[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Looking for a web usage history tracking tool. (budget)

Posted on 2016-08-15
3
Medium Priority
?
205 Views
Last Modified: 2016-08-17
What are some tools you have used/have seen others use to capture the web traffic of specific users?  Windows 2008 R2 domain with Windows 10 workstations using IE, Chrome, and a few Firefox.  FortiNet firewalls in all locations.

Prefer to keep this project as cheap as possible as it's not a very high priority.  

What are the pros/cons to using firewalls vs software vs a hardware device?
0
Comment
Question by:Daniel Checksum
3 Comments
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 1000 total points
ID: 41756605
Capturing web traffic outside of the computer itself can be fairly problematic. There aren't very many enterprise level web filters aside from WebSense, and that's a relatively expensive solution to use. Just capturing traffic history is usually best accomplished on the computer itself, and there are a myriad of solutions available to accomplish the task. Everything from keyloggers to history trackers, to history reports can be used at the client level to track usage information.

An easy, free way to get web traffic history is to use OpenDNS as your Public DNS forwarder on your DNS servers. They will allow you to generate a report on which DNS queries are performed when set up appropriately. Unfortunately, this doesn't give you granular information like which users or computers are making the DNS requests, since all requests will look the same to their servers.

Inspecting web traffic at the firewall is often not feasible unless the firewall supports web proxy. Web proxy essentially forces all client web browsers to access the internet at the firewall instead of going directly, which means all web requests are initiated at the firewall. Without doing a web proxy, traffic that is protected with HTTPS cannot be inspected because it's encrypted. With a proxy in place, HTTPS traffic is initiated on the Proxy server, then decrypted and presented to the client. This is how most web filtering solutions work.

If you are willing to implement a web proxy solution in your environment, that's probably the most effective way to keep track of usage. Just realize that proxies can be bypassed. The OpenDNS solution can be bypassed very easily as well.
1
 
LVL 8

Accepted Solution

by:
myramu earned 1000 total points
ID: 41758186
Hi,

Your question can be divided in to 3:
1) Users web usage report (Accessed websites, Bandwidth and time usage): This report can be produced using existing FortiGate with the help of Fortigate webfiltering and a syslog server/Fortianalyzer.
2) Capturing packets of a specific user: Packet capturing is also supported by the Fortigate (Required to enable on firewall policy).
3) Web files archive: This is also supported by Fortigate (Using DLP profile and Fortianalyzer).

Good Luck!
1
 
LVL 1

Author Closing Comment

by:Daniel Checksum
ID: 41759458
I am going to contact FortiNet support for this.  My supervisor had recommended that to begin with, just wanted to make sure it was the right choice.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question