Re: [EXTERNAL] [SECURITY] Query: internet browsing logs

[Ronald King <ronald.king () MORGAN EDU>]

This is the same for Morgan State. We do not decrypt avoid the potential
privacy and compliance issues. By decrypting SSL you will have access to
and storing HIPAA and PCI data.

Ron
*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>



On Thu, Oct 11, 2018 at 9:30 AM Adam Maynard <AMaynard () clarku edu> wrote:

> We log all URL’s visited from on Campus with Palo Alto NGFW. We don’t
> decrypt https, so it just logs the root URL for those. We can trace that
> traffic back to a user fairly easily.
>
>
>
> This is pretty helpful for phishing/malware incident response.
>
>
>
>
>
> V/R,
>
> Adam Maynard
>
> Information Security Analyst
>
> Clark University
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Roshan Harneker
> *Sent:* Thursday, October 11, 2018 09:14
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [EXTERNAL] [SECURITY] Query: internet browsing logs
>
>
>
> Hi,
>
>
>
> We have a requirement to be able to collate internet browsing logs that
> will also be able to provide us with detail around URLs visited especially
> when forensic investigations are requested. We don’t have a requirement to
> view the website contents, just websites visited. In the past TMG was used
> as a proxy but since so much traffic is now SSL-based, I wanted to know
> what other universities are using to capture HTTP/HTTPS traffic information
> and being able to tie each URL visited to an identity.
>
>
>
> Regards,
>
> Roshan
>
>
>
> Roshan Harneker
> Senior Manager: Information and Cybersecurity Services
>
> Information & Communication Technology Services (ICTS)
>
> University of Cape Town
> Phone: 021 650 3658
> roshan.harneker () uct ac za
>
> https://csirt.uct.ac.za
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fcsirt.uct.ac.za-26data-3D02-257C01-257Camaynard-2540CLARKU.EDU-257C42760933b7184097adb008d62f7cc34a-257Cb5b2263d68aa453eb972aa1421410f80-257C1-257C0-257C636748610237162871-26sdata-3DCmApkigwvreS-252FEW0UNksB5E2IF2ryX6lfUtCt7JFi5k-253D-26reserved-3D0&d=DwMFAg&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=_EIxEfDkgL9ifVMXlZ0L8xlKKdtQ1gkpX_pwwhyfgFI&s=EgB8VYbCdfT4IPoA_WQS9eaYBpu8vq8sTSTPWpW6bC8&e=>
>
>
>
> Disclaimer - University of Cape Town This email is subject to UCT policies
> and email disclaimer published on our website at
> http://www.uct.ac.za/main/email-disclaimer
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.uct.ac.za_main_email-2Ddisclaimer&d=DwMFAg&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=_EIxEfDkgL9ifVMXlZ0L8xlKKdtQ1gkpX_pwwhyfgFI&s=6UimJZIv5ApoIgXmp_c_7gxOg_8TUewHfziBalHcm9o&e=>
> or obtainable from +27 21 650 9111. If this email is not related to the
> business of UCT, it is sent by the sender in an individual capacity. Please
> report security incidents or abuse via
> https://csirt.uct.ac.za/page/report-an-incident.php
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__csirt.uct.ac.za_page_report-2Dan-2Dincident.php&d=DwMFAg&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=_EIxEfDkgL9ifVMXlZ0L8xlKKdtQ1gkpX_pwwhyfgFI&s=W-c_3a7SWO-4eRpIDqR_n5TWYrXSaCHmrWzpGoyloig&e=>.