I’m sure many of the tech enthusiasts out here are aware of  the VPN technology. Long story short - Virtual Private Network (VPN) offers an encrypted pathway to grant ‘LAN’ access to the legitimate users while they are outside the physical Network environment of their company, institution, or even home. And interestingly enough, this technology brought forth today’s time and cost saving initiatives such as work from home, secure remote access, client/partner encrypted communications, etc. 

Now, for the experts:

Encrypted tunnels help you achieve a promising level of comfort in safeguarding information from eavesdropping, and in maintaining data integrity on the network level. However, monitoring and restricting user activities upon connection, such as data tampering, suspicious attempts to copy/download/delete files, etc cannot be enforced using such 'tunneling' methods. 

Does anyone have a solution in place or an idea that would help achieve some of it? There’s an interesting book out there called ‘Extrusion Detection: Security Monitoring for Internal Intrusions, written by Richard Bejtlich, which is an excellent resource, but the theme doesn’t quite fit into this scenario.   

One of the ways I can think of is: sniff and capture ALL traffic in the VPN segment and correlate events based on the objectives; but I have learned the hard way, and can very well predict – it’s much messier than it sounds. I had an extremely rough time trimming down the false positives from snort sensors on the network level, while the signatures were already there, and all I had to do was tune the alerts, besides adding a handful of the customized signatures.

Regardless, I’m just throwing out my jabber here – as I know there are some thoughtful and knowledgeable idea sources here in Sajha. If nothing, rests will benefit learning something new.

~@~