Re: [squid-users] grab password from url

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 7 Jan 2005 00:56:33 +0100 (CET)

On Tue, 4 Jan 2005, Luca Marchiori wrote:

> I need to do this because a customer of mine is thinking that an employee is
> doing "strange things" with the internet connection. He is thinking that the
> employee is uploading documents on a virtual hard disk on the internet
> (sorry 4 my poor english...).

So your real question is if it is possible to determine with the help of
Squid if this employee is uploading confidential information to a third
party web site.

From the Squid logs you can easily tell what web sites the user is
visiting, and how often.

If you think this is being done and is done in good faith then the best
action is to simply ask the employee if he is doing this or if he is aware
what the implications of doing so would be.

Generally speaking, if the web site is https based then all you can see is
the amount of traffic going in both directions, but if it is http based
then everything can be seen (just dump the network traffic and analyze
it). This is not directly related to Squid but any Internet usage.

As for Squid you have somewhat limited tools for doing this. Partly due to
the problem not being Squid specific but a general problem of how to
monitor usage of Internet.

In an ethical point of view stealing the users personal login details to
this third party web site by analyzing his traffic is very dubious in my
view, and probably illegal in many countries. You surely should be able to
make up better approaches in proving/disproving the claims of
Internet connection abuse.

Regards
Henrik
Received on Thu Jan 06 2005 - 16:56:35 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST