Ad Widget

**nelsonab** · 06-03-2009, 04:10

Even easier.... Put a Squid proxy in front of them. Then you'll get a URL log of every site they hit. Setup squid on your network, then set their computer to use the proxy. If they're smart and paranoid they can remove it, however you can override this with domain policy. Or if you really want to get crazy you could setup a firewall rule (if your firewall allows) and setup transparent proxy.

Now for the disclaimer... I have had to do this at a few sites, and every time I hate doing it.... one boss used it as fodder for her own personal witch huts... As if she wasn't micromanaging enough.

**troffasky** · 06-03-2009, 13:15

Originally posted by nelsonab

if you really want to get crazy you could setup a firewall rule (if your firewall allows) and setup transparent proxy.

Not really crazy, just common sense! If the proxy is the only host allowed out on port 80, nobody will have any choice but to use it, which also negates the requirement for making it transparent.

**jroberson** · 06-03-2009, 17:50

Unfortunately, at this time, we are not allowed to change anything on the network side of the operation. That is the most logical choice and I have recommended it, but it gets knocked down every time. Therefore, my only option is something within the network or on the workstations themselves. I was hoping there was an easy way with Zabbix, but I couldn't think of any on my own. Does anyone else know of any workstation based monitoring solution? It will have to "free" because of even more restrictions.

**troffasky** · 06-03-2009, 18:51

Websense Remote Filtering will do what you want on workstations, but it's not exactly free!

Ok, so if you're not allowed to "change" the network, here's something you might be able to do 'in' the network: use arpspoof to pretend to be the default gateway and route traffic through your linux box. As it will then be traversing your box, you can filter it or audit it as you see fit. It's not foolproof - some switches will prevent you from effectively spoofing another host's traffic. I can tell you from experience, however, that most switches aren't configured out of the box to detect/block ARP spoofing.

Another idea, would placing your linux box [with the requisite number of ethernet cards] between the LAN and your default gateway count as changing the network?

**nelsonab** · 06-03-2009, 21:33

Originally posted by jroberson

Unfortunately, at this time, we are not allowed to change anything on the network side of the operation. That is the most logical choice and I have recommended it, but it gets knocked down every time. Therefore, my only option is something within the network or on the workstations themselves. I was hoping there was an easy way with Zabbix, but I couldn't think of any on my own. Does anyone else know of any workstation based monitoring solution? It will have to "free" because of even more restrictions.

If you setup the client workstation to use the proxy you're not changing the network continuations, just how that workstation accesses parts of the network. The configuration options are under Internet Settings in windows I belive (on a Linux desktop, can't check). In Firefox edit-> preferences-> advanced-> connection settings.

**jroberson** · 06-03-2009, 22:42

Hmm, that's true. I didn't think of that. The only problem would be setting up all the clients. I guess we could push all of that through Group Policy to IE6 and just leave any other browser/program access alone. This our primary browser as we have an old Intranet portal here and FF or IE7 will not work. A proxy shouldn't affect that as it is essentially forwarding the web requests. It might miss some of the traffic going through streaming programs but it'd hit most of the web traffic. Much more than we are getting now! It might not ultimately fly with the powers that be, but it's a possible solution.

Thanks!

(I guess I have to use Zabbix to monitor the proxy server then!

)

**nelsonab** · 06-03-2009, 23:57

Originally posted by jroberson

(I guess I have to use Zabbix to monitor the proxy server then!

)

Exactly! And you could then write a few scripts that parse the state of Squid and generate some nice pretty management friendly graphs showing how everyone is being a good little worker bee and not surfing the big bad interwebs....

Sarcasm implied. :-)

**jroberson** · 07-03-2009, 00:39

Originally posted by nelsonab

Exactly! And you could then write a few scripts that parse the state of Squid and generate some nice pretty management friendly graphs showing how everyone is being a good little worker bee and not surfing the big bad interwebs....

Sarcasm implied. :-)

If they wanted to see that, there wouldn't be any point to any of this.

Sarcasm noted and appreciated.

Ad Widget

Monitor a host internet usage/history

Monitor a host internet usage/history

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment