Depending on what firewall software you are using on your router, you could just write a simple shell script which updates the firewall entries to reflect the contents of said blacklists. What are you using? iptables?
I suppose they weren't smart enough, since you know of those times! :) Mail and web. That is, ports 25 (SMTP), 80 (HTTP), 110 (POP3), 143 (IMAP) 443 (HTTPS), 465 (SSMTP), 585 (IMAP4-SSL), 993 (IMAPS), 995 (SSL-POP)? How about ICMP traffic? On 23 May 2012 10:32, sanga collins <[email protected]> wrote: > A log is a record. In this case I am recording traffic and not content. > Regardless of semantics we play on the ethical side of the court. > > Known Proxy: Squidguard and Dans Guardian blacklists are kept up to date > so i don't have to chase them down myself. > Blocking in the firewall is painful. It means i have to maintain a list of > IP's or domains in more than 30 firewalls spread across the country. When i > could just use Squid+DansG in one location > > Yes there are ways of obfuscating traffic to make it appear as something > else. But i can count on 1 hand the number of times an individual has been > smart enough to do that let alone spell the word. > > We block all outbound ports except mail, and web. But these days all you > need is port 80 to connect to a proxy server that then opens playboy.comon > port80 for you. I never know you are on > playboy.com until the sexual harrasment lawsuit comes down the pipe or a > visitor to one of our nursing facilities claims that an resident was busy > watching porn in the dining room ... > > What to do? > > > On Wed, May 23, 2012 at 3:02 AM, Benjamin Tayehanpour < > [email protected]> wrote: > >> In that case, you are logging, not recording as you previously stated. >> There is a difference, so please refrain from mixing those two terms in the >> future. "Monitoring" is an umbrella word which could entail both logging >> and recording or even none of them and instead other approaches. >> >> And, as long as you don't record, you are staying on the ethical side of >> things, I suppose :) >> >> Although, I am a bit curious. What, exactly, entails "known proxy"? Do >> you keep a list of them? In that case, why not block them outright in the >> firewall? Also, there are ways of obfuscating traffic to make it >> indistinguishable from "legitimate" traffic. How do you counter that? >> >> Wouldn't it be easier just to block all outgoing ports except the ones >> you use in your line of work? That way you would blanket-block almost every >> public proxy out there, and there would be less traffic to monitor. >> >> >> On 23 May 2012 09:52, sanga collins <[email protected]> wrote: >> >>> The process of blocking requires monitoring. I believe blocking is >>> acting on monitored traffic, is it not? >>> >>> I think there is a misunderstanding as to what my monitoring entails. I >>> can not read a users email or view the website they are viewing live. All i >>> can see is what site was visited, when, and from which computer. Basic >>> information available in all routing equipment. On this basic information >>> rules are set in the organization with penalties for violating the rules. >>> If you access a known proxy or i determine you are circumventing the >>> monitoring, i dont need to know why you did it, or where you went. The fact >>> that you did, on a computer that isnt yours is grounds for termination >>> >>> >>> >>> On Wed, May 23, 2012 at 2:45 AM, Victor van Reijswoud < >>> [email protected]> wrote: >>> >>>> How long are records kept? Who is able to access and examine them? >>>> These are important issues when 'everything' is monitored. >>>> >>>> For medical information (as you refer to) this has been arranged by >>>> law in most countries. Is this also arranged for data/information >>>> related to computer use of individuals in your organisation? >>>> >>>> Un-ethical is a strong word but I feel it more transparent to block >>>> than to monitor 'everything'. >>>> >>>> >>>> On Wed, May 23, 2012 at 7:27 AM, Sanga Collins <[email protected]> >>>> wrote: >>>> > Why is it un ethical? You work in our office using our computers >>>> handling patient medical information and financial data. The govt mandates >>>> we keep a 'paper trail' of everything coming and going. We also clearly >>>> state in the terms of employment that all Internet traffic is monitored. >>>> > >>>> > Don't see the unethical part. >>>> > >>>> > Besides most routers and networking equipment log all traffic anyway. >>>> > >>>> > Sent from my mobile device >>>> > >>>> > On May 23, 2012, at 9:19 AM, Victor van Reijswoud < >>>> [email protected]> wrote: >>>> > >>>> >> +1 >>>> >> >>>> >> >>>> >> On Wed, May 23, 2012 at 7:13 AM, Benjamin Tayehanpour >>>> >> <[email protected]> wrote: >>>> >>> Recording traffic is even worse than outright blocking it, from an >>>> ethical >>>> >>> point of view. It's quite fun, though :) >>>> >>> >>>> >>> >>>> >>> On 22 May 2012 16:09, Sanga Collins <[email protected]> >>>> wrote: >>>> >>>> >>>> >>>> We don't block apps or websites we haut record everything. HR has >>>> new >>>> >>>> employees sign terms of use. If they are violated the employee is >>>> >>>> terminated. Use of proxies or circumvention techniques counts as 2 >>>> >>>> violations. Leaving 1 violation for termination. >>>> >>>> >>>> >>>> Each year your violations reset to zero and all cases are >>>> investigated >>>> >>>> since spam, spyware or viruses can also cause traffic to be >>>> recorded that is >>>> >>>> not allowed. >>>> >>>> >>>> >>>> Btw we allow far book twitter and social networking sites. But if >>>> you >>>> >>>> spend majority of your day 'networking' then that counts as a >>>> violation :) >>>> >>>> >>>> >>>> Sent from my mobile device >>>> >>>> >>>> >>>> On May 22, 2012, at 4:02 PM, erias swraggy <[email protected]> >>>> wrote: >>>> >>>> >>>> >>>>> I think its a total waste of time especially with the existence >>>> and >>>> >>>>> free use of Bennett Haselton's circumventors such as >>>> >>>>> https://jellykey.info/ and many more others. >>>> >>>>> >>>> >>>>> On 5/22/12, Victor van Reijswoud <[email protected]> >>>> wrote: >>>> >>>>>> Indeed OT but interesting. From a technical perspective blocking >>>> is >>>> >>>>>> easy, but from a human perspective this is more difficult. I >>>> created a >>>> >>>>>> very bad situation when I first blocked FB in an organisation (on >>>> >>>>>> request of the management). Blocking working hours was the >>>> solution >>>> >>>>>> (interesting to see how many people liked to stay after working >>>> >>>>>> hours). >>>> >>>>>> >>>> >>>>>> What about blocking hotmail, gmail and other freemail when all >>>> people >>>> >>>>>> have office mail? I tend to block these as well in office hours. >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> On Tue, May 22, 2012 at 9:55 AM, Kyle Spencer < >>>> [email protected]> >>>> >>>>>> wrote: >>>> >>>>>>> Hi Joseph, >>>> >>>>>>> >>>> >>>>>>> This is slightly OT, but I've always been of the opinion that >>>> -- in >>>> >>>>>>> general >>>> >>>>>>> -- business networks shouldn't blacklist content. There's a few >>>> >>>>>>> reasons >>>> >>>>>>> for >>>> >>>>>>> this: >>>> >>>>>>> >>>> >>>>>>> 1) Blacklisting applications and websites quickly (and >>>> inevitably) >>>> >>>>>>> becomes >>>> >>>>>>> a >>>> >>>>>>> wild goose chase. New sites, services, and workarounds pop up >>>> all the >>>> >>>>>>> time >>>> >>>>>>> and your users will find them (unless you white-list). If >>>> bandwidth >>>> >>>>>>> is >>>> >>>>>>> your >>>> >>>>>>> concern, just implement per-host throttling. >>>> >>>>>>> >>>> >>>>>>> 2) Office Internet connections are many people's only access to >>>> the >>>> >>>>>>> Internet >>>> >>>>>>> in Uganda. Therefore, I believe we should ensure they have >>>> access to >>>> >>>>>>> the >>>> >>>>>>> full (undiluted) experience. >>>> >>>>>>> >>>> >>>>>>> 3) People need mental down-time in order to be fully >>>> productive. If >>>> >>>>>>> my >>>> >>>>>>> staff are doing their jobs well, why should I care if they >>>> browse >>>> >>>>>>> Facebook >>>> >>>>>>> or watch Youtube videos from time-to-time? >>>> >>>>>>> >>>> >>>>>>> 4) This is ultimately an HR/management issue, not a technical >>>> one. If >>>> >>>>>>> your >>>> >>>>>>> staff spend all of their time on Facebook and Youtube, the >>>> problem is >>>> >>>>>>> the >>>> >>>>>>> behavior and not the sites themselves. If you simply ban >>>> Facebook and >>>> >>>>>>> Youtube, your staff will find something else to waste their >>>> time on. >>>> >>>>>>> It's >>>> >>>>>>> better to focus your efforts on finding ways to inspire a strong >>>> >>>>>>> work-ethic >>>> >>>>>>> in your staff -- ideally through an atmosphere of trust (see >>>> items #1, >>>> >>>>>>> #2, >>>> >>>>>>> and #3). >>>> >>>>>>> >>>> >>>>>>> Regards, >>>> >>>>>>> Kyle Spencer >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>> On Tue, May 22, 2012 at 11:28 AM, KIYINI JOSEPH < >>>> [email protected]> >>>> >>>>>>> wrote: >>>> >>>>>>>> >>>> >>>>>>>> I Dont think we all use these but,...................... >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> http://www.techrepublic.com/blog/10things/the-top-10-apps-being-blacklisted-in-the-enterprise/3228?tag=mantle_skin;content >>>> >>>>>>>> -- >>>> >>>>>>>> KyaiJoe >>>> >>>>>>>> _______________________________________________ >>>> >>>>>>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>>>>>> >>>> >>>>>>>> Send messages to this mailing list by addressing e-mails to: >>>> >>>>>>>> [email protected] >>>> >>>>>>>> Mailing list archives: >>>> http://www.mail-archive.com/[email protected]/ >>>> >>>>>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >>>>>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>>>>>> >>>> >>>>>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> >>>>>>>> http://www.infocom.co.ug/ >>>> >>>>>>>> >>>> >>>>>>>> The above comments and data are owned by whoever posted them >>>> >>>>>>>> (including >>>> >>>>>>>> attachments if any). The mailing list host is not responsible >>>> for >>>> >>>>>>>> them >>>> >>>>>>>> in >>>> >>>>>>>> any way. >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>> _______________________________________________ >>>> >>>>>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>>>>> >>>> >>>>>>> Send messages to this mailing list by addressing e-mails to: >>>> >>>>>>> [email protected] >>>> >>>>>>> Mailing list archives: >>>> http://www.mail-archive.com/[email protected]/ >>>> >>>>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >>>>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>>>>> >>>> >>>>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> >>>>>>> http://www.infocom.co.ug/ >>>> >>>>>>> >>>> >>>>>>> The above comments and data are owned by whoever posted them >>>> >>>>>>> (including >>>> >>>>>>> attachments if any). The mailing list host is not responsible >>>> for them >>>> >>>>>>> in >>>> >>>>>>> any way. >>>> >>>>>> _______________________________________________ >>>> >>>>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>>>> >>>> >>>>>> Send messages to this mailing list by addressing e-mails to: >>>> >>>>>> [email protected] >>>> >>>>>> Mailing list archives: >>>> http://www.mail-archive.com/[email protected]/ >>>> >>>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >>>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>>>> >>>> >>>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> >>>>>> http://www.infocom.co.ug/ >>>> >>>>>> >>>> >>>>>> The above comments and data are owned by whoever posted them >>>> (including >>>> >>>>>> attachments if any). The mailing list host is not responsible >>>> for them >>>> >>>>>> in >>>> >>>>>> any way. >>>> >>>>>> >>>> >>>>> _______________________________________________ >>>> >>>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>>> >>>> >>>>> Send messages to this mailing list by addressing e-mails to: >>>> >>>>> [email protected] >>>> >>>>> Mailing list archives: >>>> http://www.mail-archive.com/[email protected]/ >>>> >>>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >>>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>>> >>>> >>>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> >>>>> http://www.infocom.co.ug/ >>>> >>>>> >>>> >>>>> The above comments and data are owned by whoever posted them >>>> (including >>>> >>>>> attachments if any). The mailing list host is not responsible for >>>> them in >>>> >>>>> any way. >>>> >>>> _______________________________________________ >>>> >>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>> >>>> >>>> Send messages to this mailing list by addressing e-mails to: >>>> >>>> [email protected] >>>> >>>> Mailing list archives: >>>> http://www.mail-archive.com/[email protected]/ >>>> >>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>> >>>> >>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> >>>> http://www.infocom.co.ug/ >>>> >>>> >>>> >>>> The above comments and data are owned by whoever posted them >>>> (including >>>> >>>> attachments if any). The mailing list host is not responsible for >>>> them in >>>> >>>> any way. >>>> >>> >>>> >>> >>>> >>> >>>> >>> _______________________________________________ >>>> >>> The Uganda Linux User Group: http://linux.or.ug >>>> >>> >>>> >>> Send messages to this mailing list by addressing e-mails to: >>>> [email protected] >>>> >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>> >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>> >>>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> >>> http://www.infocom.co.ug/ >>>> >>> >>>> >>> The above comments and data are owned by whoever posted them >>>> (including >>>> >>> attachments if any). The mailing list host is not responsible for >>>> them in >>>> >>> any way. >>>> >> _______________________________________________ >>>> >> The Uganda Linux User Group: http://linux.or.ug >>>> >> >>>> >> Send messages to this mailing list by addressing e-mails to: >>>> [email protected] >>>> >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>> >> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> >> To unsubscribe: http://kym.net/mailman/options/lug >>>> >> >>>> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> http://www.infocom.co.ug/ >>>> >> >>>> >> The above comments and data are owned by whoever posted them >>>> (including attachments if any). The mailing list host is not responsible >>>> for them in any way. >>>> > _______________________________________________ >>>> > The Uganda Linux User Group: http://linux.or.ug >>>> > >>>> > Send messages to this mailing list by addressing e-mails to: >>>> [email protected] >>>> > Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>> > Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> > To unsubscribe: http://kym.net/mailman/options/lug >>>> > >>>> > The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> http://www.infocom.co.ug/ >>>> > >>>> > The above comments and data are owned by whoever posted them >>>> (including attachments if any). The mailing list host is not responsible >>>> for them in any way. >>>> _______________________________________________ >>>> The Uganda Linux User Group: http://linux.or.ug >>>> >>>> Send messages to this mailing list by addressing e-mails to: >>>> [email protected] >>>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>>> To unsubscribe: http://kym.net/mailman/options/lug >>>> >>>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>>> http://www.infocom.co.ug/ >>>> >>>> The above comments and data are owned by whoever posted them (including >>>> attachments if any). The mailing list host is not responsible for them in >>>> any way. >>>> >>> >>> >>> >>> -- >>> Sanga M. Collins >>> Network Engineering >>> ~~~~~~~~~~~~~~~~~~~~~~~ >>> Google Voice: (954) 324-1365 >>> E- fax: (435) 578 7411 >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them in >>> any way. >>> >> >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> > > > > -- > Sanga M. Collins > Network Engineering > ~~~~~~~~~~~~~~~~~~~~~~~ > Google Voice: (954) 324-1365 > E- fax: (435) 578 7411 > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
