Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Low-Cost Tools To Track Employees' Web Use?

Posted by timothy on from the possibly-hostile-answers-expected dept.

First time accepted submitter red-nz writes "I come from New Zealand where new anti-piracy laws have come into effect that prosecute the owner of the internet connection for copyright violations. This is now a major issue for businesses, as they of course don't want to be liable for employee infringements. We have some good firewalls that are capable of doing basic filtering by 'category,' e.g. P2P sites, etc., but ideally would love to find a low-cost or even better Open Source alternative to expensive reporting tools (such as WebMarshal or Websense) that is capable of reporting on individual employees' usage with friendly reports (i.e. dont just show the URLs of the 3000 items their browser requested that day). It may be too much to ask but if the software could also show how long they spent on each site, it would be fantastic. Anyone got any winners out there they can share?"

14 of 384 comments (clear)

  1. and it's thwarted with...... by Lumpy · · Score: 4, Insightful

    A simple encrypted proxy or VPN over port 80 to home.

    --
    Do not look at laser with remaining good eye.
    1. Re:and it's thwarted with...... by said213 · · Score: 3, Insightful

      "which is usually substantially more than they have at home."

      I realize that this is not the case for everyone, but my home cable connection is at least one degree of magnitude greater than the bandwidth available at my place of employ. The reason someone torrents from work is because they can do it while hiding behind someone else's liability.

      --
      help me fix this "Terrible" karma, please!
    2. Re:and it's thwarted with...... by Anonymous Coward · · Score: 1, Insightful

      Would it be though? The law states the owner of the Internet connection. Not where it appears to be coming from. Presumably that still remains with the business.

    3. Re:and it's thwarted with...... by Anonymous Coward · · Score: 4, Insightful

      uh, the "reason" someone torrents from work is because they are at work.
      if they were at home, they'd torrent there.

      maybe they'll lose their job and have lots of time to download stuff at home, but i'm sure they're not thinking "this is great i have so much more bandwidth here" nor are they thinking "this is great now no one will know who i really am because i'm hiding behind a corporate network"

      they're thinking "damn i hate my job, i'm so bored, i'll download some stuff to pass the time"

    4. Re:and it's thwarted with...... by Anthony+Mouse · · Score: 3, Insightful

      Any ISP logs, etc. regarding the content accessed would show it to be accessed from the home's internet connection -- not the business's.

      If that's the case then it sounds like the solution to the problem: Have the business pay for some rack space in a country with less-draconian laws, then put the entire business behind a VPN that appears from the internet to come from the IP in the country with sensible laws.

    5. Re:and it's thwarted with...... by Anthony+Mouse · · Score: 3, Insightful

      Actually, using a whitelist proxy and firewall rules (deny all, allow email server, proxy server) you can prevent every possible way of infringing.

      No it isn't.

      Strip all email attachments except pdf and office docs.

      See, you've already lost. The pirate sends an email to his pirate friend, who sends back pirated which is either in text format natively or base64 encoded and pasted into a word document. And the size limits don't save you, because there is plenty of pirated material smaller than the size limit and equally as much legitimate material over it.

      I mean sure, you can lock down a computer enough that users can't pirate anything. Just disconnect it from the network -- or the electrical outlet. The problem is that you can't do it simultaneously with users being able to do their jobs.

  2. ntop by bsDaemon · · Score: 4, Insightful

    ntop (http://www.ntop.org) should be able to do more or less what you want, but you might have to tweak a few things. However, it would also help you get a better handle on all your network usage in general, so I'd look into it anyway if I were in your situation.

  3. Wrong business plan by Dunbal · · Score: 3, Insightful

    You should be asking about low cost politicians.

    --
    Seven puppies were harmed during the making of this post.
  4. Re:Wrong approach by ShakaUVM · · Score: 3, Insightful

    >>Block everything. Allow what needs to be allowed.

    And then you'll have to hire 10 more IT guys just to deal with all the legitimate requests for unblocking that will come pouring in.

    I used to work at a place like that. It eventually was just easier for them to give me the password to unblock sites myself, rather than pester them about it.

  5. Re:Change the employee agreement by MyLongNickName · · Score: 4, Insightful

    I am glad that you are a practicing lawyer in New Zealand and have educated us on this wonderful workaround. Could you please give us the contact information for your legal practice just in case someone in law enforcement questions the validity of your fine resolution to this problem? Because clearly your method trumps the employer-employee agency laws.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  6. Slippery slope by Sqr(twg) · · Score: 4, Insightful

    "I'm required to stop copyright violations, so how can I best spy on my employees' surfing habits and see how much time they spend on each website?"

    First: You are not required to monitor what you employees download at all. Under NZ law it is not illegal to watch copyrighted material via direct download (youtube etc.) You only need to worry about p2p applications. These are easy to spot as they *upload* to lots of different ip addresses at the same time. If someone has 500 open ports and a Gigabit/second outgoing bandwidth, go talk to him!

    Second: People tend to leave their browsers on all day with 10 different tabs open, so even if you could view the time spent on different sites, that info would be meaningless.

    Third: Spying on your employees surfing habits can piss them off, and is likely not worth it, for the same reasons why people don't work better if you mount "security" cameras behind their backs.

  7. Re:Wrong approach by andymadigan · · Score: 4, Insightful

    I'm a Software Engineer. A peripheral part of my job involves dealing with Oracle. If I run in to a problem, I google the error message (or google what I am trying to do). I typically find the answer on some random blog or forum (no, the answer isn't always on ask tom). Are you going to claim those sites aren't "required" and therefore I don't need access to them? Otherwise, your whitelist is going to be pretty long...

    --
    The right to protest the State is more sacred than the State.
  8. Morals by WorldPiece · · Score: 4, Insightful

    Seems to me that asking this question here is like going on a vegetarian's blog and asking whats the best cheap knife to butcher a cow with...

  9. Re:Wrong approach by pbhj · · Score: 3, Insightful

    >>Block everything. Allow what needs to be allowed.
    >And then you'll have to hire 10 more IT guys just to deal with all the legitimate requests

    You could have a click through that puts a persons name to the unblocking - so instead of hiring anyone you have the user self-certify that the page is work related and doesn't compromise any work usage policies. Internally publish the list of domains and who certified them.