The problem is: would anyone in the organization *believe* that it is anonymous, thus, would they actually use it?
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Thu, Jun 27, 2013 at 3:14 PM, Ben Scott <mailvor...@gmail.com> wrote: > On Thu, Jun 27, 2013 at 2:42 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > > If you're monitoring your environment properly, there is no anonymity. > > Event logs, SMTP logs, IIS logs, NTFS permissions and all the rest > > should make everything thing someone does over the network inside your > > company very traceable. > > I bet you could design an in-house system that did it pretty well, > though. Build a dedicated and stand-alone (non-domain) web server, > turn off most/all logging on it, script something to batch together > submission results and then randomize their order before forwarding > them via SMTP to your main system. > > (I would expect this to be overkill, but as a thought experiment > it's interesting.) > > -- Ben > > >
