Hosting Provided By

RE: Waste, Fraud, Abuse

From: David Losen <dlosen(at)sgtlabs.com>
Date: Thu Jul 24 2003 - 14:52:17 EDT

For the last year I've avoided any solicitation of our company's product out of respect for the information shared in this list. BUT, this WFA thread screams for it. If you feel incline, take a look at www.sgtlabs.com. It's an enterprise monitoring product that tracks WFA and more in a simplistic manner. The information
[Date,Time,Username,Computername,Application{and/or}Website visited] is collected in a secure appliance that can provide evidence admissible in court.
It's targeted to the SMB market but scaleable to larger organizations. I think its a good solution, but hey, I'm just an engineer.

Dave Losen
Sergeant Laboratories, Inc.
4329 Mormon Coulee Road
LaCrosse, WI 54601
608 788 9143
dlosen@sgtlabs.com

-----Original Message-----
From: dr john halewood [mailto:john@sumotech.com] Sent: Wednesday, July 23, 2003 11:34 AM
To: forensics@securityfocus.com
Subject: Re: Waste, Fraud, Abuse

On Tuesday 22 Jul 2003 9:57 pm, Curt Purdy wrote:
>The problem comes from someone cluefull enough to wipe cookies/history and
>not keep incriminating files. The best best answer is a proxy server that
>logs all access and an email server that keeps a record of all mail.

Whilst logs from mail and proxy servers are useful in isolating potential culprits (either in WFA cases or others, such as illicit viewing of pornography), and may possibly count as suitable evidence in internal disciplinary procedures, it generally isn't enough to satisfy courts, if things are likely to reach that level.
I've been involved in a number of cases where the powers that be have said that server logs were not sufficient (too easily forged, although if you run them straight to a printer or burn to CD-R etc you might be better off), and even that evidence found on a hard drive can be questioned (can you prove your suspect was using the machine at the time?). However a combination of a network sniffer and a few shell scripts to monitor server logs and page appropriate people have lead to the suspects being caught at the machine, which (combined with extra evidence such as log files), is usually enough to prove the offence conclusively.

cheers
john

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jul 24 15:57:58 2003

This message: [ Message body ]
Next message: s.cappendell(at)aevwl.de: "RE: Waste, Fraud, Abuse"
Previous message: H Carvey: "Re: Decent Win32 utility for hash set creation, organization, and manipulation?"
Maybe in reply to: JJ: "Waste, Fraud, Abuse"
In reply to Matt D. Brei: "RE: Waste, Fraud, Abuse"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:44 EDT