RE: Internet usage and monitoring

We use WebSense here and it's AWESOME!!! :-)

At my last job, I setup a squid proxy and since we used Cisco, almost
all network traffic was routed through the squid box.. I guess it's
called transparent proxy setup? Anyway, that worked great, as there are
so many squid log analyzers out there. I used Calamaris as well as
webalizer to get an overview of what's going on, and that worked great.

Another cool thing you can do with Squid (and probably other proxy
servers too) is to create a block list, as well as control how much
bandwidth/speed you'll allow to certain sites. Like I wasn't allowed to
block anything, but I did throttle MySpace, Friendster etc down to 10
Kbit/sec speed, and that quickly deters users from using such sites :-)

Anyway, if you got some chi-ching $$$, I'd highly recommend WebSense.
Very neat logging, and very good control over the end users. Here we
have set it up so that certain users only have an hour of free surf time
per day, when accessing non-work related stuff such as shopping and
news. It also blocks spyware/malware really well.

-Petter

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of gjgowey@xxxxxxxxxxxxxxxxxx
Sent: Thursday, September 27, 2007 10:24 AM
To: Bhardwaj, Akash; listbounce@xxxxxxxxxxxxxxxxx; p1g; Jon Petre
Cc: security-basics@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Internet usage and monitoring

Speaking of Websense I know the larger pix's tie in with it, but I
wonder if the 501 does too. If so then you've found your solution:
Websense plus a PIX 501 fw (you can get these cheap on ebay).

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "Bhardwaj, Akash" <Akash.Bhardwaj@xxxxxxxxxxxxxxx>

Date: Thu, 27 Sep 2007 22:08:12
To:"p1g" <killfactory@xxxxxxxxx>,"Jon Petre" <jono-31@xxxxxxxxxxxxx>
Cc:<security-basics@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Internet usage and monitoring


I would always prefer Websense, it is the most simple, powerful device
to use.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of p1g
Sent: Thursday, September 27, 2007 8:43 PM
To: Jon Petre
Cc: security-basics@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Internet usage and monitoring

For that small of a network, look at Cymphonix. It does traffic
analysis via NetFlow.
It also deos content management.

So, you can use it to block the traffic or simply report on it.

Top talkers, top applications, etc....

This is an appliance based solution. Not expensive.

Surf Control on Windows
i-prism is a squid based appliance(blackbox.easy to manage)

On 9/27/07, Jon Petre <jono-31@xxxxxxxxxxxxx> wrote:
Hello List,

I am looking for an idea/program to monitor users internet usage. Due
to the
nature of the customer who requires the monitoring carried out, this
program
must be able to run on a windows box and needs to be very reasonably
priced
(I have no control over budget unfortunately). I am aware of programs
such
as ISA server (too expensive) and squid (*nix based). Any other
sugesstions
would be great.Customers network is round a bout 20 workstations that
need
to be monitored, so pretty small in reality.

Looking forward to all your help.

TIA

Jono

_________________________________________________________________
Can you see your house from the sky? Try Live Search Maps
http://maps.live.com




--
-p1g
SnortCP
,,__
o" )~ oink oink
' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

Relevant Pages

  • Re: Tools for monitoring traffic to specific websites
    ... If you're using squid as your proxy, maybe you should check out sarg ... I am trying to monitoring the daily web traffic to sites a few ... we are using a proxy server to block and allow ...
    (Security-Basics)
  • RE: Squid question
    ... I believe you want transparent proxy services. ... Point the new machines to the squid box as their gateway, ... > discovery, such as the physician-patient privilege, or a peer review ...
    (RedHat)
  • Re: parental control with squid and dansguardian
    ... I need to configure the browser to look for proxy on port ... if someone just changes the port in their browser to 3128 (squid ... as the box is behind a router firewall anyway but I would appreciate your ...
    (freebsd-questions)
  • Re: monitoring software
    ... The firewall also redirected all port 80 traffic back ... to the squid proxy. ... As seems to be often the case what the boss ...
    (alt.os.linux.suse)
  • Re: bypass intranet sites
    ... I have solved this issue using "Proxy Auto-Config" files ... The issue is that if your client connect to the squid server no matter ... I have a couple of sites in my intranet and all my locals users are ...
    (RedHat)