ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

Employee Internet Abuse Audit

Where some information is only available in real time, such as IP addresses that are used in peer-to-peer file transfer services only within a corporate network, our reports will not report this information.  As part of high-level recommendations, ERE would suggest appropriate types of tools for customers to employ if they want more details on these types of information.

The report is delivered in electronic format and ERE also provides a face to face meeting including one of our technical staff who worked on creating the report, to answer questions, and to discuss the recommendations at a high level and suggestions of how the customer may wish to proceed with implementing the recommendations.

List of Technical Subjects in the Report 

Standard Protocols  (Telnet, POP, SMTP, HTTP, FTP, NNTP)

% use of total traffic volume – 1 report
Top 10 users by volume for the above per workstation  - 12 reports, some 3 – D showing source and destination addresses
Existence Web Based Email– 1 report
Categorized URL by major categories – 1 report

Optional reports on other protocols by customer request – 1 report
Optional report on Standard protocols over time, based upon customer
request – 1 report

Other Protocols (all other than those above; example peer-to-peer file transfer, Napster, Real Audio, Shoutcast, etc.)

Top 100 most active protocols – 1 report
Optional Other Protocols over time, based upon customer
request – 1 report

Suspicious Activity (network activity that resembles an attack or exploit of Vulnerabilities; we are looking for patterns of activity)

Log of suspicious activities – 1 report
Optional suspicious activity reported over time, based upon customer
request – 1 report

Detected attempted intrusions behind the firewall or on the corporate network (we are looking for actual signatures of known attacks)

Log of matches with known signatures – 1 report                       
Log of viruses in email attachments – report

Detected attempted intrusions outside the firewall (we are looking for actual signatures of known attacks, which firewalls do not or can not report)

Note:  In order for ERE to detect attempted intrusions outside of the firewall, the Customer must provide a mirrored port outside of their firewall to be monitored.

Log of matches with known signatures – 1 report

Optional matches over time – 1 report
Optional second data collection box in front of firewall, instead of using dual NIC cards in one ERE data collection box.

Employee Activities relating to Network Availability and to Employee Policies and Procedures

Email attachments by:
Size
Type:  .exe, .zip, .jpeg, .vbs, .gif, - 1 report

Optional extra types by customer request – 1 report

Optional search for specific wording within email, by customer
request – 1 report

Implementation
ERE installs our Scan computer running our scan software at a customer site, for 7 days, including one weekend.  This requires about 1 hour in total of the customer’s IT personnel to allow us access for installation and for de-installation.

ERE then processes the information on our computers in our office, which requires about one week, and then we study and interpret the data, create the reports, and send a draft to the customer.  This takes about an elapsed 2 weeks.

We usually meet with the customer the next week, for one hour, and make any final tuning changes, immediately after the meeting.  So the total elapsed time is about 4 weeks from starting the data collection through to the delivery of the final report.

The data collection box is usually attached to a customer’s network in two places.  One is just behind the customer’s firewall.  The second point of presence has direct connectivity to the Internet in front of or outside of the firewall, implemented with a second NIC card, in order to detect attempted attacks. Technical precautions are taken to avoid unauthorized traffic to travel between the two NIC cards in the data collection box. It bears repeating that in order for ERE to detect attempted intrusions outside of the firewall, the Customer must provide a port outside of their firewall to be monitored.
 
 

Contact Us

905 764 3246

 
 
  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
   
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

http://www.apress.com/9781484201497

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

 
Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button