Bill, [Chat on computer misuse]
Unfortunately, your not alone in your problem. While misuse/abuse isn't an area that I focus on, I do find that a lot of customers that I talk to about network security have the same problem, with less than adequate solutions. While DHCP helps the sys admin it makes abuse catching a lot harder. Some are trying to use filters such as WebNot (from Raptor). Checkpoint is coming out with a filter for their firewall soon. I've done some initial data collection on Intrusion detection systems. They are more targetted at detecting attacks to the network services, but some run daemons on the client that summarize and send off audit data which might be used to detect the kind of abuse that you're looking for. Some vendors you might look at are (company (product)): SAIC (CMDS), SRI International (IDES), Sandeep Kumar @Purdue (IDIOT) {Yes, they call their product IDIOT, but it's out of Purdue so what can you expect}, AXENT (OmniGuard/Intruder Alert), Internet Security Systems (RealSecure), and Haystack Labs (Stalker).
Best Regards,
Jim
P.S. Also noting some of your other posts, it's nice to see someone that cares about security.
P.P.S.While it's true that TFTP doesn't support authentication, do you really trust the authentication for, e.g., FTP? Something is better than nothing, but IMO one needs to consider authentication outside of the authentication provided by the application. |
