On 6 Aug 2008, at 14:28, Daniel da Veiga wrote:
On Tue, Aug 5, 2008 at 10:45 PM, Francisco Ares <[EMAIL PROTECTED]>
wrote:
...
I know that things such as address, trafic, bandwith are easy to be
tracked and logged, but what about, say, my gmail messages - is it
possible to log them also? Which package should I use or look for?
...
The only way I can think for you to keep track of your messages is to
sniff unencrypted packages (https wouldn't work), look for specific
patterns and use that to estimate usage, of course, I'm considering
your statement about bandwidth, traffic, address and the fact that
something like that would be a hard, complex and not NEAR fail proof
concept, along with the privacy issues, of course.
I read OP's question that he isn't interested in the *bandwidth* of
the Hotmail messages, per-se - I thought he was just giving bandwidth
monitoring as an example of a routine network management task that is
easy & obvious to undertake in establishing the background to his
question.
In some companies it is indeed necessary to have a handle on this
sort of thing. AIUI to meet certain financial regulations intended to
prevent insider-trading (Sarbanes-Oxley?) one must have facilities in
place to monitor all communications in & out the building. I suppose
that at one time recording all telephone calls would have required a
prohibitive quantity of cassette tapes, so a supervisor listening in
randomly would be acceptable, but leaving webmail accounts ignored is
a huge hole.
Privacy issues should be covered by a company IT usage policy. I
think that stating that all traffic is logged would cover this - see
your lawyer as to how you phrase this exactly. Ensure that auditing
is undertaken in a documented and regimented manner - it should
probably be a separate role from IT admin and or a boss probably
shouldn't be looking at his employees emails; you should probably
have a person randomly looking at messages for *specific* infractions
(and they should probably be trained to ignore anything "naughty"
that isn't specifically within their remit).
I have played with wireshark &/or etherreal in the past and have been
AMAZED at how clearly interactions can be logged when filtering is
set correctly.
Daniel: might it not be possible to have the firewall drop https
connections to hotmail / gmail / yahoo mail domains, thus forcing the
users back to unencrypted http? That begs the question: if you can do
that, why not just completely block access to webmail sites?
Stroller.
