Educause Security Discussion mailing list archives
Re: [EXTERNAL] [SECURITY] Query: internet browsing logs
From: Ronald King <ronald.king () MORGAN EDU>
Date: Thu, 11 Oct 2018 11:45:09 -0400
This is the same for Morgan State. We do not decrypt avoid the potential privacy and compliance issues. By decrypting SSL you will have access to and storing HIPAA and PCI data. Ron *Ronald A. King, CISSP* Chief Information Security Officer Morgan State University Office: (443) 885-3372 1700 E. Cold Spring Ln. Email: ronald.king () morgan edu Baltimore, MD 21251 URL: http://www.morgan.edu *Growing the future ... Leading the world* <http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf> On Thu, Oct 11, 2018 at 9:30 AM Adam Maynard <AMaynard () clarku edu> wrote:
We log all URL’s visited from on Campus with Palo Alto NGFW. We don’t decrypt https, so it just logs the root URL for those. We can trace that traffic back to a user fairly easily. This is pretty helpful for phishing/malware incident response. V/R, Adam Maynard Information Security Analyst Clark University *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Roshan Harneker *Sent:* Thursday, October 11, 2018 09:14 *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [EXTERNAL] [SECURITY] Query: internet browsing logs Hi, We have a requirement to be able to collate internet browsing logs that will also be able to provide us with detail around URLs visited especially when forensic investigations are requested. We don’t have a requirement to view the website contents, just websites visited. In the past TMG was used as a proxy but since so much traffic is now SSL-based, I wanted to know what other universities are using to capture HTTP/HTTPS traffic information and being able to tie each URL visited to an identity. Regards, Roshan Roshan Harneker Senior Manager: Information and Cybersecurity Services Information & Communication Technology Services (ICTS) University of Cape Town Phone: 021 650 3658 roshan.harneker () uct ac za https://csirt.uct.ac.za <https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fcsirt.uct.ac.za-26data-3D02-257C01-257Camaynard-2540CLARKU.EDU-257C42760933b7184097adb008d62f7cc34a-257Cb5b2263d68aa453eb972aa1421410f80-257C1-257C0-257C636748610237162871-26sdata-3DCmApkigwvreS-252FEW0UNksB5E2IF2ryX6lfUtCt7JFi5k-253D-26reserved-3D0&d=DwMFAg&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=_EIxEfDkgL9ifVMXlZ0L8xlKKdtQ1gkpX_pwwhyfgFI&s=EgB8VYbCdfT4IPoA_WQS9eaYBpu8vq8sTSTPWpW6bC8&e=> Disclaimer - University of Cape Town This email is subject to UCT policies and email disclaimer published on our website at http://www.uct.ac.za/main/email-disclaimer <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.uct.ac.za_main_email-2Ddisclaimer&d=DwMFAg&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=_EIxEfDkgL9ifVMXlZ0L8xlKKdtQ1gkpX_pwwhyfgFI&s=6UimJZIv5ApoIgXmp_c_7gxOg_8TUewHfziBalHcm9o&e=> or obtainable from +27 21 650 9111. If this email is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via https://csirt.uct.ac.za/page/report-an-incident.php <https://urldefense.proofpoint.com/v2/url?u=https-3A__csirt.uct.ac.za_page_report-2Dan-2Dincident.php&d=DwMFAg&c=0CCt47_3RbNABITTvFzZbA&r=hF9utfnfkGfY793x81M4Gr0nwxs9KYTZ6TUPUh4wPjs&m=_EIxEfDkgL9ifVMXlZ0L8xlKKdtQ1gkpX_pwwhyfgFI&s=W-c_3a7SWO-4eRpIDqR_n5TWYrXSaCHmrWzpGoyloig&e=>.
Current thread:
- Query: internet browsing logs Roshan Harneker (Oct 11)
- Re: [EXTERNAL] [SECURITY] Query: internet browsing logs Adam Maynard (Oct 11)
- Re: [EXTERNAL] [SECURITY] Query: internet browsing logs Ronald King (Oct 11)
- Re: [EXTERNAL] [SECURITY] Query: internet browsing logs Brian Epstein (Oct 11)
- Re: [EXTERNAL] [SECURITY] Query: internet browsing logs Ronald King (Oct 11)
- Re: Query: internet browsing logs Frank Barton (Oct 11)
- Re: Query: internet browsing logs Scantlin, Aaron J. (Oct 11)
- Re: Query: internet browsing logs Kevin Wilcox (Oct 11)
- Re: [EXTERNAL] [SECURITY] Query: internet browsing logs Adam Maynard (Oct 11)