Monitoring staff through external website?
- Thread starter mit74
- Start date
Check out opendns DOT com (can't post links as I'm new 
)
It can sometimes be "worked around" depending on employee's privileges on their workstations but in many environments it will just require a change to the dns servers in your main router (which then gets applied to workstations via dhcp) and allow you to block certain websites or types of sites along with log sites/domains visited, how often, etc from your network.
)It can sometimes be "worked around" depending on employee's privileges on their workstations but in many environments it will just require a change to the dns servers in your main router (which then gets applied to workstations via dhcp) and allow you to block certain websites or types of sites along with log sites/domains visited, how often, etc from your network.
Upvote
0
Depends on how your network is setup, if you are using a windows domain then you can make a change in group policy which forces all internet traffic via a 3rd party such as scansafe, which logs all access requests and you can allow/block sites as you see fit.
If you aren't using a domain then you will need to install a client on each users PC.
Opendns can work but as cnjim said it's quite easy to bypass.
Which solution would be best will come down to how your network is configure and more importantly how much you want to spend.
If you aren't using a domain then you will need to install a client on each users PC.
Opendns can work but as cnjim said it's quite easy to bypass.
Which solution would be best will come down to how your network is configure and more importantly how much you want to spend.
Upvote
0
I agree with the above. Depending on the setup of you network and security policies it would be easy to bypass unless each pc is locked down or if your using active directory where you can setup group policy to prevent users changing settings.
With most monitoring and web filtering software you install the software on a server or host pc and the configure the proxy setting on your browser to point to that server.
This would route all traffic through the server logging all activity and give you the ability to control user access.
We use Gfi's webfilter, but there are plenty others about. This gives you the web interface where you can login onsite or remotely to view and control their access.
With most monitoring and web filtering software you install the software on a server or host pc and the configure the proxy setting on your browser to point to that server.
This would route all traffic through the server logging all activity and give you the ability to control user access.
We use Gfi's webfilter, but there are plenty others about. This gives you the web interface where you can login onsite or remotely to view and control their access.
Upvote
0
It can be done in free software, a firewall/router/Squid proxy.
Then SARG (Squid Analysis Report Generator) will give a web interface to reports on who has been where.
You can add i-cap to filter all internet through a virus checker as well, if you want to
Have a few clients with that set up, but what's interesting is the different ways that reports are handled. With some they are top secret, access to directors only. But another has them totally open so any employee can see any other employee's internet usage, including the MD. Result is that nobody goes anywhere they don't mind others seeing! (They have appropriate policy in place).
Then SARG (Squid Analysis Report Generator) will give a web interface to reports on who has been where.
You can add i-cap to filter all internet through a virus checker as well, if you want to
Have a few clients with that set up, but what's interesting is the different ways that reports are handled. With some they are top secret, access to directors only. But another has them totally open so any employee can see any other employee's internet usage, including the MD. Result is that nobody goes anywhere they don't mind others seeing! (They have appropriate policy in place).
Upvote
0
If you've got Linux experience then squid would work for you.
On the other hand I've found it a complex solution and it's open source. As a business. I would never implement open source software on any of my clients networks. it's too risky in my opinion plus I think implementing a solution from a know vendor has a better support framework should you need help. However this is just my opinion.
On the other hand I've found it a complex solution and it's open source. As a business. I would never implement open source software on any of my clients networks. it's too risky in my opinion plus I think implementing a solution from a know vendor has a better support framework should you need help. However this is just my opinion.
Upvote
0
Which solution will also depend on what you actually want to do with the information.
If you go with a free solution setup on the router it's at best only going to log machine names, not the actual user who was logged in so may cause issues if you are looking to discipline people over web use.
Also as most people have a smartphone which can be used as a wifi hotpot they will just end up using that to get unmonitored access.
If you go with a free solution setup on the router it's at best only going to log machine names, not the actual user who was logged in so may cause issues if you are looking to discipline people over web use.
Also as most people have a smartphone which can be used as a wifi hotpot they will just end up using that to get unmonitored access.
Upvote
0
I know this will ruffle some feathers but it's just my opinion. Nothing wrong with open source it's just I wouldn't use it. You could call me a Microsoft fan
Opensource is ok if you have no money to spend and just want to try some solutions out, but the admin overhead and learning curve is usually a lot higher than paid for solutions.
I spent 20 years in IT security finding ways of stopping people visiting sites they shouldn't, and users will always try and find a way around anything you put in place.
Proper endpoint control is the only real way to stop them, but that does cost.
Upvote
0
We had better tell all those public and private organisations running websites with Open Source. And all the ISPs using Exim and Postfix for email. And Google, and the BBC.
Blimey, do you think they realise they've been getting it wrong all those years?
Upvote
0
You mean those big companies who can afford to employ high end developers and IT folk to make opensource solutions work.
As I said the admin overhead and learning curve for opensource is high, so unless you can employ experts to set it up and run it for you, then it's simply not workable for a lot of small companies.
Upvote
0
We have worked with some of our clients on similar solutions and there are many in the market. As rightly said, most are quite expensive and really just comes down to return on investment. Some people found it got more and more difficult to monitor everything as their company size grew. There are some very versatile solutions out there for this but it really just comes down to how much control you want. In all honesty I have seen mixed reviews for implementing such a solution.
Either way, if you do go for a monitoring tool or service I would highly recommend formally informing all your employees. In most cases that should stop them from visiting inappropriate sites anyway.
PS I wouldn't go down the open source route unless you're a strong techy as it can cause network problems, which can inadvertently further reduce business productivity. Saying that, I know others may argue this but most of them would be techies already
Either way, if you do go for a monitoring tool or service I would highly recommend formally informing all your employees. In most cases that should stop them from visiting inappropriate sites anyway.
PS I wouldn't go down the open source route unless you're a strong techy as it can cause network problems, which can inadvertently further reduce business productivity. Saying that, I know others may argue this but most of them would be techies already
Upvote
0
T
TurboIT
Opensource is great. But the learning curve is steep especially for Microsoft people who are used to point and click. I spent a long time being quite anti-open source for the some of the reasons listed here.
Opensource is at its best when someone skilled and competent is supporting it, that can range from the LG TV you just bought ( which runs linux and yes it can be modified and re flashed, lookup lg_mod) and firewall/filtering boxes such as smoothwall (which incidentaly would serve your needs here as it can all be managed remotely and logs viewed via web interface) to any number of services running on linux servers in house managed by in house staff.
The point is, if you don't have the support or skills in place then its going to be difficult. The cost of support can easily be offset by the saving in the cost of Microsoft licensing and often savings in hardware as linux itself is much more efficient and generally requires less beefy hardware (although that gap has been closing in recent years)
Personally I'm about the right tool for the job and in a web filtering/logging case it is going to be a linux/open source based solution every time, the good news is there is plenty of them out there it really depends on your budget and the additional features you require.
If you would like me to have a look a solution for you feel free to get in touch and let me know the required features and the your budged.
Opensource is at its best when someone skilled and competent is supporting it, that can range from the LG TV you just bought ( which runs linux and yes it can be modified and re flashed, lookup lg_mod) and firewall/filtering boxes such as smoothwall (which incidentaly would serve your needs here as it can all be managed remotely and logs viewed via web interface) to any number of services running on linux servers in house managed by in house staff.
The point is, if you don't have the support or skills in place then its going to be difficult. The cost of support can easily be offset by the saving in the cost of Microsoft licensing and often savings in hardware as linux itself is much more efficient and generally requires less beefy hardware (although that gap has been closing in recent years)
Personally I'm about the right tool for the job and in a web filtering/logging case it is going to be a linux/open source based solution every time, the good news is there is plenty of them out there it really depends on your budget and the additional features you require.
If you would like me to have a look a solution for you feel free to get in touch and let me know the required features and the your budged.
Upvote
0
Personally the reason i don't like open source is people know how the software has been built and has access to the source code making it extremely vulnerable.
Although blowing my own trumpet here i do have a client that uses linux RIPS for large format digital printing, but in this case these machines are isolated from the network and use a customized version of Caldera .
Although blowing my own trumpet here i do have a client that uses linux RIPS for large format digital printing, but in this case these machines are isolated from the network and use a customized version of Caldera .
Upvote
0
T
TurboIT
The reality of the situation is the complete opposite, as anyone can review the source code and point out the problems with it.
Security by obscurity is no security at all.
Case in point is linux vs windows, why are most security devices (and generally a very high % of embedded devices nowadays) built using linux as a foundation.
Windows has far more vulnerabilities than linux.
Upvote
0
I agree with you on that, I think the reason for Microsoft has more vulnerabilities than Linux is due to the amount of people using their operating systems and software.
Operating System Market Share
Having commercial support is fine. Its the proportion of people out there that uses the knowledge of the software to exploit it for example knowing database table and field names.
I suppose no matter what we do if someone is determined to exploit a system regardless of platform they will probably succeed.
Operating System Market Share
Having commercial support is fine. Its the proportion of people out there that uses the knowledge of the software to exploit it for example knowing database table and field names.
I suppose no matter what we do if someone is determined to exploit a system regardless of platform they will probably succeed.
Upvote
0
Latest Articles
-
When the Algorithm Gets It Wrong: What eBay's AI Moderation Problem Tells Us About Platform RiskA thread appeared on UKBF this week that, on the surface, looks like a...- Ozzy
- Updated:
-
Should you crowdfund? A framework for UK founders in 2026Three articles into a series on what crowdfunding actually costs, the...
- Ozzy
- Updated:
-
The polls, the reframing, and the billion dollarsHow three letters from the early years of Star Citizen's development...
- Ozzy
- Updated:
-
The values trap: what the Punks actually ownedWhy BrewDog's Equity for Punks investors were structurally locked out...
- Ozzy
- Updated:
-
When belief is the business modelWhat BrewDog's collapse and Star Citizen's billion-dollar climb are...
- Ozzy
- Updated: