[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Looking for a web usage history tracking tool. (budget)

Posted on 2016-08-15
3
Medium Priority
?
186 Views
Last Modified: 2016-08-17
What are some tools you have used/have seen others use to capture the web traffic of specific users?  Windows 2008 R2 domain with Windows 10 workstations using IE, Chrome, and a few Firefox.  FortiNet firewalls in all locations.

Prefer to keep this project as cheap as possible as it's not a very high priority.  

What are the pros/cons to using firewalls vs software vs a hardware device?
0
Comment
Question by:Daniel Checksum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points
ID: 41756605
Capturing web traffic outside of the computer itself can be fairly problematic. There aren't very many enterprise level web filters aside from WebSense, and that's a relatively expensive solution to use. Just capturing traffic history is usually best accomplished on the computer itself, and there are a myriad of solutions available to accomplish the task. Everything from keyloggers to history trackers, to history reports can be used at the client level to track usage information.

An easy, free way to get web traffic history is to use OpenDNS as your Public DNS forwarder on your DNS servers. They will allow you to generate a report on which DNS queries are performed when set up appropriately. Unfortunately, this doesn't give you granular information like which users or computers are making the DNS requests, since all requests will look the same to their servers.

Inspecting web traffic at the firewall is often not feasible unless the firewall supports web proxy. Web proxy essentially forces all client web browsers to access the internet at the firewall instead of going directly, which means all web requests are initiated at the firewall. Without doing a web proxy, traffic that is protected with HTTPS cannot be inspected because it's encrypted. With a proxy in place, HTTPS traffic is initiated on the Proxy server, then decrypted and presented to the client. This is how most web filtering solutions work.

If you are willing to implement a web proxy solution in your environment, that's probably the most effective way to keep track of usage. Just realize that proxies can be bypassed. The OpenDNS solution can be bypassed very easily as well.
1
 
LVL 8

Accepted Solution

by:
myramu earned 1000 total points
ID: 41758186
Hi,

Your question can be divided in to 3:
1) Users web usage report (Accessed websites, Bandwidth and time usage): This report can be produced using existing FortiGate with the help of Fortigate webfiltering and a syslog server/Fortianalyzer.
2) Capturing packets of a specific user: Packet capturing is also supported by the Fortigate (Required to enable on firewall policy).
3) Web files archive: This is also supported by Fortigate (Using DLP profile and Fortianalyzer).

Good Luck!
1
 
LVL 1

Author Closing Comment

by:Daniel Checksum
ID: 41759458
I am going to contact FortiNet support for this.  My supervisor had recommended that to begin with, just wanted to make sure it was the right choice.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question