Solved

Reporting who uses IM most

Posted on 2006-11-02
11
149 Views
Last Modified: 2010-04-11
I administer a small corp network (10 users).  Some employees are using IM products to chat and over-using certain websites.  While the company would like to block the services, i feel that this will just lead to more side uses of the internet and cause some disrupt to the fairly laid back approach to the company.  Some of these are also used to do business.  

Instead, I wish to inform the users of just how much time they spend using these services per month.  Perhaps a small reward will be give to the person who uses it the least.

From other posts I have been told that ISA 2004, which came with the Small business server 2003 would be a good idea.  I have it running and have looked a bit at the reports section but can't seem to make reports that will show me application usage by user.  Can someone explain to me how to do this?  Do I need the CLient Firewall to do this?

0
Comment
Question by:colin911
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
11 Comments
 
LVL 17

Expert Comment

by:CSecurity
ID: 17862135
This software will be useful for you:
http://www.pearlsw.com/products/imEcho/index.html
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 17862156
0
 

Author Comment

by:colin911
ID: 17862242
Yeah, but can't I do this with ISA?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 17

Expert Comment

by:CSecurity
ID: 17862254
Not easily... It's abit hard to do it with such software... You need to detect IM softwares, their ports and their servers... Then maybe you can! For example Yahoo! Messenger uses port 5050 (just one of ports it uses)

But that kind of softwares specilized for this kind of stuff
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17863968
While it's possible you can track this info, and even block the service as you know it, those users can be resourceful, and use proxies, or quite simply the web versions of the IM clients... http://www.aim.com/aimexpress.adp?aolp=0  http://webmessenger.msn.com/
http://www.iloveim.com/ http://wwwm.meebo.com/ (I think yahoo 360 has a web client too... http://360.yahoo.com/login.html )

There are also lots of IM sniffers out there that will likely be able to produce the metric you desire
http://www.imdetect.com/
http://www.topshareware.com/IMArchive-download-6066.htm

With so few people there think that perhaps you'd be better off monitoring the entire pc's BW, and asking users who may be utilizing too much BW to stop or cut back on anything non-work related. It helps to have Acceptable Use and other policies in place as well: http://www.sans.org/resources/policies/
Ntop can do this with ease, as can Cacti (Cacti.net) You just need to setup a spanned aka port mirror for Ntop to sniff... cacti uses SNMP to get it's info, Ntop is far more detailed http://www.openxtra.co.uk/freestuff/ntop-xtra.php
-rich
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 17865296
I agree with Rich on this one - if you try and block or restrict IM access, users will only find another way.
If you incentivise the 'least user' of IM, then users would just find other ways to chat to 'win' the monthly prize!
IM, email, web surfing...  it's all part of life these days, and it's very difficult to discourage their use.
What you should concentrate on is whether or not your staff are doing their jobs properly.  Set realistic targets, expectations, office etiquette policies.  In theory, if they're busy and productive enough, then who cares what they do in their slack time?
The only places where IM should be of concern is if your company is regulated, as in this case you need to make sure confidential/sensitive information cannot be leaked.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17869535
Any good corporate firewall will provide such stats. Ask your network administrator
0
 

Author Comment

by:colin911
ID: 17869660
I appreciate all of your comments but the budget cannot pay for other specialized software.  We were under the impression that ISA could do things like this and this is really what I am looking for.  FYI, the best for such reports and buying other software I think will most likely be Spector 360.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17869765
Cacti is free, as is Ntop
http://cacti.net/
http://www.ntop.org/overview.html
http://www.microsoft.com/isaserver/partners/reporting.mspx
I think snare can parse the ISA logs, but not sure about trending/metrics... http://www.intersectalliance.com/projects/index.html (mostly free)
-rich
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month4 days, 10 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question