On Wed, Aug 6, 2008 at 11:30 AM, Stroller <[EMAIL PROTECTED]> wrote: > > On 6 Aug 2008, at 14:28, Daniel da Veiga wrote: >> >> On Tue, Aug 5, 2008 at 10:45 PM, Francisco Ares <[EMAIL PROTECTED]> wrote: >>> >>> ... >>> I know that things such as address, trafic, bandwith are easy to be >>> tracked and logged, but what about, say, my gmail messages - is it >>> possible to log them also? Which package should I use or look for? >> >> ... >> The only way I can think for you to keep track of your messages is to >> sniff unencrypted packages (https wouldn't work), look for specific >> patterns and use that to estimate usage, of course, I'm considering >> your statement about bandwidth, traffic, address and the fact that >> something like that would be a hard, complex and not NEAR fail proof >> concept, along with the privacy issues, of course. > > I read OP's question that he isn't interested in the *bandwidth* of the > Hotmail messages, per-se - I thought he was just giving bandwidth monitoring > as an example of a routine network management task that is easy & obvious to > undertake in establishing the background to his question. > > In some companies it is indeed necessary to have a handle on this sort of > thing. AIUI to meet certain financial regulations intended to prevent > insider-trading (Sarbanes-Oxley?) one must have facilities in place to > monitor all communications in & out the building. I suppose that at one time > recording all telephone calls would have required a prohibitive quantity of > cassette tapes, so a supervisor listening in randomly would be acceptable, > but leaving webmail accounts ignored is a huge hole. > > Privacy issues should be covered by a company IT usage policy. I think that > stating that all traffic is logged would cover this - see your lawyer as to > how you phrase this exactly. Ensure that auditing is undertaken in a > documented and regimented manner - it should probably be a separate role > from IT admin and or a boss probably shouldn't be looking at his employees > emails; you should probably have a person randomly looking at messages for > *specific* infractions (and they should probably be trained to ignore > anything "naughty" that isn't specifically within their remit). > > I have played with wireshark &/or etherreal in the past and have been AMAZED > at how clearly interactions can be logged when filtering is set correctly. > > Daniel: might it not be possible to have the firewall drop https connections > to hotmail / gmail / yahoo mail domains, thus forcing the users back to > unencrypted http? That begs the question: if you can do that, why not just > completely block access to webmail sites? >
Yeah, maybe I misunderstood the OP question. If we are talking about an enterprise network, of course, you can even transparently redirect the request, if a proxy is configured at the gateway. Completely blocking webmail is an option, as you correctly stated, security and network policies apply, and there are laws (at least in my country) that say a employer CAN read its employees mails (of their enterprise account, of course). Anyway, a company CAN keep their network (and/or communications in general) clean, reduce security exploits, and keep track of their employees, if they take the time and pay someone to do it (and of course, provide the hardware). I play with sniffers, but never to the extent of analysing package contents, only to create statistics, and its good to know you can do that with filtering (may talk to the boss about that, too much streaming sites eating our bandwidth). PS: I'm almost completing law school. Too bad my english is not THAT good to translate that... lol -- Daniel da Veiga
