To keylog or not to keylog???

[wahnula]

Hello,

I am having an issue with one of the PCs on my 10-PC SBS2003SP2 network. I have all the machines set to log off with password protection after 15 minutes. We are a landscape construction company with about 50 employees, and only our office staff has access to the network.

This one machine has Mexican porn sites in its Internet history. The main user is a mature, honest man and has told me that he has given his password to nobody, but I have seen young Garden Center employees at his PC, apparently with his knowledge and approval. I don't think it's any of them, I think somebody else is surfing these sites.

I am not concerned about viruses or malware as the machine has its own A/V plus we have a SonicWall gateway A/V & Spyware firewall.

I learned about a keylogging app called KGBSpy, I am entertaining the notion of installing it on the machine to find the culprit. I am concerned about the ethics and legality of this and am looking here for opinions.

Everybody has been told that this network is company property and everything you do on it is visible by me. So, opinions please.

Tony

 

[58sniper]

I'd investigate logging features in your firewall to see if you can track things that way.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[wahnula]

Pat,

Thanks for the reply. Yes, I can install SonicWall ViewPoint on the SBS machine then re-configure the firewall. This is a daunting task for a part-time sysadmin like myself especially at this time of year, as I am the main revenue-producer for the company (design/sales) and I really have to budget my time.

I have downloaded the software and printed out the 35-page manual. I am just soooo hesitant to install anything to the working server, especially a new app like this, Tony's Law says it while take 2-1/2X the amount of time that I allot. I would test it at home on a virtual machine but I don't have a SonicWall at home.

This app is very comprehensive, telling the page title, URL, text typed, time stamped, and it resides on the local machine, not the server. </rationalization>

Tony

 

[ShackDaddy]

I would go ahead and put a keylogger on there. I would also consider telling the main user that the keylogger is in place. If the main user happens to be the culprit, he won't do it again. If he isn't the culprit, he'll appreciate knowing that he's being told, and you'll be able to correlate use of those websites with a particular timestamp and narrow down who was likely to have been using the system. Could be someone after-hours on the office-cleaning staff or something.

Installing ViewPoint would be good if there were more issues than just this one that you needed to address, but since it's a local problem, a simple local solution will suffice and save you a lot of time.

ShackDaddy
Shackelford Consulting

 

[PHV]

The date/time of visits aren't already in the history and the cache ?

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[wahnula]

The date/time of visits aren't already in the history and the cache ?

We use Firefox as default browser, made the change a long time ago to cut down on spyware. History is by date only, i.e. yesterday, six days ago, etc.

I think I will wait and see if they pop up again. Thanks for your replies.

Tony