Solved

Looking for a web usage history tracking tool. (budget)

Posted on 2016-08-15
3
81 Views
Last Modified: 2016-08-17
What are some tools you have used/have seen others use to capture the web traffic of specific users?  Windows 2008 R2 domain with Windows 10 workstations using IE, Chrome, and a few Firefox.  FortiNet firewalls in all locations.

Prefer to keep this project as cheap as possible as it's not a very high priority.  

What are the pros/cons to using firewalls vs software vs a hardware device?
0
Comment
Question by:Daniel Checksum
3 Comments
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 250 total points
ID: 41756605
Capturing web traffic outside of the computer itself can be fairly problematic. There aren't very many enterprise level web filters aside from WebSense, and that's a relatively expensive solution to use. Just capturing traffic history is usually best accomplished on the computer itself, and there are a myriad of solutions available to accomplish the task. Everything from keyloggers to history trackers, to history reports can be used at the client level to track usage information.

An easy, free way to get web traffic history is to use OpenDNS as your Public DNS forwarder on your DNS servers. They will allow you to generate a report on which DNS queries are performed when set up appropriately. Unfortunately, this doesn't give you granular information like which users or computers are making the DNS requests, since all requests will look the same to their servers.

Inspecting web traffic at the firewall is often not feasible unless the firewall supports web proxy. Web proxy essentially forces all client web browsers to access the internet at the firewall instead of going directly, which means all web requests are initiated at the firewall. Without doing a web proxy, traffic that is protected with HTTPS cannot be inspected because it's encrypted. With a proxy in place, HTTPS traffic is initiated on the Proxy server, then decrypted and presented to the client. This is how most web filtering solutions work.

If you are willing to implement a web proxy solution in your environment, that's probably the most effective way to keep track of usage. Just realize that proxies can be bypassed. The OpenDNS solution can be bypassed very easily as well.
1
 
LVL 8

Accepted Solution

by:
myramu earned 250 total points
ID: 41758186
Hi,

Your question can be divided in to 3:
1) Users web usage report (Accessed websites, Bandwidth and time usage): This report can be produced using existing FortiGate with the help of Fortigate webfiltering and a syslog server/Fortianalyzer.
2) Capturing packets of a specific user: Packet capturing is also supported by the Fortigate (Required to enable on firewall policy).
3) Web files archive: This is also supported by Fortigate (Using DLP profile and Fortianalyzer).

Good Luck!
1
 
LVL 1

Author Closing Comment

by:Daniel Checksum
ID: 41759458
I am going to contact FortiNet support for this.  My supervisor had recommended that to begin with, just wanted to make sure it was the right choice.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now