Detecting what employees are downloading 1

[tasherma]

Hi, I am having a problem with employees downloading and surfing websites at work that are not related to work in any way. We have firewalls set up to block lots of junk sites, but some employees are abusing the internet. I am wondering if there is a way to see what they are doing on the internet, say by analyzing TCP/IP packets. Can I get a packet sniffer/decrypter and see exactly what someone is downloading? Maybe then I will have evidence to bring up in meetings...

Thanks

 

[Bobg1]

You can set up a proxy server and have it log what is happening.

 

[Breakerfall]

or you can use monitoring tools,
(like remoteanywhere) and see what
they're doing when surfing.


Breakerfall
®º°¨¨°º can you ping me now...GOOD! º°¨¨°º®

 

[andrewflagg]

An alternate solution much like a proxy is building in a network or application cache server that is on the same interface as the fast ethernet for your core router.

in doing so, you can see a log of cache data as requested by user by ip and machine name, date/time, etc.

the proxy server idea is similar but a passthrough solution.

warning -- adding a packet sniffer can cause a severe performance hit to your network.

you can use NT Server network analyzer to periodically grab data from a network interface of a users computer and read the details of the data.

good luck.
andy

 

[Comstocb]

Andrewflagg

Quote "warning -- adding a packet sniffer can cause a severe performance hit to your network. "

This is false in my experience but I always keep an open mind to others interpretations and experiences. Can you explain further why you find that traffic capture can impact network performance?

Brian

 

[Autobahn]

Just a note for any UK people reading this thread...This is now illegal according to the data protection act unless specifically stated to the employees beforehand.

 

[Bobg1]

You really should have data policy in place before employees are given access to the system. By having them read and sign it they are then required to abide by the rules and monitoring that is put in place. It should also be reviewed, updated and resigned on a regular basis.

 

[paklids]

All of these other methods would work well, especially a proxy server. Unfortunately there is administarative concerns with some of these solutions (but...job security?...)

Another option is to set a login/logout policy or something similar that dumps the user's temporary internet files to a server you've specified. A great deal of info can be derived (including download URLs) that could help you pinpoint the offending users and notify them of the policy.

hope that helps!
paklids.

 

[gilvie]

Hi guys, I am sort of having the same issue. However, I already have the proxy server in place. But what I need is for the client machines to automatically detect the proxy server. Or any new workstation added to the network needs to auto detect the proxy server.

I do not wish to manually go to each and every 200+ machines to configure IE.

Does anyone know of a log on script to write, for auto detect proxy server?

Help!

Gilvie

 

[lmvsilva]

Hello to all.
In our organization we have WebTrends/WebReporter to "see" what kind of traffic and its durations to and from the internet. To help us to identify clearly the Internet traffic we have a PacketShaper 6500.
This conbination permits that we have a complete idea about the Internet Traffic of our employees.