Slashdot Mirror
Ask Slashdot: Low-Cost Tools To Track Employees' Web Use?
First time accepted submitter red-nz writes "I come from New Zealand where new anti-piracy laws have come into effect that prosecute the owner of the internet connection for copyright violations. This is now a major issue for businesses, as they of course don't want to be liable for employee infringements. We have some good firewalls that are capable of doing basic filtering by 'category,' e.g. P2P sites, etc., but ideally would love to find a low-cost or even better Open Source alternative to expensive reporting tools (such as WebMarshal or Websense) that is capable of reporting on individual employees' usage with friendly reports (i.e. dont just show the URLs of the 3000 items their browser requested that day). It may be too much to ask but if the software could also show how long they spent on each site, it would be fantastic. Anyone got any winners out there they can share?"
A simple encrypted proxy or VPN over port 80 to home.
Do not look at laser with remaining good eye.
You don't even have to plug them in - just point them at each desk and make sure they have a little blinking red LED. Remind everyone in cubicleland to welcome their security-cam-wielding pointy-haired overlords.
Use squid and a squid log analyzer.
Since when did Ask Slashdot become a Google proxy? Sheesh.
Trolling is a art,
Block everything except port 80 and 443.
If anyone needs any other port, demand a written request.
Love many, trust a few, do harm to none.
I would install a proxy server. I used for many years wingate from QBIK (an austarlian company) and was very happy with the options and logging they offered: http://www.wingate.com/qbik/index.php
Anyone who requires internet access gets a wireless broadband card in their name that they can expense. Now they are the owner of the connection and you are off the hook.
IANAL especially not in New Zealand
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
just talk to the top ten users, if they have no explicit reason for consuming so much data. If they cant explain it, search their computer, if they have done something wrong fire them and make sure everybody in the office knows why.
Business shouldn't do blacklisting. They should do whitelisting (everything is forbidden, you only allow specifics).
That is the only way to have a somewhat working control system (and even that is not perfect).
Block everything. Allow what needs to be allowed.
morcego
You should probably worry more about people using P2P protocols than just browsing the web. A web proxy is probably not the best tool to reduce your business's risk in that situation. I would wager that there is a substantially higher risk of being "caught" using P2P software to share copyrighted content, than browsing websites that have content for download.
Regardless, if there is a substantial financial risk to the business from copyright violations, it should be easy to justify spending money on something. Barracuda has a decent web filter - but again, they may not be what you need.
Every time you post an article on Slashdot, I kill a server. Think of the servers!
Check out the zScaler proxy. Lots of good benefits, including what you need. I use it for all my employees and love it, especially the reporting and fine-grained control.
A year spent in artificial intelligence is enough to make one believe in God.
So in New Zealand if somebody steals my car and uses it to rob a bank I will be arrested for robbing a bank?
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
If the employer also becomes a private ISP, and every employee is charged 1NZD per month for internet access at their workstation (taken straight from the paycheck, after everybody gets a 12NZD/year raise), then they own and are liable for the internet connection at their desk, not the company.
ntop (http://www.ntop.org) should be able to do more or less what you want, but you might have to tweak a few things. However, it would also help you get a better handle on all your network usage in general, so I'd look into it anyway if I were in your situation.
You should be asking about low cost politicians.
Seven puppies were harmed during the making of this post.
Squid works well as a transparent proxy, when used in conjunction with a log parser, might be just what you're looking for.
lots of the tools and FW's are based on linux and open source
we use one called xangati. it's an appliance that track's the amount of everyone's data use. there are alerts that trigger if you use too much data in a specified time
I've used several URL tracking systems. None of them were entirely open source, but there are some available. The real costs come in with the URL database. These databases are complied and maintained by real people. There are some community driven databases that are free to use, Untangle has one, but they will not be as complete or consistent.
I honestly am unsure of pricing but I believe it's fairly inexpensive. We use Kerio Control and are migrating to the 3110 appliance.
http://www.kerio.com/control
It does all kind of neat reporting.
We also use Cymphonix traffic shaping devices that have insane detail on reporting but I believe they're very expensive.
http://cymphonix.com/
No sig for you. YOU GET NO SIG!
Business shouldn't do blacklisting. They should do whitelisting (everything is forbidden, you only allow specifics).
That presumes two things. 1) that the overhead of whitelisting is not prohibitive and 2) That your users have rather specific and unchanging needs. Speaking for our business, the overhead of whitelisting would be incredibly burdensome. We deal with many vendors and have to research topics all the time. There is no reasonable way to know in advance exactly which websites we will need to visit. Furthermore it requires a significant investment of time which could be better spend elsewhere.
The best alternative is to block specific problem websites (Facebook, Twitter, etc for example) and only allow access to those via a whitelist. Keep logs of network access in case further problems arise. If someone is found to be ignoring company policies you can warn them or fire them and make an example out of them. You can solve 99% of the problem with quite a lot less work.
I use a transparent Squid proxy. Traffic is redirected using IP Fiter on a FreeBSD system. I could use PF (or IPFW) however just not enough time in the day to "fix" something that just aint broke at the moment.
As other people have mentioned, Squid in Transparent Proxy mode, and a IPTables forwarding of all port 80 traffic to the Squid box will allow you to both speed up access, and optionally block/monitor the sites people are going to (and/or block ads, replace images, all that kind of fun stuff). Some simple reporting with Regular Expressions and perl/php/lua/python/[insert your chosen web development language here] will enable you to see who is accessing what, and how often.
Remember to track how much this tracking is costing you so that you have numbers to point to when you complain about it. You also need to sanitize the URLs for personal information since a lot of personal information gets passed through them. You could get sued, possibly face criminal charges, for gathering too much data.
All rites reversed 2010
DansGuardian with a proxy like squid should give you a basic websense-alike system - but even with all ports closed at the firewall except 80 and 443, bittorrent will likely still get through.
If you're truly worried about litigation, it seems like you could find a little money to deal with the issue. Take a look at Palo Alto Networks firewalls, especially the up and coming low-end model the PA-200.
I don't know what I'm doing for my job, and I would like you to do my research for me. Preferably your solution should be "open source", although I don't really know what that means, I just don't want to pay for it.
What's wrong with minimizing the financial impact of regulatory compliance?
More Twoson than Cupertino
Some people prefer Untangle, but I have found that for Business usage, Endian Firewall is way better. Lots more options and stuff to play with. http://www.endian.com/ will provide you with: Transparent HTTP/DNS/FTP/SMTP/SIP proxying, NTOP, IPSEC, OpenVPN, multiple zones for network security and way more.
I've set up several squid proxies for companies that claimed to want to keep track of employee's web surfing. The log files are pretty extensive and there are several 3rd party utilities out there that can provide reports that even managers can read. Most of the time. Going through the reports is a lot of work and usually the Achilles heel of this sort of project in my experience.
A couple of things...
1. Set your border router to accept connections from the Squid box and your Exchange (or email) servers only.
2. Check for MAC addresses mapping to the same IP address. (Most employees don't understand how to spoof a MAC address but lots of them can change their IP address.)
3. Fire the first person to be caught and make sure everyone in the company knows about it.
If you set a Policy that mandates firing and don't do it then word will get out. If you don't bother to check the reports then word will get out. None of the companies that paid me exorbitant sums of money to set this sort of thing up ever fired anyone and all of them stopped bothering to check the reports after a few weeks. I think mostly because the managers were the ones doing most of the abuse and, after all, we can't fire *them*!.
No one ever had to evacuate a city because the solar panels broke!
Is to get the law repealed.
If business owners are on the hook for the behavior of their employees, they should get together and get this law repealed. If enough do, it sounds like a slam-dunk to me. The reason why it hasn't already been done is that probably too many business owners don't know that they're on the hook.
--
BMO
As a previous poster suggested, about the only shoestring option that you have (and able to withstand legal scrutiny) is whitelisting. The downside is that it's a morale killer and you have to answer regularly to accusations of playing the morality police.
As you stand a chance of experiencing legal penalties, your leadership should belly up for a proper tool. My personal pick through my years of managing this function is Websense Web Security. It's not as expensive as you might think, especially for what it brings to the table. Their pricing fits nicely for nearly any size of organization. I currently manage a 5000 seat deployment, and I couldn't be happier with the job it does for me, or the minimal amount of care and feeding that the system requires.
-SS
How on earth could any software determine that? You may open a tab for a dozen sites . You can load a page of text, once, and spend an hour reading it with no further fetches. You could have a stock ticker/ weather stats/million other things running in a small window, gettign data every few seconds.
Basically, unless you look over their shoulder, you can't know how much of their attention was on a site for how long.
Classic mission creep: start with monitoring illegal downloads, end up checking on how the staff spend each minute at work, just because you can. Think how intrusive this is and how much it would be resented.
Set up your firewall to redirect all outgoing port 80, 8080, etc packets to the proxy (running squid), then use calamaris to analyze the logs (or roll your own analysis). Squid can also block urls based or regular expression matching.
The real "Libtards" are the Libertarians!
Sounds like your current solution - "category" based filtering at the border combined with a strong company policy - is already more than adequate to cover most potential liability to the company.
The rest of your question sounds like you're using this legislation as an excuse to implement some downright draconian and invasive "productivity enforcement" measures that have nothing to do with the stated problem.
Just pirate one of the commercial spyware tools.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Because the law states the owner is responsible, and laws don't care about right, wrong, justice or morality.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
http://www.untangle.com/ Is a great, free tool to help block, track, and limit web browsing activities. Based off of Debian I think.
Hire and continue to employ people you trust. If you don't trust them to be responsible with their internet usage, why are you paying them? The only thing web monitoring will do is let them know that you don't trust them, and give them permission to act in an untrustworthy manner.
or else!
I cannot imagine a bigger waste of HR, IT, or managements time to go chasing around data regarding their employees web usage.
If you hired intelligent, effective management you wouldn't need to go policing your employees after the fact.
Instead of asking; How can we find out which of our employees isn't working and then make them pay, how about finding out which of our employees is no longer being challenged or effective in their job and how can we help them.
You aren't their parents you're their employer, it's your job help them succeed, and if you cannot then refill the position.
Both of these have pretty colors that management will like.
Competition Good, Monopoly Bad.
Interestingly, you probably have to choose between two different liabilities. On one hand, that new law seems to mandate that you take proper actions to protect your network against illegal use. On the other hand, any broad surveillance of your employees is probably illegal regarding work laws, and if you engage in that, you might be liable for criminal activities (check in your own country, that differs wildly, but is not uncommon that even when using your equipments, your employees have a right to privacy). Choose your evil.
With Ultrasurf it is possible to bypass the proxy and the visits are not logged..
http://ultrasurf.us/
So then you'll have to start disalowing all the ultrasurf binaries in your policy..=
"I'm required to stop copyright violations, so how can I best spy on my employees' surfing habits and see how much time they spend on each website?"
First: You are not required to monitor what you employees download at all. Under NZ law it is not illegal to watch copyrighted material via direct download (youtube etc.) You only need to worry about p2p applications. These are easy to spot as they *upload* to lots of different ip addresses at the same time. If someone has 500 open ports and a Gigabit/second outgoing bandwidth, go talk to him!
Second: People tend to leave their browsers on all day with 10 different tabs open, so even if you could view the time spent on different sites, that info would be meaningless.
Third: Spying on your employees surfing habits can piss them off, and is likely not worth it, for the same reasons why people don't work better if you mount "security" cameras behind their backs.
..Squid?
http://www.squid-cache.org/
Squid setup as a transparent proxy is the way to go (squid-cache.org). It also has lots of good log parsing addons like SARG (sarg.sourceforge.net/sarg.php) that can give you detailed usage statistics. For non-http usage information you can add SNORT (snort.org) to the mix with a log parsing addon like ACID (www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html).
-=You might be a geek if your computer is worth more than your car=-
Because schools of thought like this exist http://en.wikipedia.org/wiki/Attractive_nuisance_doctrine
Good-bye
How does this work in Hotels, Motels, B&Bs? The ones that offer internet access. Or are we going to find that visiting NZ means going offline for the trip?
I've been to NZ, so I know that internet access at such locations is patchy at best, but it could get a lot worse.
RogerWilco the Adventurous Janitor
be google
DNA is the ultimate spaghetti code.
Limit the bandwith of your employees. There is no need for a huge bandwith if they are only viewing text sites, but downloading stuff becomes impossible.
The winning move would have been to fight tooth and nail to prevent this idiotic legislation from being passed in the first place. I mean really, it says what? "Let's punish whoever we can get our hands on, for someone else's crime."
Although I am from the US, I tend to agree with many of the criticisms saying that we are responsible as a group for our own loss of freedom. People didn't speak up when they should have. Now they suffer. That's the way it works.
There's no 100% safe method to provide an internet connection for employees and prevent abuse. So if these ridiculous laws persist, you will need to transfer ownership of each employee's internet connection to said employee. Ask your lawyers how to accomplish that ...
"I love my job, but I hate talking to people like you" (Freddie Mercury)
Seems to me that asking this question here is like going on a vegetarian's blog and asking whats the best cheap knife to butcher a cow with...
Find out what requirements you need to follow so that you won't be held liable for what an employee downloads on your connection.
IANAL, but I would assume that you won't be held liable if some rogue employee hacks to bypass your security measures to prevent p2p downloads. There will likely be certain requirements that must be met before you are held liable for what an employee does.
"Next time you purchase an election, make sure you don't elect morons who slap stupid laws up without thinking about their undesired consequences."
--OR--
"This is what you wanted, so this is what you're getting. You wanted business-friendly government, and now you have it. PAY UP."
I wouldn't offer them a cheap solution at all. In fact, I'd offer them the most expensive solution you can find.
One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
Here is what I found in researching a solution for a community college. Most are way out of range on the price scale, but some are quite attractive. Companies and Products to provide solutions for "employee monitoring" Spector CNE - $130 per seat Interguard SONAR - $45000 IMonitor EAM Pro - $6500 for 500 PCs (20% discount for edu) Work Examniner Standard - around $25 per seat OS Monitor (Asia) 200 users $900 Basic Version $1800 full version OfficeShield - $20 per seat at 100 Pearl Echo Suite - $?? Microsoft Gold Partner NetVizor - 100 seats $1355 / 250 seats $2545
I object to power without constructive purpose. --Spock
What would cost more, censorware acceptable to the government, or a small server hosted in the Philippines?
Hire somebody to infiltrate the lobbyists for those laws offices. Have them download your company's stuff which you do not license to them and report it. Do the same for any politician that voted this law into office.
Custom electronics and digital signage for your business: www.evcircuits.com
Untangle is probably what you want
www.untangle.com
I know I know where do i get off actually answering the questions asked.
While this won't track URL's, we use Argus for tracking bandwidth/host usage.
It's got a nice client interface to insert data into MySQL, damn near real-time, I can pull accurate reports within 30 seconds. Unfortunately the MySQL feature is kinda new & there's no really good web interfaces.
Not really an out of the box solution either, but it's free & if you're familiar with MySQL and web development, you can make a nice reporting interface fairly easily. I whipped one up with jQuery and flot for charting over a weekend, and tied it into our inventory database. It'll show network utilization grouped by the local source, with a count for bytes sent/recv for each remote host. But it's layer 2-4 only, so no URL's are reported.
One of these days I might release my web interface for Argus, but the code needs cleanup and commenting so eh...I wouldn't expect it any time soon.
http://www.qosient.com/argus/
Is to get the law repealed.
If business owners are on the hook for the behavior of their employees, they should get together and get this law repealed. If enough do, it sounds like a slam-dunk to me. The reason why it hasn't already been done is that probably too many business owners don't know that they're on the hook.
That's certainly how it would be resolved in the U.S.A.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
I use a combination of ZeroShell for routing, and Untangle for monitoring and filtering.
Untangle comes with modules, about half of which are free and open source, and the other half commercial. :/ (This is easy enough to block, ironically using Untangle itself, to filter its two ad URLs... But the point still remains)
This past year things have been going a bit downhill for the free version, namely two critical modules were made paid-only, and a webfilter-lite made to replace it.
They also now stick ads on your adblocker pages if you don't have at least one paid module
Most of the Untangle paid modules are more for a corporate setting, while the home usage options were free. The main downside I see to the paid modules are they are all monthly/yearly costs. Not a single "Pay for it and forget about it" option.
That said, I dropped all the paid modules and am running the free version both at home and work.
At home it's nice for the http/email stream virus scanning, which it sends RST packets if it detects anything to keep the infection from even reaching the PCs.
At work we use it for filtering, unfortunately for a similar reason.
It also has some nice reports too, and a separate interface so you can grant managers access to the reports but not the controls/settings.
You can run it as a router or as a transparent bridge in case you can't make changes to your network setup. Just pop it between the edge router and your switch.
I hate having to filter like this personally, but it's being demanded from the top, and not exactly the battle I want to give up my job over, so there it is.
No computer in a place I worked can VPN or tunnel by any known means in or out, except for two designated terminal servers, which can't initiate sessions, and which users can't access from the inside. Remote shell sessions, blocked. SSH, blocked. Even telnet, IM, chat, POP and IMAP are blocked. Pretty much the only thing possible is straight web surffing, and a lot of sites and content types (like video) are blocked. And it's not all just by port but by traffic and content analysis.
Yes, it's all obscenely expensive, IDS (with signature subscriptions), routers, firewalls and several other servers with expensive software involved just for that. The only thing cheap was GPO to block things like installing software or any ActiveX components.
It makes me wonder how big the IT industry lobby was in getting this law passed.
If someone has named an employee as selling your trade secrets that's a legitimate reason to spy on that employee. But it's not legitimate to spy on everyone because you have a bad apple in the bunch.
If your boss gets a hair brained idea like that you should first attempt to talk them off the ledge, and if that fails hand in your resignation. You don't want that on your conscience for the rest of your life and a company with that kind of oppressive corporate culture is not likely be a good place to work in the short run or to succeed in the long run.
What she really needs to do is talk to her insurance agent and get coverage that protects the company when it gets sued. She should also hire a lawyer to sit with you and someone from operations and come up with an employee handbook that burdens the company's business with as few addition costs as possible while still allowing the company to fire employees that cause more trouble than they are worth. Once a decent cost estimate for all this is available she needs to adjust her prices 5%-20% to account for the new costs imposed by the law, other business in the same sector will be under the same pressure as well. She should make sure that she lists the reason for the price increases in the announcement.
She should also join some kind of business lobbying coalition. Many countries have "Chamber of Commerce" type lobbying groups which will give your Senators and Representatives and their families free vacations to Bali and the like if they "play ball". This should make sure the really dumb laws mostly just hurt poor people.
I'm sure you could do something interesting with www.untangle.com. With the webfiltering options... It's kind of designed for this stuff...
The OP is asking for information on employees that has little to do with stopping copyright violations.
Also, a simple Google search would turn up plenty of commercial content filters out that will do what exactly what he asks.
Just use OpenDNS and put blocks on all related categories. Done.
Or, you could just force group policy via active directory to not allow removal of browsing history, though this won't stop other browsers (assuming you let them install anything) nor P2P programs (which OpenDNS can't stop once installed, but can stop from downloading).
Of course, if you have wifi, good luck, cause you'll need router level logging or an appliance.
I personally think you should just hire an extra person per employee to stand behind them as they work. Though, I'm not sure even that would satisfy the draconian New Zealand government.
I8-D
We have some good firewalls that are capable of doing basic filtering by 'category,' e.g. P2P sites,
Sounds like he's using one of those awful fucking hellspawned Watchguard boxes. The P2P filter blocks harmless P2P news sites and forums while allowing torrents and other P2P programs to operate unhindered. Block "Downloads" for extra fun, then your employees won't be able to browse public domain clip art sites and your IT guys won't be able to access Sourceforge.
"When information is power, privacy is freedom" - Jah-Wren Ryel
are you running there ? .. There are very few positions in most businesses where Internet access is required to perform your job.. This is why I have always thought that web based apps and cloud computing are going to cause more problems than it solves.. Now you have to play babysitter. If you can't trust employees to do the right thing with access it's best that they not have it at all.
waiting for ad.doubleclick.net
When your browser opens a connection to a web site, it creates a client-side socket and makes the request over that connection. The web server services that request, sends a reply, and then can opt to close the connection or wait for more data from the client (persisten connection). Not all web sites (services) use persistent connections and not all operating systems/web browsers keep the client side socket open for "more data".
Think of it this way: It's not like making a phone phone call where both ends are established and a magic counter begins runing. The technology was never engineered to do that. It's more like tying a message to brick and throwing it over a wall and then waiting for another brick to come back with a replay attached. You really have no method to tell for sure if the website you were connecting to actually threw the brick back. You have no method to tell if the attached reply wasn't intercepted on it's way over the wall.
The best you can hope for is a timestamp from your border gateway showing the egress connection. You can extrapolate how long a person _may_ have been on a site by looking at the duration their machine was opening connections to it.
Join the Slashcott! Feb 10 thru Feb 17!
its free until you need anything remotely functional and usefull
If you have all users in the same location, you could use Blue Coat Enterprise Reporter. If you have mobile users, you could use the Blue Coat ThreatPulse service which is a SaaS solution.
If New Zealand is dumb enough to pass such an asinine law then you need to get another job. It seems like governments are getting dumber and dumber. What a bunch of a-holes. Looks like the content industry has made some big donations to your elected representatives.
IDK about you guys but I'd be insulted if someone wanted to track my web usage. Nowhere I've ever worked (Yahoo!, Raptr, etc.) has monitored or restricted our Internet access, and I'd simply not tolerate it if they tried. Are most geeks here similar or is tracking seen as acceptable?
Most people think of it as something to monitor outside traffic coming in, but it can also be used to monitor inside traffic going out.
Seriously, the place was locked down tight. I had to get a rule change in a firewall approved through channels just to get two internal servers to talk to each other.
to be honest, the best possible outcome, is that every business in AU and NZ does nothing, and when they all get sued/charged, then the courts and the legislature will deal with their own mess, instead of passing it on to you, like they tried to do with this law.
The 3-strikes law covers P2P traffic only. Adding web traffic reporting isn't going to do anything to help you.
Now if you are being asked to do web traffic reporting then sit down with management and work out what they want, why and who is going to be responsible for reviewing traffic (hint - this should be HR not IT). Doing this should give you enough information to justify some expenditure, even if it is just a new server/VM for Squid.
http://sourceforge.net/projects/ttracker/
Basically, it does nothing but track the titlebars of every window that's open, and which one is in focus at any given time. And since every browser lists the URL in the title bar, it works like magic.
And it writes everything to a simple CSV file, so you can analyze it any way you choose. But it also has some nifty reporting screens, if you really care.
If you're only interested in web access, there's something else that you can do. Look into ".pac" files on windows. Basically, think a javascript file that gets run every time any URL is accessed by anything in all of windows. As in "return null" will make everything die, and "return slashdot.org" will make every URL return the slashdot homepage. You can easily write a five-line jscript file to log everything to a file through the FSO.
Seriously, if you have to ask this question, you are not ready for the real life fact of what it will cost you from a time and support perspective. I, along with another engineer, manage web filtering for a company of ~1200 employees. Though we have many duties in our roles, we both spend significant amounts of time ongoing on web filtering activities from exceptions to the reports on user behavior (and this is using high-end web filtering gear like BlueCoat and Palo Alto). It is simply not worth your time to use technology to replace what your management should be doing. Knowing of this new anti-piracy rule, you should use this as an opportunity to discuss the situation with all of your team-leads/supervisors/managers and make them aware. Have them make their teams aware. Let them know that there are two outcomes -- extremely restrictive web filtering or an honesty system. I think with appropriate communication you'll find the honesty system works quite well.
Amusingly enough, the new law has one ironic effect. Before, infringement notices to ISPs generally got passed on to the offending user with a don't-be-bad note. The new law has a provision that the ISP has the right to charge for the time this takes them to research. In most cases this now means the ISP, upon receiving the infringement notice, turns around and invoices the complainant $25 before going any further (and as the complainants are usually mostly automated scripts, it mostly seems to end there). Ironically enough, at least in the short term, it probably means *less* punters getting infringement notices, and more costs to the "rights holders" for pursuing the process. In some ways a bit of a phyrric victory.
Yes, I think this could well be a pyrrhic victory for the copyright trolls and extortion racketeers. Far from being a bad law this could well turn out to be a rather good one, whether intentional or not. Anything that costs these creeps money will discourage them from 'blanket bombing' everyone on the internet with threatening legal letters. Anyone with a genuine complaint will not fear a small charge for proceeding with it.
And as far as the OP goes I would suggest hiring good people, then trusting them. A competent manager should easily be able to spot folk stepping out of line and they can be dealt with individually as necessary. It is BAD policy, period, to show your staff you don't trust them. As I understand it only P2P comes under this NZ legislation so presumably a capable admin should be able to block the necessaries without any interference in people's work or freedoms, thus showing the authorities that they have taken all reasonable precautions. All these 'blanket' regulations ever do is penalise the innocent so they get really pissed off and their work suffers, and cause just enough inconvenience to the guilty that they spend even less of their time working for you. They are an appalling way to run a business, or a country.
The Snare/Epilog open source agents will get you part of the way there; they'll handle the log forwarding side for you. They're coded over the ditch in Oz.
Kiwi syslog might be another step in the process; locally made and supported in NZ; it'll manage the collection side of things, but not the analysis.
From there... sorry - I only have commercial stuff to suggest for the analysis side, so I'll let others bring up some options.
[Disclaimer: I'm a snare developer, so take comments in that context]
It occurs to me that 'copyright spammer' is maybe a better description of these people than 'troll', as their business model is identical to that of those pond-life - send threatening letter to everyone on the planet with a computer, on the calculated basis that enough of them will be sufficiently frightened to pay up without question for the spammer to profit. I suspect a charge of $25 a pop for sending spam emails would slow that business down a bit! Any way of making that work, anyone?
Some people say it's over rated, but give it a try. It's also open source! Careful though because it can make you think about things.
Run everyone through a proxy. At the end of every week, print out the name of every user and every site they have visited. Display the printout in the lunch room.
Benefits:
1) Accountability. Nobody's going to visit LesbianMidgetAmputeeFisting.com if they know everyone in the office will know about it.
2) Information Sharing: People will learn of other (hopefully work related) sites and tools, and will know with whom to discuss them.
3) Reduced bandwidth. Nobody wants to be accused of wasting time at work, so people will naturally reduce their casual web browsing.
Total cost of implementation: A few reams of paper and a few minutes a week.
We tried this in an office of 50 people who were fed up with a content filtering firewall that thwarted legitimate work. First week's results were a little off-colour (we kinda forgot to remind people we were doing it) but subsequently almost every bit of web browsing was work-related, relevant and minimal. Facebook use at work all but vanished. However, staff didn't feel they were being treated like children by a machine controlling where they surfed.
Do you or your partner snore? - Visit www.snoring.com.au
I've got an idea: Since the sum total of ideas expressed on Slashdot comments have probably already been expressed elsewhere, and are available on Google, it's probably superfluous to post comments on Slashdot.
Also, since all of the articles posted on Slashdot are (obviously) available elsewhere on the Web, and hence, also via Google, it would make sense to also not post articles on /., being redundant.
In fact, to the logical geek mind, the thing that would make the most sense is for slashdot.org to simply be turned into a DNS redirect for google.com.
Why didn't anyone think of that before? In fact, I think CmdrTaco did indeed realize that the very existence of Slashdot is futile in the face of Google, and voluntary stepped down for that reason.
I'm not a lawyer, but I play one on the Internet. Blog
Testra spread their evil to NZ as well by buying up things over there. The last time I dealt with their spawn over there it was a two month process to change a single MX record in DNS so that a client could reliably get their email. That's two months in almost the same timezone with multiple communications per day!
Shameless plug: why not record their sessions? use https://sourceforge.net/projects/rautor triggered on application use.
It's called "group with other similarly affected people, and work for revoking that stupid law".
We're just investigating untangle here as well. So far it seems to be working ok, although for IP address > username mapping, you have to get each user to run a little login script. (we haven't bothered, if someone is using loads of bandwidth we'll just track down the computer.
I have written a few great scripts that can and will track what an employee is doing. Or a great one that tracks what Window is open on their screen and for how long, so that way you can tell if they are working and if so how long they are spending on work vs. personal web surfing. --also you can buy signal jammers on the cheap to block cell phone usage in your office, good tool to keep them on their PC and their hands off their cell phones. I just caught our CEO playing a game on his cell though.. so cant stop that, but at least they cant get out to the net. Scripts can also be set up to Kill (close) webpages that open on an end users PC.. so say you want to stop a person from going to a site that Websence thinks is okay, like www.bing.com you can make it so when they go to that site it just automaticly closes the browser. -my scripts are open source.. free for all... but updates to them cost $10 per update.
I hope this software could help it is a screen monitoring software that monitor which application, document, or websites is actively being used and for how long does a person spend time on that particular website. It is a good monitoring software also it is not intrusive that can invade employee privacy. This software also could help employee to stay focus and motivated in the long run at work. http://www.timedoctor.com/blog/2011/04/14/compare-screen-monitoring-software