Where some information is only available in real time, such as IP addresses that are used in peer-to-peer file transfer services only within a corporate network, our reports will not report this information.  As part of high-level recommendations, ERE would suggest appropriate types of tools for customers to employ if they want more details on these types of information.

The report is delivered in electronic format and ERE also provides a face to face meeting including one of our technical staff who worked on creating the report, to answer questions, and to discuss the recommendations at a high level and suggestions of how the customer may wish to proceed with implementing the recommendations.

List of Technical Subjects in the Report 

Standard Protocols  (Telnet, POP, SMTP, HTTP, FTP, NNTP)

% use of total traffic volume – 1 report
Top 10 users by volume for the above per workstation  - 12 reports, some 3 – D showing source and destination addresses
Existence Web Based Email– 1 report
Categorized URL by major categories – 1 report

Optional reports on other protocols by customer request – 1 report
Optional report on Standard protocols over time, based upon customer
request – 1 report

Other Protocols (all other than those above; example peer-to-peer file transfer, Napster, Real Audio, Shoutcast, etc.)

Top 100 most active protocols – 1 report
Optional Other Protocols over time, based upon customer
request – 1 report

Suspicious Activity (network activity that resembles an attack or exploit of Vulnerabilities; we are looking for patterns of activity)

Log of suspicious activities – 1 report
Optional suspicious activity reported over time, based upon customer
request – 1 report

Detected attempted intrusions behind the firewall or on the corporate network (we are looking for actual signatures of known attacks)

Log of matches with known signatures – 1 report                       
Log of viruses in email attachments – report

Detected attempted intrusions outside the firewall (we are looking for actual signatures of known attacks, which firewalls do not or can not report)

Note:  In order for ERE to detect attempted intrusions outside of the firewall, the Customer must provide a mirrored port outside of their firewall to be monitored.

Log of matches with known signatures – 1 report

Optional matches over time – 1 report
Optional second data collection box in front of firewall, instead of using dual NIC cards in one ERE data collection box.

Employee Activities relating to Network Availability and to Employee Policies and Procedures

Email attachments by:
Size
Type:  .exe, .zip, .jpeg, .vbs, .gif, - 1 report

Optional extra types by customer request – 1 report

Optional search for specific wording within email, by customer
request – 1 report

Implementation
ERE installs our Scan computer running our scan software at a customer site, for 7 days, including one weekend.  This requires about 1 hour in total of the customer’s IT personnel to allow us access for installation and for de-installation.

ERE then processes the information on our computers in our office, which requires about one week, and then we study and interpret the data, create the reports, and send a draft to the customer.  This takes about an elapsed 2 weeks.

We usually meet with the customer the next week, for one hour, and make any final tuning changes, immediately after the meeting.  So the total elapsed time is about 4 weeks from starting the data collection through to the delivery of the final report.