Go Premium for a chance to win a PS4. Enter to Win


SonicWall TZ200W Logs

Posted on 2011-03-03
Medium Priority
Last Modified: 2012-05-11
03/03/2011 12:02:11.304      Alert      Intrusion Prevention      IPS Detection Alert: SOCIAL-NETWORKING Facebook -- Browsing Activity 1, SID: 2821, Priority: Low

Employee swears that he was not browsing FACEBOOK period.  What can cause this?
Could it simply be a link in a web page?  And advertisement?

Question by:kman48185

Expert Comment

ID: 35030170
If he has a facebook add-on in his browser or some other Facebook widget etc... that will cause this. The simplest thing to do is isolate the system and then see what causes that entry in the log...
LVL 10

Expert Comment

ID: 35030359
Check his browser history . make sure he really didn't.
LVL 33

Expert Comment

ID: 35030472
sounds as if you've already isolated the user, but certainly an advertisement can cause this. of course, the user could be lying as well. as akhalighi indicated, check their history.
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!


Author Comment

ID: 35030692
Ok, I can check that, Does your opinion change any if, the browser was not being used at the time.  E.g. guy not in office at 7 AM but SonicWall logs shows entry.
LVL 33

Expert Comment

ID: 35030756
hehehe...making this difficult, huh? well, my opinion then goes to malicious software on his workstation which may be accessing the internet. assuming, of course, they can prove they weren't at their desk at 7a, which i'm sure they weren't. we've all got better things to do than try to access facebook illegally from our workstations at 7a. might as well make the illegal website worth accessing if there's a possibility we'll get fired over it.

i'd scan the workstation with malwarebytes or similar.
LVL 33

Expert Comment

ID: 35031290
interestingly enough, i was just looking through a viewpoint server that my laptop is connected to at a client site. i noticed that a website that i like to visit was listed, xkcd.com. this particular viewpoint report was for blocked sites and xkcd.com is categorized at adult/mature content. anyway, i'm certain that i didn't visit the site, i realized that my firefox browser has an RSS feed for this website. i'm sure that my browser tried to update the RSS feed and was blocked by the sonicwall creating blocked log entry.

Accepted Solution

ee_auto earned 0 total points
ID: 35349246
Question PAQ'd and stored in the solution database.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question