We also use OpenDNS Umbrella. We have deployed their Virtual Appliances inside our network so that the OpenDNS logs show the real IP address of the DNS clients. (Otherwise, our firewall would PAT the addresses on the way out to the Internet.)
We have not yet implemented anything to sniff out people who circumvent the policies that we’ve placed on the OpenDNS servers. We have Palo Alto PA-5050 devices sitting in between our inside network and our production firewall, which we could use for this purpose. We just haven’t gotten that far yet. From: [email protected] [mailto:[email protected]] On Behalf Of Graham Dunn Sent: Friday, February 19, 2016 9:51 AM To: [email protected]; Edward Ned Harvey (lopser) <[email protected]> Subject: Re: [lopsa-tech] Identify illicit behavior We use OpenDNS Umbrella, with only the malware deny mode on, but everything is logged and OpenDNS will generate a report of flagged URLs, so it's possible to go back to your own systems (we send all DNS/DHCP activity into ELK) and correlate who it was. OpenDNS will also sell you a box that does all that for you. Graham From: Edward Ned Harvey (lopser) <[email protected]><mailto:[email protected]> Reply: Edward Ned Harvey (lopser) <[email protected]><mailto:[email protected]> Date: February 19, 2016 at 10:45:51 AM To: [email protected]<mailto:[email protected]> <[email protected]><mailto:[email protected]> Subject: [lopsa-tech] Identify illicit behavior Suppose a company has a policy about permitted use of the company laptops and internet, but you have suspicion that some user(s) are using it for illicit purposes such as porn. You've already taken measures to prevent accidental access - content filtering firewall, dns filtering, etc. You want to take reasonable steps to prevent misuse, but you also want to be alerted and catch people, if they try to misuse it. Can you name any products? I'm thinking either some agent that runs on pc's, or something that monitors network traffic and triggers alerts. I'm fully aware of the need for caution in how such tools are applied - both in terms of respecting peoples' privacy, and legal rights, and distinguishing accidental misuse and false positives from real violations. _______________________________________________ Tech mailing list [email protected]<mailto:[email protected]> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
