Link to home
Create AccountLog in
Avatar of A_AmericanELectric
A_AmericanELectricFlag for United States of America

asked on

Domain Monitoring, Network Security

Hey everyone. I have been the network admin at my church for several years and you probably would not be surprised to learn that even churches are not immune from security issues from within.

Although they all use the DNS of the domain controller they are not all members of the domain.

I have been assigned the task of installing a keystroke or other network babysitter app to monitor emails and websites.
What is the best thing to use that's either affordable or free?
Should I force everyone through a  proxy server and if so, can i do it quietly?

Thanks!
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
When you say security issues from within, what exactly are you trying to prevent?

A web proxy will not help if the problem is with users from within the network accessing servers/resources within the network they shouldn't.

For web filtering, such as to prevent surfing porn, gambling, etc sites you would have to use an inline proxy since not all computers are members of the domain and you can't force the proxy settings out via group policy.

Are the users local administrators?  If so, they could install their own browsers or VPN clients to bypass the proxy settings.

Also, you would need an SSL proxy if you want to be sure to monitor https traffic.

I could go on and on about IDS/IPS, Firewalls, network segmentation, etc.  It all comes down to what are you needing to accomplish?
Avatar of A_AmericanELectric

ASKER

Thank you Mike. I'm looking into the service you use and I'm with you. I can think of so many other things I'd rather do than worry about keystrokes.

 awaggoner -thank you too

and to  answer your question quite bluntly- we have a trouble maker; a staff member trying to cause problems from what I hear. But we do from time to time have other issues like people going places they shouldn't and probably wouldn't from their own homes.

I have been asked to do this dirty little deed of spying. I'm actually an electrical contractor with a very full calendar and so many other things I should be doing.
Is the troublemaker part of your domain or is he one of the people who just uses your DNS?  Reason I'm asking if he is part of your domain you could enable auditing on files/folders and check his activity on those.

Thanks

Mike
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Part of domain and could still do everything they are doing there anywhere else. I guess the pastor just wants to know who it is for sure
ps. Trouble making like sending out emails to other organizations  like BBB, labor board and others.
Lets say OSHA is one. I would lke to be able to search the system for emails sent to OSHA

And there are all sorts of different email servers/clients used . We arent using an exchange server or anything
Is the email for 'business' purposes, or is it personal?
When you say multiple email servers, are you talking about webmail, like hotmail, gmail, etc?  Or on premises servers?

Webmail usually uses https and is encrypted.  To see that you need an ssl proxy.  Make sure people are aware of the proxy because it would capture login credentials, which could include banking info as well.

You might be able to check temp Internet folder and history for webmail, and pst files for Outlook.
A bunch of loose cannons that have no real idea of how an organization environment is LOL.
In other words- the leave their home PC and come to work and get on their other home PC

I tried to get everyone to conform to their own domain on local email server with Outlook for the client a long time ago without success and i just recently shut down my email server and switched to Google Enterprise. So yeah we are talking gmail, yahoo etc. for them.

Our church is a "recovery church" so  the trouble I mostly have is people disappearing with credentials to the machines so as people leave I get them on the DC which has helped that problem but is there a way to obtain the passwords that i did not set or have been changed on the AD clients?
"10.  Web Filter:  Now, you don't have to use an inline proxy.  With the users not able to install new browsers, and group policy locking down proxy settings, you can use whatever proxy you like.  Squid is free, but you might want to try some of the pay products.  They tend to be easier to set up and manage.  You could probably get at least 6 months free by using the 30-60 day trials of the various software packages.  You can also even get appliances on a trial basis.  "
What are some of the good paid ones?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks for the great consult you guys. I'm on it
Thanks and glad to help.  You may think you are an electrical contractor....but you definitely have IT skills too :)

Thanks

Mike