One thing that has become increasingly complicated during those last years is monitoring and surveillance in networks.
And I’m not talking big surveillance Edward Snowden style but the kind of surveillance that is not only possible but most likely actively going on in most business networks nowadays. Not because it’s absolutely vital or needed, but because it can be done.
Most administrators are a curious bunch and technology fascinates them. And that’s no big deal – unless that curiosity goes a bit crazy with modern possibilities of course. Or if that curiosity meets an especially nosy manager or business security person. Or whomever has the means and interest in watching over what those employees are doing with their time while at work.
I find that to be especially sneaky since it’s completely invisible. Modern equipment is capable of tracking every request sent within the network it’s installed on, whether it’s the website you’re surfing on or the services you’re using. And there are certainly good reasons, from the employer’s perspective, to be interested in that data. You could, to pick a pretty harmless example from a security standpoint, track those lazy employees that are updating Facebook all day. You could also monitor for cyber threats such as SQL injection attempts on your webserver or drive-by scripts from manipulated servers. And, of course, check whether there’s a laptop trying to communicate with botnet C&C servers.
The difficult part is separating mere curiosity from a valid and necessary interest in your company security. You need to keep your assets safe and in the modern IT environment that means to figuratively look over the shoulders of computer users. But all in moderation.
Let’s make no mistake here – it’s possible to identify anyone on a company network, be it by their MAC address or because you know that only Tom from booking is interested in guinea pigs and thus is the most likely candidate for those 500MB of traffic caused by those picture galleries of the world’s cutest herbivores. The more data there is, the easier patterns are identified and thus people. So there should be an ethics to what data is okay to monitor and keep and what should just not show up.
And thankfully, there’s even an economical argument to be made against total surveillance – lots of data can easily obscure what is really important – if you have to dig through lots of logs to get to the possibly dangerous goings-on in your network, you’re monitoring too much.
Granted, you could still filter through that data, but why not have it all? Keep monitoring to a minimum but make sure that if there’s a definite threat in your network, you will be able to identify whose computer is transferring all those classified documents to that strange server in a country you don’t even have partnerships in. Of course, nobody will thank you for it, as, as I mentioned in the beginning, monitoring and surveillance are very unobtrusive in modern system and the users will most likely never know either way.