It’s 10 O’clock; Do You Know What Your Employees Are Doing on the Web?

I don’t want to be the Internet police. Neither do you. We both have far more important things to do at work than worry about what our coworkers are doing on the Internet. Whether we are deploying patches, reviewing our firewall logs, or adding disk space to our SAN, practically anything we might have to do is more enjoyable, and provides more return on investment, than auditing Internet access logs to see who hits Facebook, who is downloading music, and who might be surfing naughty sites. But whether you are concerned more about the productivity lost to recreational use of the Internet, the bandwidth consumed downloading content, the risk to company systems from malware, or the potential legal and HR issues that come with accessing inappropriate or copyrighted materials, we cannot simply let users surf any and all sites without some degree of control and protection.

Web monitoring can be a critical part of your defensive strategy, preventing violations of policy, protecting against malware, and conserving bandwidth.

Web monitoring software is normally installed on a server at your border, or on an existing proxy server such as Microsoft’s Forefront TMG 2010. It protects your users in several ways, including assessing your users’ Internet access, and permitting or denying access to websites based on whitelists, blacklists, or categories. It can work with URL lists that are constantly updated and categorized to block access to sites deemed inappropriate by company policies. It also protects your users by scanning webpages for malicious scripts and downloads for malware, using multiple antivirus engines to scan downloaded content.

One of the biggest benefits to this approach is that the protection is in real-time, and can keep users out of harm’s way rather than simply logging that they did something wrong. Many times, users may click a link that they think is harmless, only to find out after the fact that it went somewhere they shouldn’t. Even safe sites might be compromised; scanning downloads helps to protect users from malware posted to hacked sites.

In some cases, logging individual access may prove to be necessary. Web monitoring software can be set up for logging all access to the web by any or all users. Logs can be reviewed to ensure compliance with policy or to investigate violations. Just be sure that your written policies cover this and that you have disclosed this activity to your users. Check with your HR and legal counsel to make sure everything is in accordance with company policy and legal requirements, and look for software that can anonymize data if you have users within Germany, Italy, or other jurisdictions with privacy laws that might impact logging of users’ activities.

Here are some other key features to look for in a web monitoring solution:

• Multiple antivirus engines to scan downloads for malware
• The ability to terminate and inspect SSL traffic
• A constantly updated URL database to help block categories that violate policy
• Agentless install options to simplify deployment
• Policies that can be enforced by user, group or ip.addr, and by time of day.

Web monitoring software provides several key protections for your users, and your network. Whether you use this to review website access, or simply to prevent users from straying into the more questionable areas of the web, are entirely up to you. You can perform a periodic review of web access if management deems it necessary, or simply choose to use an automated process to block access to those parts of the web that don’t comply with company policy, but in all cases, protecting your users protects your systems.

About the Author: Ed Fisher

Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like "The Transporter," but for data, and without the car; and with a little more hair.