Blocking and Reporting Data on Cyber Bullying and Victims

Reply
Highlighted
L4 Transporter

Blocking and Reporting Data on Cyber Bullying and Victims

Any way I can use PAN firewalls to stop cyber bullying and then generate a report on individuals trying to bully and who were the victims?

For Ex:  Access to facebook is granted (facebook file-sharing, posting, chatting etc) but when the individual tries to bully another individual using slang language (keywords), PAN firewall should prevent it (block).  Can Data Filtering be used for such purposes?

Many Thanks

K

Highlighted
L6 Presenter

The problem is to trigger the bully vs. victim part - what is a bully text or for that matter which text will someone identify as being a victim?

Just because someone in a message writes "you are an idiot" doesnt necessary means that bullying is in progress. In this case the full sentence is perhaps "Mr X said to Mr Y: -you are an idiot, sir!" which I think most people wouldnt recognise as being bully.

But with that being said I think you should be able to use the DLP feature in PA set to alert mode.

Create signatures which acts on facebook-chat and the other appid's you are interrested in and then create a db of words/sentences to search for.

Given that you use SSL-termination in your PA and the traffic isnt encoded in some odd way you should be able to get a report from the above (with a HUGE disclaimer that this report only acts on words/sentences alone and not the meaning of words/senctences).

Highlighted
L4 Transporter

Using the Data Filtering Profile isn't helping me..or I am might have messed up the configuration somewhere.

I create a Data Pattern by setting the Regex to "test" with the weight set to 1.  Then create a Data Filtering Profile, Add the Data pattern configured, set the applications to facebook-posting and facebook-chat and set the Alert and Block Threshold to 1.

I then configure a security rule and add the Data Filtering profile and set the URL categories to Alert.

I then log onto facebook using http (not https to avoid ssl) and posted "test".  I don't see this blocking / stopping me on doing this and I don't even expect to be blocked as I did not set anything anywhere that blocks anything related to this process.

What am I missing?  Any ideas or guidance will be helpful.:smileyhappy:

Cheers...

K

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!