June 25th, 2009, 12:09 PM
Would I be correct in thinking that the above means that you are looking for an application that runs on the clients, and that the users have local administrator rights?
I dont want the users to know its on or be able to uninstall it...
Sure, there is plenty of spyware out there that will do that to some extent or another, but you need to bear in mind that this is a business environment.
First question is "have they an official, documented, AUP that the users have signed up to?" Basically a game without rules has no need for a referee?
Perhaps you might consider an accountancy approach as a potentially effective and non-contentious approach?
I don't know what experience you have had in dealing with professional services and consultancy bodies, but when you get a bill it will normally contain an item for "miscellaneous" or "incidental" expenses.
This is to cover postage, fax, telephone, e-mail and all that sort of thing.
There are a variety of software applications that will do this sort of thing automatically, by monitoring the communications channels. This can be either client or server side.
There are other variants that just monitor the usage to allocate overheads expense to the various cost centres within an organisation.
Now, as any accountant will tell you, the total bill for a period must be reconcilable to the sum of the individual allocations, or the accounts won't balance...............
Obviously this is NOT "spying"; it is simply "responsible financial business management".
By the same token, anyone who tampers with the financial management applications of an organisation can expect to be dismissed and potentially face fraud charges.................
Whilst running rings round the system administrator might be considered fair game in some quarters; taking the p1$$ out of the CFO certainly is not
There are a lot of good selling points to senior management as well:
1. Tighter control of expenditure overheads.
2. More competitive quoting.
3. More accurate billing.
4. Better profitability accounting by project/customer.............
Actually that is the last thing that you want..............only administrators think realtime............... accountants and senior management think financial periods............so the admin wasn't to blame?
i need something realtime
June 25th, 2009, 12:23 PM
Netflow can be turned on on a switch (I know most managed cisco switches support it), users will not be able to turn it off or even be aware it's running.
If you don't have any cisco equipment (or some other vendor that doesn't support netflow) a linux or bsd in bridge mode and softflow will also gather all the netflow info.
Experience is something you don't get until just after you need it.
June 25th, 2009, 10:05 PM
For these types of tasks I like to bust out tshark and bash or throw together a ruby script using the pcap libraries.
Check this out:
Monitoring network traffic with Ruby and Pcap
June 26th, 2009, 10:57 AM
You can do your own filters using the libpcap library (if you are on linux). A couple of regular expressions and that's it. If you just need to see connexion/downloads, you can use something like iptraf on the router.
By Ignatius in forum Network Security Discussions
Last Post: October 31st, 2007, 11:22 AM
By Irongeek in forum The Security Tutorials Forum
Last Post: June 8th, 2007, 03:59 PM
By psaux in forum Network Security Discussions
Last Post: May 23rd, 2007, 08:36 PM
By sommersby in forum Newbie Security Questions
Last Post: August 13th, 2006, 11:49 AM
By mmkhan in forum Security News
Last Post: June 13th, 2006, 02:01 PM