Reports On Users Browsing History?

[pyth0n]

Hi all,

Wondering if anyone has came accross any ways to have a users web browsing history reported to the IT office?

We've noticed a few things are not getting done properly workwise yet they have time for internet shopping while at work. So we can have facts and figures etc I would like to know if anyone has discovered a way or a has a tool to report the users history in the background... This is something I will make use of once we have impelmented smoothwall however, at this moment and time our firewall is managed offsite and due to having Server 2003 and IE 8 on the computers, we find the users still find ways to delete their browsing history due to lack of GPO.

Thanks in advanced,

pyth0n

[plazmatron]

Hi all,

Wondering if anyone has came accross any ways to have a users web browsing history reported to the IT office?

We've noticed a few things are not getting done properly workwise yet they have time for internet shopping while at work. So we can have facts and figures etc I would like to know if anyone has discovered a way or a has a tool to report the users history in the background... This is something I will make use of once we have impelmented smoothwall however, at this moment and time our firewall is managed offsite and due to having Server 2003 and IE 8 on the computers, we find the users still find ways to delete their browsing history due to lack of GPO.

Thanks in advanced,

pyth0n

If it is a small network, could you not use wireshark, and simply log the traffic that way?

If you wanted to generate a human readable report, have ngrep parse the pcap files into say IP addr, Site visited, and date+time.

ngrep -W byline -qilwvt 'referer' tcp dst port 80 \ | grep -i " -> \|get\|host"

That way, no matter how crafty your users may be at covering their tracks, as long as they are sending network traffic, you can see what they are at.

Edited July 8, 2012 by plazmatron

[digip]

Squid and proxy firewall, with every user to have their own account logon for WWW events, then log all websites they visit based on their logins. Not sure if Squid has the built in, but thats where I would start and work out the web history process after you get specific WWW login access locked to individuals via squid and proxy.

Using wireshark, or any packet tracing method, tcpdump, etc, would 1, violate some ethics and maybe privacy laws on individual data(ie, credit cards, confidential things like hippa if they make a Dr's appointment via the web, etc) and also be network overhead and CPU resources wasted, if not a bottleneck if setup to log for every employee. Too much resource wasted in my opinion. You should be able to move their browser temp folder and history to a share for each employee though, so long as they all use Internet Explorer, store each users history file on network shares per user, and undelete-able by the users themselves, only admin access to delete when done with or audited for what you need. With windows, Active Directory and some Group Policy Fu should help with that department. Not sure how you script it, but I know it can be done.

[Infiltrator]

A proxy is what you need, it will not only provide/block access to the internet, but will also report any URL a specific user has accessed. This is the most effective way to control and keep an eye on what users access on the internet.

Edited July 9, 2012 by Infiltrator

[pyth0n]

yeah, im not looking to see any passwords etc, just too many problems are happening due to work staff not concentrating, then when you quietly go into their office, you see them browsing clothes shops, amazon online etc... I dont have any issues with this until it affects the business. Thankfully i can say im not a BOFH!

So i just need some evidence on paper to say, ebay has had this amount of hits, amazon had this amount of hits...

Will Look into setting something like squid or the sort on a spare PC.

Thanks for everyones input! dont worry, i will be speaking to the IT manager regarding company policy!

[Infiltrator]

Thanks for everyones input! dont worry, i will be speaking to the IT manager regarding company policy!

Do definitely that, also I don't know if the company you work for, has an internet usage policy in place. If it doesn't, I would get the IT department to write one up, and get every employee to sign it off. This should stop employees from spending too much time surfing on the internet. If anyone breaches or violate this police, the company should give them a formal warning.

Setting up a squid proxy is not hard, but once you've got it up and running you will be able to block specific websites, and if an employee has a problen, they can go up to their IT manager and have a fit about.

Edited August 2, 2012 by Infiltrator

[pyth0n]

Do definitely that, also I don't know if the company you work for, has an internet usage policy in place. If it doesn't, I would get the IT department to write one up, and get every employee to sign it off. This should stop employees from spending too much time surfing on the internet. If anyone breaches or violate this police, the company should give them a formal warning.

Setting up a squid proxy is not hard, but once you've got it up and running you will be able to block specific websites, and if an employee has a problen, they can go up to their IT manager and have a fit about.

Thanks infiltrator!

I will be doing this, we currently have another company managing out firewall but i think we're gonna inplement a smoothwall and manage it ourself, looks like it has a lot of control when importing from AD! :)

Thanks,

[redhook]

What you'll find is that they'll just use their cellphones (likely what they're already doing).

[Infiltrator]

What you'll find is that they'll just use their cellphones (likely what they're already doing).

Another reason for the company to write up a phone usage policy.

[combatwombat27]

One thing to keep in mind when pulling traffic logs is that even if a user is idle on sites it can be reflected as time used on that site. I often have youtube or something open in a minimized window while I'm at work with whatever I am watching at lunch but if you were to pull a log it would show me being on youtube all day. I have seen a few people at different companies fired due to the manager who received these kinds of reports not realizing that websites even not being actively used just open will show up. That aside I have always found it easiest to pull these logs via the firewall.

[Pwnd2Pwnr]

I read an interesting topic similar to this one on Spiceworks. Do the employees have an idea on WHY this should not be done? Assuming you have small business, why not set a thin client on any PC that has external access (semi costly), but you can tweak it to your specs. A handful of companies are investing into setting up their systems up so the employee can't even change the wallpaper. Check N Go's systems office is setup like this

SERVER---THIN CLIENT---PC

I thought it is a good idea...

[Pwnd2Pwnr]

One thing to keep in mind when pulling traffic logs is that even if a user is idle on sites it can be reflected as time used on that site. I often have youtube or something open in a minimized window while I'm at work with whatever I am watching at lunch but if you were to pull a log it would show me being on youtube all day. I have seen a few people at different companies fired due to the manager who received these kinds of reports not realizing that websites even not being actively used just open will show up. That aside I have always found it easiest to pull these logs via the firewall.

Pandora has some system that allows the radio to quit after a certain idle time... maybe someone here can reiterate... I a JoaT techie. I know a little about everything, but am by no means, an expert like some of my fellow forum members.

TSPool@bt$ APT-GET INSTALL LINUX FOR MY DUMB ASS does not work... SHIT... I forgot Sudo!!!

TSPool@bt$ Sudo apt-get install linux for my dumb ass

enter password:

No such repository blah blah blah

of course, that repository doesn't exist... :o

[halloween]

I'm working on setting up something very similar for one of our clients, for exactly the same reason. Smoothwall, once you implement it, will of course allow you to do this. I ended up using Zentyal for our client. Configuration was straightforward, I threw in an extra NIC and bridged them for throughput, then set up a transparent proxy so I wouldn't have to do any individual configuration. I'm actually waiting to implement it until they have the final release of 3.0 (out on Sept. 13th) as it will be based on Ubuntu 12.04 instead of 10.04, and looks to clear up some of the web-based management lag. Might be worth checking out.

[logicalconfusion]

IT environments that implement enterprise level freeware are horrible. It's a lot like working in a thrift store loaded with donated packard bells. Ever think of limiting their traffic through a proxy and pre-defined host file.

[Napster91]

I do not know if this will work for you but currently we installed a program called DNS crypt and setup all the computers to use the Loopback address for DNS lookup which uses open DNS, we then are able to do alot of the filtering there.The user has to have the program on and running otherwise they will not be able to acess the internet, which in turn means they cannot at the time bypass open DNS filtering. If a user does perhaps bypass the filters we also use a program called netspypro which we configured to log all browsing history and have configures it to take a screen shot when a user visits a specific page like youtube or facebook. With that program you can view it as it happens real time and log in and do alot of other things. When I worked for apple there is another program we used to monitor employees similar except you could see all the employees screen at the same time so we setup a few monitors just for that.

[stealthkit]

I would say don't waste your time with freeware if this is a enterprise network. You need a content filter... example Cisco's Ironport. You have the WSA for web sites and ESA for email. Ya I know it is a little expensive but you have to look at it as an investment because really it is (employees goofing off = $$$ lost) If you really wanted to see what employees are doing real time then a packet shaper is the way to go. I believe the company is BlueCoat *Changed names a couple of times* has an excellent packet shaper and every user can be seen along with what site, IP, type of traffic, ext. This also gives you the power to throttle them up and or down to how ever you feel necessary. Example would be you set www.facebook.com to have 5kps all together. Thus making it unusable and thus you employees will not be goofing off on your computer. That doesn't mean they just won't whip out their cell-phones and tether.

Regards

-Stealthkit

[Infiltrator]

I would say don't waste your time with freeware if this is a enterprise network. You need a content filter... example Cisco's Ironport. You have the WSA for web sites and ESA for email. Ya I know it is a little expensive but you have to look at it as an investment because really it is (employees goofing off = $$$ lost) If you really wanted to see what employees are doing real time then a packet shaper is the way to go. I believe the company is BlueCoat *Changed names a couple of times* has an excellent packet shaper and every user can be seen along with what site, IP, type of traffic, ext. This also gives you the power to throttle them up and or down to how ever you feel necessary. Example would be you set www.facebook.com to have 5kps all together. Thus making it unusable and thus you employees will not be goofing off on your computer. That doesn't mean they just won't whip out their cell-phones and tether.

Regards

-Stealthkit

Why pay when OpenSource software can sometimes perform better than propriety software?

[digip]

I would say don't waste your time with freeware if this is a enterprise network. You need a content filter... example Cisco's Ironport. You have the WSA for web sites and ESA for email. Ya I know it is a little expensive but you have to look at it as an investment because really it is (employees goofing off = $$$ lost) If you really wanted to see what employees are doing real time then a packet shaper is the way to go. I believe the company is BlueCoat *Changed names a couple of times* has an excellent packet shaper and every user can be seen along with what site, IP, type of traffic, ext. This also gives you the power to throttle them up and or down to how ever you feel necessary. Example would be you set www.facebook.com to have 5kps all together. Thus making it unusable and thus you employees will not be goofing off on your computer. That doesn't mean they just won't whip out their cell-phones and tether.

Regards

-Stealthkit

Having had worked at one of the largest banks on the eastern United States, I can tell you, money means everything to the IT Department, and we used a Squid Proxy and a number of other open source tools to keep people from being able to leave the network and reach the internet without having sign ons to get through the proxy. Don't know what kind of shop you work in, but Open Source products run the backend of the network, as much as Cisco and Microsoft run the front ends, and to say not to use Open Source software, you've either never worked in a large shop, or you just like spending money to do what others are doing for a fraction of the cost. Closed source != better in every instance, and for anyone to wave that wand of "use big iron standards" as an end all solution, well, you probably won't have a long career in IT. Yes, MSFT rules the corporate LAN, for user and directory services and user desktops, but much of the back office in many shops use more than their fair share of Open Source tools, and you'd be hard pressed to find otherwise. Sure you won't be seeing uBuntu rolled out to every CSR reps desktop since 99% of all software people use is Windows based, but thats not true on the back office, IT side of things, and most of the time, its a combination of WIndows, Linux, and other thin client and virtualization software setups the keep things running, and much of it, is open source on the network, whether people realize it or not.

Edited January 18, 2013 by digip

[Drei_Drachen]

Having had worked at one of the largest banks on the eastern United States, I can tell you, money means everything to the IT Department, and we used a Squid Proxy and a number of other open source tools to keep people from being able to leave the network and reach the internet without having sign ons to get through the proxy. Don't know what kind of shop you work in, but Open Source products run the backend of the network, as much as Cisco and Microsoft run the front ends, and to say not to use Open Source software, you've either never worked in a large shop, or you just like spending money to do what others are doing for a fraction of the cost. Closed source != better in every instance, and for anyone to wave that wand of "use big iron standards" as an end all solution, well, you probably won't have a long career in IT. Yes, MSFT rules the corporate LAN, for user and directory services and user desktops, but much of the back office in many shops use more than their fair share of Open Source tools, and you'd be hard pressed to find otherwise. Sure you won't be seeing uBuntu rolled out to every CSR reps desktop since 99% of all software people use is Windows based, but thats not true on the back office, IT side of things, and most of the time, its a combination of WIndows, Linux, and other thin client and virtualization software setups the keep things running, and much of it, is open source on the network, whether people realize it or not.

This^^^^

It's true that some open source software is crap. However, a lot of it works pretty well and the community support is awesome. Try supporting a public school on 100% closed source proprietary software. Not gonna happen. Even with the educational discounts, it's hard to get the funding. I have to keep costs down. If that means running linux on the backend, I do it. If that means using a re-purposed desktop as a linux based firewall...i'm in. Be it public or private sector (I've worked both), companies don't have infinite funds. They have to spend wisely. On top of that, when companies have budget problems, support costs are one of the first thing to go. IT depts are constantly being asked to do more with less. If you can find a well supported well written open source program to get the job done effectively, why not?

[Random_N00b]

Now, I can't speak for my work, as I am not allowed access to the information on the automatons side of the house, but from being a user on the network, I know that a version of Bluecoat is used, and that a proxy server is used that we log in to (firefox and IE). The only problem I have with Bluecoat is that at times it is too restrictive. Sites that I've had to get to for school have been blocked, along with some legit news sites.

[stealthkit]

By no means did I mean all open source software is crap. I understand where "Drei" is coming from, as I also work in education. I have to support 35,000 users and not to mention the 3:1 wireless model that I am in the process of implementing. I to have to work with a budget that seems to always be getting smaller. I know that Open-Source is "free" but in reality it is not free. The time you will have to work troubleshooting the issue and that time costs money. *Salary* Not to mention if for some reason you leave the company, no one will know how to work it. At least with Cisco I have one neck to choke. BTW I have a good amount to Open-Source tools I use on a regular basis (Cacti, Netdisco, and etc) but the situation I heard, you would be better off going with an enterprise solution depending on company size. *If you have the funds* It is like me trying to deploy Asteric VOIP for my users. The management would be a nightmare and not to mention I would need a crap ton of servers to host it off of. Sorry I don't mean to come off like I hate Open Source *I don't* If Open Source does everything you need, then by all means use it but you will never no if that software will go cold or not. You have to figure out how much risk you want to take on going the Open Source route.

-Stealthkit

[WhereIsHere]

I would use a Watchguard firewall with their reporting sever there is no comparison for what I have used other the years.

[newbi3]

I was going to recommend squid proxy but it looks like digip beat me to it. Squid is a great service and you can configure it to do really powerful things. Hope this helps out!

[wh1t3 and n3rdy]

Another vote for Squid here.