Sunday, February 14, 2010


E-mail can easily be monitored by simply copying the contents of a user’s inbox for incoming mail or logging the actions of the simple mail transport protocol (SMTP) server for outgoing mail. However, these logs are often difficult to read, especially when dealing with a large network and a large volume of network traffic. A series of products are made available to help the network manager parse the logs, searching for users or keywords. Some of these products include MIMESweeper, Elron, and Tumbleweed/Message Monitor.
There are a number of plugins, such as PGP or GPG, for popular mail programs that can send encrypted electronic mail. These plugins are helpful when someone wants to send private information over an inherently insecure network like the Internet. However, they can also deem certain communications unreadable, such as the ones that an organization might be monitoring to control. Logging and reading these encrypted messages is a challenge not easily solved, as brute force attacks on cracking the passphrases can take decades, even with the most powerful computers. Organizations may wish to have separate policies on encryption for monitoring.
Monitoring e-mail sent through popular Web-based providers like Yahoo! or Hotmail can be difficult as well, because the message never passes through the SMTP servers for the organization, nor does the organization have direct control over the user’s mailboxes. Monitoring these type of mail services is usually done through a general monitoring tool, as listed in another section below File-Sharing Monitoring Products File-sharing has a history of waxing and waning between one of the easiest applications to monitor to one of the toughest. It some ways it appears that it is almost a game as users of file-sharing services try to devise ways to run their services around and through corporate attempts to halt them. The first filesharing products, like Napster, always connected to the server on a specific transmission control protocol (TCP) port. Managers were then able to simply block access to that TCP port at the firewall and it would eliminate access to that service. Then a plethora of new services came out using different ports, or the ports were configurable by the users. Some users would simply set their filesharing traffic to port 80, a port normally left open by network managers as it is used largely to connect Hypertext Transfer Protocol (HTTP) requests. Other problems were created by users demanding that they be allowed to use these programs, especially at high-profile universities like Yale and Indiana. In those cases, something had to be done to limit the amount of bandwidth these services could use, because other legitimate traffic was being crowded out by the filesharing traffic. A number of hardware and software solutions cropped up to aid network managers in their quest to reduce or eliminate file-sharing traffic.
On the software side, it was mentioned above that already existing firewalls can be configured to block traffic on certain TCP (Layer 4) ports.
Other programs, like P2P Traffic Monitor, are designed to examine the packets at the application layer (Layer 7) to determine the type of packet and whether or not to block it. Hardware solutions like Packeteer plug into the network to control the amount of bandwidth available to certain applications.
Packeteer has been most popular at colleges and universities, which in general
do not want to be accused of censorship or limiting access to resources, but still have to deal with bandwidth concerns among thousands of users.

No comments:

Post a Comment