list by addressing e-mails to: >>>> [email protected] >>>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> http://www.infocom.co.ug/ >>>> >>>> The above comments and data are owned by whoever posted them (including >>>> attachments if any). The mailing list host is not responsible for them in >>>> any way. >>>> >>> >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them in >>> any way. >>> >> >> >> >> -- >> Sanga M. Collins >> Network Engineering >> ~~~~~~~~~~~~~~~~~~~~~~~ >> Google Voice: (954) 324-1365 >> E- fax: (435) 578 7411 >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > -- Sanga M. Collins Network Engineering ~~~~~~~~~~~~~~~~~~~~~~~ Google Voice: (954) 324-1365 E- fax: (435) 578 7411
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
