Threaded Mode | Linear Mode

StalnakerZ · 03-25-2013, 12:07 PM

There are almost as many solutions to this problem as there are web sites the employees can visit. First you have to decide how you want to approach the problem. Easiest would probably be to just to edit their user permission to NOT allow them to delete browsing history or to send their browsing history to a central server.

If you want to approach from a stance of only allowing a few designated sites and I mean very few, then you can disable external DNS and put entries in the computer's host file (or your internal DNS) with the acceptable web sites, this would be a quick fix while searching for a more robust solution.

You can also approach from a network perspective - get the IP addresses for acceptable web sites and route all other external IP addresses to NULL in your outward facing router (even some DSL or wireless modems/routers have this function).

Then there is the monitor and correct approach. This means you purchase software that monitors all outgoing web traffic and creates periodic reports showing where people are visiting. You start by sending the report for that one user to them along with a copy of your HR policy stating that the computer is to be used for business purposes ONLY. This typically scares most users to know they're being watched. Make sure your HR Policy states the ramifications for continued unauthorized access to the sites and continue sending out the reports and following up with the users (verbal warning, written warnings, etc...)

Another is the terminal server solution. You allow the local PC's to only access a terminal server for outbound access. With the terminal server, you can easily control everyone's access at one time and with some packages, you can view the user's desktop while they are logged in.

And last is the "remote support" option. with this option, you install a product that allows an administrator to gain access to the user's desktop for remote control. Most of these products allow an install option to connect without logged on user's permission if you have administrative privileges on the box. in this case, you modify your HR policy to state that monitoring is occuring and any desktop can and will be monitored at any time. You log onto the users desktop and watch for a while. If they go to an unauthorized site, you take control of the PC, open notepad and tell them to come to your office. With this option, for legal purposes, you MUST be careful to apply the monitoring in the same manner for all employees and ensure you have written proof of this. But this option gets very quick results and after the first person visits your office, everyone will know you're watching and they can be pulled in at any time. If you make it the responsibility of managers and team leads to monitor their subordinates, you ensure it's being done even in your absence.

HasJ · 03-25-2013, 12:07 PM

Websense, without a doubt. Although the Barracuda firewalls are good too.