[gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Francisco Ares]

Hi, guys.

Sorry to post such off-topic message, but I didn't know where I could
ask this question.

I know that things such as address, trafic, bandwith are easy to be
tracked and logged, but what about, say, my gmail messages - is it
possible to log them also?  Which package should I use or look for?

Thanks
Francisco

-- 
"If you have an apple and I have an apple and we exchange apples then
you and I will still each have one apple. But if you have an idea and
I have one idea and we exchange these ideas, then each of us will have
two ideas." - George Bernard Shaw

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Dirk Uys]

On Wed, Aug 6, 2008 at 3:45 AM, Francisco Ares <frares@gmail.com> wrote:
> Hi, guys.
>
> Sorry to post such off-topic message, but I didn't know where I could
> ask this question.
>
> I know that things such as address, trafic, bandwith are easy to be
> tracked and logged, but what about, say, my gmail messages - is it
> possible to log them also?  Which package should I use or look for?
>
> Thanks
> Francisco
>
> --
> "If you have an apple and I have an apple and we exchange apples then
> you and I will still each have one apple. But if you have an idea and
> I have one idea and we exchange these ideas, then each of us will have
> two ideas." - George Bernard Shaw

Look at beagle. I know they have a gmail backend that can index your
gmail emails. Alternatively you can setup a mail client to download
the email from the webmail and then index/log/track it locally.

Regards
Dirk

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Eric Martin]

[-- Attachment #1: Type: text/plain, Size: 793 bytes --]

Albert Hopkins wrote:
> Doesn't Gmail support SSL?  My email provider provides support for SSL
> connections (via HTTP, LDAP, & POP).
> 
> If that's the case then it would be extremely difficult (you will need
> to "fake" the server's host keys).  Furthermore, the ethics of such a
> practice is questionable.  For which case I would side on blocking
> outside emails altogether rather than get into a situation where you
> have to justify sniffing someone's personal bank transactions, e.g.
> 
> -a
> 
> 
> 
gmail is only ssl on sign in if you go through webmail.  After that it's
all in the clear.  POP and IMAP are running securely however (which is
why I check my stuff via imap)

-- 
Eric Martin
Key fingerprint = D1C4 086E DBB5 C18E 6FDA  B215 6A25 7174 A941 3B9F


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Daniel da Veiga]

On Tue, Aug 5, 2008 at 10:45 PM, Francisco Ares <frares@gmail.com> wrote:
> Hi, guys.
>
> Sorry to post such off-topic message, but I didn't know where I could
> ask this question.
>
> I know that things such as address, trafic, bandwith are easy to be
> tracked and logged, but what about, say, my gmail messages - is it
> possible to log them also?  Which package should I use or look for?
>

Comparing network statistics with webmail messages is not that simple.
The only way I can think for you to keep track of your messages is to
sniff unencrypted packages (https wouldn't work), look for specific
patterns and use that to estimate usage, of course, I'm considering
your statement about bandwidth, traffic, address and the fact that
something like that would be a hard, complex and not NEAR fail proof
concept, along with the privacy issues, of course.

Now, if you wanna keep track of YOUR messages, the best way is to
activate IMAP on gmail, and use a client, configure it to store
messages locally, and that's about it... Beagle would index this kinda
content very easily, and your mail client too.

-- 
Daniel da Veiga

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Stroller]

On 6 Aug 2008, at 14:28, Daniel da Veiga wrote:
> On Tue, Aug 5, 2008 at 10:45 PM, Francisco Ares <frares@gmail.com>  
> wrote:
>> ...
>> I know that things such as address, trafic, bandwith are easy to be
>> tracked and logged, but what about, say, my gmail messages - is it
>> possible to log them also?  Which package should I use or look for?
>
> ...
> The only way I can think for you to keep track of your messages is to
> sniff unencrypted packages (https wouldn't work), look for specific
> patterns and use that to estimate usage, of course, I'm considering
> your statement about bandwidth, traffic, address and the fact that
> something like that would be a hard, complex and not NEAR fail proof
> concept, along with the privacy issues, of course.

I read OP's question that he isn't interested in the *bandwidth* of  
the Hotmail messages, per-se - I thought he was just giving bandwidth  
monitoring as an example of a routine network management task that is  
easy & obvious to undertake in establishing the background to his  
question.

In some companies it is indeed necessary to have a handle on this  
sort of thing. AIUI to meet certain financial regulations intended to  
prevent insider-trading (Sarbanes-Oxley?) one must have facilities in  
place to monitor all communications in & out the building. I suppose  
that at one time recording all telephone calls would have required a  
prohibitive quantity of cassette tapes, so a supervisor listening in  
randomly would be acceptable, but leaving webmail accounts ignored is  
a huge hole.

Privacy issues should be covered by a company IT usage policy. I  
think that stating that all traffic is logged would cover this - see  
your lawyer as to how you phrase this exactly. Ensure that auditing  
is undertaken in a documented and regimented manner - it should  
probably be a separate role from IT admin and or a boss probably  
shouldn't be looking at his employees emails; you should probably  
have a person randomly looking at messages for *specific* infractions  
(and they should probably be trained to ignore anything "naughty"  
that isn't specifically within their remit).

I have played with wireshark &/or etherreal in the past and have been  
AMAZED at how clearly interactions can be logged when filtering is  
set correctly.

Daniel: might it not be possible to have the firewall drop https  
connections to hotmail / gmail / yahoo mail domains, thus forcing the  
users back to unencrypted http? That begs the question: if you can do  
that, why not just completely block access to webmail sites?

Stroller.

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Daniel da Veiga]

On Wed, Aug 6, 2008 at 11:30 AM, Stroller
<stroller@stellar.eclipse.co.uk> wrote:
>
> On 6 Aug 2008, at 14:28, Daniel da Veiga wrote:
>>
>> On Tue, Aug 5, 2008 at 10:45 PM, Francisco Ares <frares@gmail.com> wrote:
>>>
>>> ...
>>> I know that things such as address, trafic, bandwith are easy to be
>>> tracked and logged, but what about, say, my gmail messages - is it
>>> possible to log them also?  Which package should I use or look for?
>>
>> ...
>> The only way I can think for you to keep track of your messages is to
>> sniff unencrypted packages (https wouldn't work), look for specific
>> patterns and use that to estimate usage, of course, I'm considering
>> your statement about bandwidth, traffic, address and the fact that
>> something like that would be a hard, complex and not NEAR fail proof
>> concept, along with the privacy issues, of course.
>
> I read OP's question that he isn't interested in the *bandwidth* of the
> Hotmail messages, per-se - I thought he was just giving bandwidth monitoring
> as an example of a routine network management task that is easy & obvious to
> undertake in establishing the background to his question.
>
> In some companies it is indeed necessary to have a handle on this sort of
> thing. AIUI to meet certain financial regulations intended to prevent
> insider-trading (Sarbanes-Oxley?) one must have facilities in place to
> monitor all communications in & out the building. I suppose that at one time
> recording all telephone calls would have required a prohibitive quantity of
> cassette tapes, so a supervisor listening in randomly would be acceptable,
> but leaving webmail accounts ignored is a huge hole.
>
> Privacy issues should be covered by a company IT usage policy. I think that
> stating that all traffic is logged would cover this - see your lawyer as to
> how you phrase this exactly. Ensure that auditing is undertaken in a
> documented and regimented manner - it should probably be a separate role
> from IT admin and or a boss probably shouldn't be looking at his employees
> emails; you should probably have a person randomly looking at messages for
> *specific* infractions (and they should probably be trained to ignore
> anything "naughty" that isn't specifically within their remit).
>
> I have played with wireshark &/or etherreal in the past and have been AMAZED
> at how clearly interactions can be logged when filtering is set correctly.
>
> Daniel: might it not be possible to have the firewall drop https connections
> to hotmail / gmail / yahoo mail domains, thus forcing the users back to
> unencrypted http? That begs the question: if you can do that, why not just
> completely block access to webmail sites?
>

Yeah, maybe I misunderstood the OP question. If we are talking about
an enterprise network, of course, you can even transparently redirect
the request, if a proxy is configured at the gateway. Completely
blocking webmail is an option, as you correctly stated, security and
network policies apply, and there are laws (at least in my country)
that say a employer CAN read its employees mails (of their enterprise
account, of course). Anyway, a company CAN keep their network (and/or
communications in general) clean, reduce security exploits, and keep
track of their employees, if they take the time and pay someone to do
it (and of course, provide the hardware).

I play with sniffers, but never to the extent of analysing package
contents, only to create statistics, and its good to know you can do
that with filtering (may talk to the boss about that, too much
streaming sites eating our bandwidth).

PS: I'm almost completing law school. Too bad my english is not THAT
good to translate that... lol

-- 
Daniel da Veiga

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Albert Hopkins]

Doesn't Gmail support SSL?  My email provider provides support for SSL
connections (via HTTP, LDAP, & POP).

If that's the case then it would be extremely difficult (you will need
to "fake" the server's host keys).  Furthermore, the ethics of such a
practice is questionable.  For which case I would side on blocking
outside emails altogether rather than get into a situation where you
have to justify sniffing someone's personal bank transactions, e.g.

-a

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Daniel da Veiga]

On Wed, Aug 6, 2008 at 8:59 AM, Eric Martin <freak4uxxx@gmail.com> wrote:
> Albert Hopkins wrote:
>> Doesn't Gmail support SSL?  My email provider provides support for SSL
>> connections (via HTTP, LDAP, & POP).
>>
>> If that's the case then it would be extremely difficult (you will need
>> to "fake" the server's host keys).  Furthermore, the ethics of such a
>> practice is questionable.  For which case I would side on blocking
>> outside emails altogether rather than get into a situation where you
>> have to justify sniffing someone's personal bank transactions, e.g.
>>
>> -a
>>
>>
>>
> gmail is only ssl on sign in if you go through webmail.  After that it's
> all in the clear.  POP and IMAP are running securely however (which is
> why I check my stuff via imap)
>

If you simply change the URL to https on gmail, you are using SSL.
The default is not to use it, so, you gotta type it yourself.

https://mail.google.com/mail

-- 
Daniel da Veiga

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Eric Martin]

Daniel da Veiga wrote:
> On Wed, Aug 6, 2008 at 8:59 AM, Eric Martin <freak4uxxx@gmail.com> wrote:
>   
>> Albert Hopkins wrote:
>>     
>>> Doesn't Gmail support SSL?  My email provider provides support for SSL
>>> connections (via HTTP, LDAP, & POP).
>>>
>>> If that's the case then it would be extremely difficult (you will need
>>> to "fake" the server's host keys).  Furthermore, the ethics of such a
>>> practice is questionable.  For which case I would side on blocking
>>> outside emails altogether rather than get into a situation where you
>>> have to justify sniffing someone's personal bank transactions, e.g.
>>>
>>> -a
>>>
>>>
>>>
>>>       
>> gmail is only ssl on sign in if you go through webmail.  After that it's
>> all in the clear.  POP and IMAP are running securely however (which is
>> why I check my stuff via imap)
>>
>>     
>
> If you simply change the URL to https on gmail, you are using SSL.
> The default is not to use it, so, you gotta type it yourself.
>
> https://mail.google.com/mail
>
>   
Has it always been that way?  I could have sworn that only the login was 
SSL and everything else was in the clear (granted, I don't think I ever 
tried to change it to https).  Live & Learn

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Daniel da Veiga]

On Wed, Aug 6, 2008 at 3:18 PM, Eric Martin <freak4uxxx@gmail.com> wrote:
> Daniel da Veiga wrote:
>>
>> On Wed, Aug 6, 2008 at 8:59 AM, Eric Martin <freak4uxxx@gmail.com> wrote:
>>
>>>
>>> Albert Hopkins wrote:
>>>
>>>>
>>>> Doesn't Gmail support SSL?  My email provider provides support for SSL
>>>> connections (via HTTP, LDAP, & POP).
>>>>
>>>> If that's the case then it would be extremely difficult (you will need
>>>> to "fake" the server's host keys).  Furthermore, the ethics of such a
>>>> practice is questionable.  For which case I would side on blocking
>>>> outside emails altogether rather than get into a situation where you
>>>> have to justify sniffing someone's personal bank transactions, e.g.
>>>>
>>>> -a
>>>>
>>>>
>>>>
>>>>
>>>
>>> gmail is only ssl on sign in if you go through webmail.  After that it's
>>> all in the clear.  POP and IMAP are running securely however (which is
>>> why I check my stuff via imap)
>>>
>>>
>>
>> If you simply change the URL to https on gmail, you are using SSL.
>> The default is not to use it, so, you gotta type it yourself.
>>
>> https://mail.google.com/mail
>>
>>
>
> Has it always been that way?  I could have sworn that only the login was SSL
> and everything else was in the clear (granted, I don't think I ever tried to
> change it to https).  Live & Learn
>

I don't know if it was always that way, what I know is that maybe 2
years ago some machines with IE6 couldn't reach gmail, and a quick
search showed that switching to HTTPS would solve it. As I knew that
was also giving me encryption, I began to type the complete address
with "s" wherever I use my account.

-- 
Daniel da Veiga

Re: [gentoo-user] way off-topic - is it possible to log webmail messages content in an enterprise network

[Francisco Ares]

Thanks a lot, guys, I will be looking for all those programs and will
also look for a lawyer ;-)

Francisco

-- 
"If you have an apple and I have an apple and we exchange apples then
you and I will still each have one apple. But if you have an idea and
I have one idea and we exchange these ideas, then each of us will have
two ideas." - George Bernard Shaw