Jump to content

Monitoring Question


Hurricane

  

4 members have voted

  1. 1. Which type of solution should I impliment?

    • Screen Monitoring
      2
    • Key Logging
      0
    • History sweeps
      0
    • Network Tap
      2
    • Other
      3


Recommended Posts

I have been getting some feedback from my staff concerning the amount of time that a Particular employee is spending on sites unrelated to their work, i.e. banking, facebook, tax preparation, etc.

What would you recommend?

I have included a poll for a summary. I was hoping for comments as to which of any particular kind works best as well.

Link to comment
Share on other sites

You are looking for a technical solution for a non-technical problem. I suggest telling them that they should not spend the time some one is paying the for to do what they want but instead do what they are been paid to do.

I would love to deal with it that way. Unfortunately that has already been attempted and failed.

Also, for fun they happen to be the child of one of our managers and the one closest to being our h.r. manager to boot.

I need hard conclusive proof that a significant portion of time is being squandered.

Link to comment
Share on other sites

I think what you should do is, implement a proxy server in your network to monitor what websites which user access and how often those websites are accessed.

In addition you should write an internet usage police as well, stating reasons how the internet should be used during work hours. And if for any reason anyone fails to comply, you could give them a warning or block access to the website.

Link to comment
Share on other sites

I think what you should do is, implement a proxy server in your network to monitor what websites which user access and how often those websites are accessed.

In addition you should write an internet usage police as well, stating reasons how the internet should be used during work hours. And if for any reason anyone fails to comply, you could give them a warning or block access to the website.

QFE

I think that is an excellent idea and something that should have already been in place. If its a place of business and you give employees access to the Internet, you are already doing your business a disservice because of the inherit security risks associated with allowing people access to the Internet in general. There should not only be a usage policy in place they have to comply with, but also a security policy that is configured to safeguard the company from risk. At a minimum, block access to sites like Facebook and Myspace, and any third party game sites they may access through those sites as well. If they were compromised from visiting one of these sites and click a malicious link from a friend whom was also compromised, they might not be the wiser and click whatever they receive and in turn, create a backdoor into your companies network.

As for keyloggers, its probably illegal, especially if they are accessing private things like a bank account. Same for screen grabs, although, probably not illegal if stated in your handbook, might get you sued if they found out you were accessing their private information, such as a bank account. If you need hard evidence, you can set up filters to notify you of the sites they visit and then report this to whomever needs the info, but I think keyloggers and screen monitoring, or even packet sniffing is going to become an issue. Statefull Packet Inspection on the other hand, takes the guess work out of the equation for you, and you should be able to implement something that tells you how many times say, site xyz.com was accessed, the day, and time, and what user. Especially if implementing a proxy where every user has to sign in to get access to the internet, you can monitor what sites they go to, and even put up messages in place of the pages that are restricted, which should tell them flat out, visit this site and you may be terminated. After X number of attempts, take action, such as being written up, suspended or eventually fired.

Link to comment
Share on other sites

I just remember that the other at work, every staff member had to sign off an internet usage agreement with the company. And the reason to that was due to staff members spending too much time surfing websites that was not work related like FaceBook or Youtube.

Besides signing this agreement off they've also blocked access to the above websites. I mean if you really want your staff to do the right thing, you have to take the correct action and rectify this situation. Block the website and if someones tries to bypass it, give them a warning and if they don't want to listen terminate the employment.

Link to comment
Share on other sites

I like websense for internet monitoring.

Is that something you have to install on each computer or does it sit on the edge of your network and filter traffic? Never used it, so I'm asking.

Edited by digip
Link to comment
Share on other sites

It sit's on the network and monitors the web traffic going in and out.

http://www.websense.com/content/web-security-gateways-overview.aspx

It reveals quite a lot, the CEO who left before I started was lucky he left when he did and the staff in place at the time did not run regular reports. You can put everyone through a proxy and capture it all, and they wouldn't know any better.

Link to comment
Share on other sites

  • 1 month later...

So based on your comments I am unsure the level you sit at within your organization. Obviously you have reporting staff but the solutions which can be implemented will obviously depend on your level within your organization. As mentioned above a proxy server is a great solution to track basic and simple web traffic. If Social media is not a critical part of your teams role then I would suggest blocking those sites outright. Another solution might just to block Facebook, Youtube, Twitter Etc etc etc. all together organization wide. I myself am looking for a nice open source web & packet analyzer tool which can monitor the enterprise which I manage in real time. I am not personally interested in websense does anyone have other solutions which could work?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...