Solved

Internet access monitoring

Posted on 2002-07-30
7
331 Views
Last Modified: 2010-04-11
Can anyone advise please?

They have asked me here at work to evaluate Internet usage with a view to monitoring what sites and Internet addresses people go to.

We access the Internet through Windows Proxy and I was wondering if IIS has some sort of inbuilt monitoring that can be used to check on were users have been on the Internet?

Can it be done through IIS or do I need to consider some other software solution?

Cheers
 
0
Comment
Question by:Sanmarco
7 Comments
 
LVL 2

Expert Comment

by:edmonds_robert
ID: 7188477
I'm not sure whether IIS or proxy server do it for sure, but I know there are a wide variety of third party solutions that will do what you need.  We use SurfControl's Superscout product.  It does a pretty good job, logging access to web sites by user name, computer name, IP address.  It can even block access to users to restricted sites by user name or group membership.  You can set up custom rules for monitoring/blocking/reporting.  It also has add-on modules for things like e-mail and virus protection.  
Again, it's just one of the many, and everyone has their favorite.  
That's my two cents.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 7189537
You won't like this, I am sorry, but my 50pt answer is to:

"do not do this"

Get a life, doing something more practical. In such situation you have someone trying to come up with tasks for you that may not be as smart as you, so you may even already feel between the proverbial rock and hard place.

What they are doing is making up game, playing fad, with less knowledge or accountability. Yet moving to no-win situation while costing labor and other resources.

> some sort of inbuilt monitoring that can be used to check on were users have been on the Internet?

IMO Internet access is essential to doing one's job well. Consider your access to this web page for example. IMO if they want restrict access to zero, there are a couple quick ways:

1) unplug the company from the internet. This is a no-brainer they likely refuse to consider, since they are into fads and popularity

2) remove the browser function from any or every PC. But as this can lead to complaints of discrimination up to and including sexual abuse, if at all selective, this kind of hornet's nest a company does not need. Lawsuits can be raised years from now, at increased cost to company

> a view to monitoring what sites

What, they want to find out what is popular? To update their favorites list?

Much easier and cheaper, I recommend google

(if they want restricting of sites, such as popular term: "Porn", then proper term is add a 'filter' not add a 'monitor'. That IMO is different animal, different question entirely)

> with a view to monitoring what sites and Internet addresses

This is OK, and, IMO something you should do. Gathering information, collecting is good, and monitoring company assets is good, easy to justify. The data can be enormous, but has less impact now that mass storage is larger and cheaper. But on that I cannot help because of the other part of q:

> to evaluate Internet usage

so I leave the collector pieces for others. You can find them yourself easily enough, take google for example. But an argument could be made that you are already paid to know, so how are you going to justify that your usage is any more job related than that of another?

quick example: A person could make one access to a religious site. Company could claim the 'evaluation' was too much use on another site. Or even too many bathroom breaks.  What if employee counters that it is really a cloaked religious discrimination issue on part of a 'someone' in the company? Or a female, or other minority, including someone who had medical issue perhaps you were never aware of until facing people you've never seen before: judge, prosecutor, jury, etc.?

My question would be, do you really want to be placed in such a position of satisfying eveyone in the world that your implementation of 'evaluation' was of complete balance to anyone and everyone?

IMO there are more critical areas for your time: to shore up all upgrades, with policies, patches, access rights, and handling the known vulnerabilities that are currently being published on a regular basis.

Internet access is free. It is about freedom. It is not about who gets access to what and where. Therein lies a quagmire that can sink your company and your paycheck as well.

IMO we'd have done better to have a capability of use of a .porn and a .kids. Since ICANN (or izzit "I cannot"?) is responsible for permitting such distinctions, and has unilaterally imposed a sanction of 'no way' to such an option, after charging $50,000 US for each such 'proposal' (using brains also of others, contributors), it is they who should be 'canned', not your fellow employees who make minor mistake of negligible impact.

Better employee monitoring is:
1) give task
2) assess if task done
   - or not done

If tasks are done, who cares about a surfing miscue? If tasks are not done, who cares about a surfing miscue? Possibly, one who does not really know how to manage staff, and is copping out, looking for something else to blame (or someone else, like yourself) when they want to dump on an employee for a completely different reason. To be kind to you, and to your company as well, I have to go with: steer clear of any such 'evaluation' possibility.

Now, evaluating after the fact is entirely different matter as well. If one employee raises specific complaint, such as "He's eMailing me too much porn" - that is different animal, different scenario. There you can easily justify research and evaluation criteria. Any data you've already collected can be of value at such a time. Let us hope it does not arise. Contrast this to a claim of "someone is surfing somewhere too much" - now that kind of vagueness you'd best be clear of. Nothing there to sink your teeth into when trying to explain your every hour of work to a judge & jury of strangers. Not to mention the lawyers who's be digging for any dirt they could find on you to help their case, even 'rumors' of which you'd be unaware of - until then. As I say, a hornets' nest to steer away from - as best you can. Remain polite, emphasize vulnerabilities you need to be busy on. Justify your time for other activities.

Note this is only a comment, don't waste time on a flame. But know I feel very strongly that this is really a valid answer. An answer that has been accepted by as many of your peers as have rejected, with rather colorful flames.
0
 
LVL 3

Expert Comment

by:ne0
ID: 7196154
If you are just wanting to see what websites people are going to (and you have an internal DNS server) you can always just look at the DNS cache to see a view of all sites that have been requested. Of course this shows a total view, that is, of ALL websites that have been accessed since ... And if your DNS server's cache is flushed on a regular basis then you can do it during downtime then wait a day, then examine the cache to see one day's worth of web browsing.

Now if you are wanting to see other things like percentages and graphs for a managerial perspective but are limited as far as monetary means (the budget) then you might try snort/ACID. Granted the setup might be a little unusual for a non unix person but since it is free all we are directly talking about is time. Time it takes to set up something like that.

There are other solutions out there but you might need to clarify exactly what they are looking for... There is a big difference in...

"evaluate Internet usage with a view to monitoring what sites and Internet addresses people go to."

and any one of these...

"Provide a report that shows percent of company/job related websites vs. non-job related websites on a weekly basis."

"Provide me a report of websites that are viewed during the very beginning of work, lunch breaks, the very close of business, and all websites viewed after normal business hours."

"Notify me immediately when someone is not in compliance with our organizations Internet usage policy"

Hope This Helps,

ne0
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 3

Expert Comment

by:ne0
ID: 7196303
And BTW Snort/ACID are very good software packages... the websites for snort is www.snort.org

ne0
0
 
LVL 1

Expert Comment

by:m4rc
ID: 7203774
if you are looking for a free answer, you could use dug song's  urlsnarf utility, part of the dsniff package, to capture a log of all http activity.  then use some grepping to pull out all the info you need.

http://www.monkey.org/~dugsong/dsniff/
0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9711684
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts forfeited.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor

* as this is only a 50 pt Q, with a lot of different answers, i don't know how to split it.  ( although i agree with SunBow )

j
0
 

Accepted Solution

by:
YensidMod earned 0 total points
ID: 9759249
This question is PAQed  and no points refunded (of 50).

YensidMod
Community Support Moderator
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now