methods of monitoring internet use

neo468

what are some good anc common methods of monitoring internet use. Also methods so that the user doesnt know they are being monitored.

lordy

The first thing comming to my mind is 'proxy'.

If you don't want them to know set up a 'transparent proxy'.

Google for this and you'll sure find some good guides on how to do this with Linux and Squid.

However, note that some countries (e.g. germany) have very strict laws on monitoring people (even and especially at work) so you might want to check that first.

Regards,
Lordy

RussS

It really depends on what you are looking at monitoring. We monitor directly from the firewall for many of our clients and can pick up what sort of traffic is occuring - from that we can locate users by IP address and bail them up about things like streaming media, or shut them down if they have been hit by a virus such as Sasser.

keatron

RussS wrote:

It really depends on what you are looking at monitoring. We monitor directly from the firewall for many of our clients and can pick up what sort of traffic is occuring - from that we can locate users by IP address and bail them up about things like streaming media, or shut them down if they have been hit by a virus such as Sasser.

That's exactly what we do with our smaller clients (100 or less users). The config usually consists of a PIX and usually a Sonicwall. We use the pix for access rules and filters, and the sonicwall for granular content filtering, monitoring, and automation of desktop antivirus software updates. My default config on the Sonicwall consists of a rule that won't allow any computer inside the network to connect to the network without the latest version and latest patches of the desktop anti-virus package. Most clients are amazed, shocked, scared into next year after we implement this, then show them that about 60 to 70% percent of all inbound traffic is sometimes dropped at the pix and sonicwall.

RussS

For sure Keatron - it is amazing what you can see on any given day. Our Linux engineer builds our firewalls using ex-lease small form factor desktops and we can usually add in mail filtering and a few other goodies as well.

Chivalry1

2 Words:

Linux + Squid. Thats all you need!

jmc724

iPrism and for more Barracuda.

mobri09

Linux for sure

garv221

I just went through this about a year ago. I wanted to setup corperate web montiroing without creating a proxy or having a passive gateway monitoring tool. I found something that you install behind the scenes on client machines and it updates a server and keeps logs. Make sure you have good bandwidth. I didn't want to change my network scheme for proxy and we have alot of fiber so this option worked. (linux sux)

rossonieri#1

well - if you have the access to any core devices (such as router or backbone switches) maybe you can put an ip accounting on which interfaces the user you want to monitor - then you can decide what to do next.. : )

and garv..., linux is not that bad : ) heheheheee...

cheers

keatron

Just to add, If it's a bigger user base, I swear by Snort running on Linux.

(linux sux)

Back when I started learning Linux is really when I got deeper into security. It's a shame I haven't even attempted any Redhat certs, I'm more comfortable a fluent in an open source environment than I'll ever be in Windows.

EverythingPCowner

PIX Firewall

princess4peace

The posts here are interesting and inciting towards Linux. Its great

garv221

I don't really think Linux sux, I just don't use it. For some reason it reminds me of star wars and its followers.