Filemost

A Study in Black

Someone has violated corporate policy by watching porn using the corp PC.

Do you have the authority?

What are the expected results?

Some prohibited internet traffic. Check network logs of an application layer firewall 🔥 or content filter (any gateway between the suspect and the network), filter them out. But the user was smart enough to use VPN. What’s then? Application layer firewall only sees application traffic, it is not aware of TCPs, Shudipis and etc. Read this article about TCP/IP stack to understand better why application layer firewalls won’t see anything other than what’s on top.