|Main Archive Page > Month Archives > security-basics archives|
Niksun is an excellent appliance, although Narus is also worth a look. Narus is what was deployed by the NSA at AT&T that caused all that fuss ;) --- Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On 27-Nov-07, at 2:52 PM, Chris Barber wrote:
> Have you looked at NetVCR by Niksun. It is a network appliance that
> captures all network traffic. from a span port on a switch. You can
> rebuild E-Mails, webpages, etc. If the traffic crosses the wire this
> box captures it. Depending on the drive space you can capture days
> worth of traffic.
> On 11/20/07, Col <firstname.lastname@example.org> wrote:
>> Hi everyone,
>> In my job we have to investigate people on our network for various
>> Increasingly I am finding I need some sort of tool to help me out.
>> Preferably something that I can run on a server, point at a client or
>> a user account and have it monitor that user/machine activity over a
>> period of time.
>> The best tool would have these sorts of features:-
>> Audit log - everything the user does (shared drives, applications,
>> sites visited)
>> Data copy - copy data from the machine, including from pen drives
>> (automatically would be nice)
>> Offline logging - ability to log what the user does with the machine
>> when its off the network
>> Alerting system - alert me when the user does something defined in
>> a rule
>> Has anyone come across a tool that does any of these things?
>> I guess the best solution would be to write something in house, as it
>> would almost never get picked up by Anti Virus scanners, but
>> that's a lot of effort.
>> Any pointers appreciated, thanks in advance.