Solved

Reporting who uses IM most

Posted on 2006-11-02
11
144 Views
Last Modified: 2010-04-11
I administer a small corp network (10 users).  Some employees are using IM products to chat and over-using certain websites.  While the company would like to block the services, i feel that this will just lead to more side uses of the internet and cause some disrupt to the fairly laid back approach to the company.  Some of these are also used to do business.  

Instead, I wish to inform the users of just how much time they spend using these services per month.  Perhaps a small reward will be give to the person who uses it the least.

From other posts I have been told that ISA 2004, which came with the Small business server 2003 would be a good idea.  I have it running and have looked a bit at the reports section but can't seem to make reports that will show me application usage by user.  Can someone explain to me how to do this?  Do I need the CLient Firewall to do this?

0
Comment
Question by:colin911
  • 3
  • 2
  • 2
  • +2
11 Comments
 
LVL 17

Expert Comment

by:CSecurity
Comment Utility
This software will be useful for you:
http://www.pearlsw.com/products/imEcho/index.html
0
 
LVL 17

Expert Comment

by:CSecurity
Comment Utility
0
 

Author Comment

by:colin911
Comment Utility
Yeah, but can't I do this with ISA?
0
 
LVL 17

Expert Comment

by:CSecurity
Comment Utility
Not easily... It's abit hard to do it with such software... You need to detect IM softwares, their ports and their servers... Then maybe you can! For example Yahoo! Messenger uses port 5050 (just one of ports it uses)

But that kind of softwares specilized for this kind of stuff
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
While it's possible you can track this info, and even block the service as you know it, those users can be resourceful, and use proxies, or quite simply the web versions of the IM clients... http://www.aim.com/aimexpress.adp?aolp=0  http://webmessenger.msn.com/
http://www.iloveim.com/ http://wwwm.meebo.com/ (I think yahoo 360 has a web client too... http://360.yahoo.com/login.html )

There are also lots of IM sniffers out there that will likely be able to produce the metric you desire
http://www.imdetect.com/
http://www.topshareware.com/IMArchive-download-6066.htm

With so few people there think that perhaps you'd be better off monitoring the entire pc's BW, and asking users who may be utilizing too much BW to stop or cut back on anything non-work related. It helps to have Acceptable Use and other policies in place as well: http://www.sans.org/resources/policies/
Ntop can do this with ease, as can Cacti (Cacti.net) You just need to setup a spanned aka port mirror for Ntop to sniff... cacti uses SNMP to get it's info, Ntop is far more detailed http://www.openxtra.co.uk/freestuff/ntop-xtra.php
-rich
0
 
LVL 23

Expert Comment

by:Tim Holman
Comment Utility
I agree with Rich on this one - if you try and block or restrict IM access, users will only find another way.
If you incentivise the 'least user' of IM, then users would just find other ways to chat to 'win' the monthly prize!
IM, email, web surfing...  it's all part of life these days, and it's very difficult to discourage their use.
What you should concentrate on is whether or not your staff are doing their jobs properly.  Set realistic targets, expectations, office etiquette policies.  In theory, if they're busy and productive enough, then who cares what they do in their slack time?
The only places where IM should be of concern is if your company is regulated, as in this case you need to make sure confidential/sensitive information cannot be leaked.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
Comment Utility
Any good corporate firewall will provide such stats. Ask your network administrator
0
 

Author Comment

by:colin911
Comment Utility
I appreciate all of your comments but the budget cannot pay for other specialized software.  We were under the impression that ISA could do things like this and this is really what I am looking for.  FYI, the best for such reports and buying other software I think will most likely be Spector 360.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
Comment Utility
Cacti is free, as is Ntop
http://cacti.net/
http://www.ntop.org/overview.html
http://www.microsoft.com/isaserver/partners/reporting.mspx
I think snare can parse the ISA logs, but not sure about trending/metrics... http://www.intersectalliance.com/projects/index.html (mostly free)
-rich
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now