Educause Security Discussion mailing list archives
Re: URL Logging Allowed?
From: Rich Graves <rgraves () CARLETON EDU>
Date: Mon, 11 Nov 2013 11:32:19 -0600
We've been logging URLs, for phishing and malware remediation, since about 2010. I keep trying to have a serious conversation about privacy here, but it's usually cut short with "don't worry, we trust you." Um, that's not the point... I exclude facebook.com, *.edu, *.gov, and a few other domains because of the low signal/noise+privacy ratio. As previously discussed here, short of full URL logging, you can get some idea of who has visited hostile sites with a combination of DNS query logging and netflow. You need both because most web browsers will do DNS lookups for all links on a page, even if the user never clicks them. You can mitigate the privacy implications of any sort of logging with truncation, hashing, and reversible obfuscation. 1226522706a22b87bc141260c073fd9d can be just as useful as khfdurb.jimdo.com/. 2299920641 can be just as useful as 137.22.1.1. Design your query interface so that it displays personal identifiable information only when requested.
Current thread:
- URL Logging Allowed? Gramke, Jim (Nov 11)
- Re: URL Logging Allowed? Harry Hoffman (Nov 11)
- Re: URL Logging Allowed? Rich Graves (Nov 11)
- Re: URL Logging Allowed? Harry Hoffman (Nov 11)