Firewalls: Re: monitoring user's web usage

Firewalls
(June 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: monitoring user's web usage
From:	Andy Dent <ADent @ sni . co . uk>
Date:	Fri, 16 Jun 95 10:40:00 UTC
To:	"ddk @ beta . lanl . gov" <ddk @ beta . lanl . gov>, firewalls <firewalls @ GreatCircle . COM>
Encoding:	54 TEXT


 ----------------------------------------------------------------------------  
 --
> We currently use the Cern httpd as a proxy server for our users
> to connect to the Internet.  It is possible that our management
> will be requesting that we monitor the logs for activity that is
> not work related.  These reports would/may then be used to correct
> the user's work ethics.

As others have commented - it is impractical to try and define a definative 
list of 'acceptable sites' for your users. The key to success in todays fast 
moving business environment is the innovation and inventiveness of 
individuals. It is impossible (and insulting?!) for your management to 
believe that they know which sites are best.

We had a similar problem here on how to control legitimate usage - mainly 
because we were worried about our server becoming a repository for games and 
soft porn. In the end we opted for the 'self police' approach.

 Our WWW server is behind a firewall and access to the internet is through 
proxy support on the server. We installed the wusage statistics software and 
set it up to monitor proxy usage.  One of the features of wusage is to give 
a top 10 list of sites visited by URL and a top 10 list of users. We 
modified this to give a top 100.

As soon as we started to publish these statistics on our home page - the 
visits to places like www.playboy.com dropped significantly.

Users saw the tables of sites visited - saw the tables of most frequent 
users - and 'just assumed' that - if we could produce stats like these - we 
had enough information to tie in which users were visiting which sites.

It's true - we probably do - but is it really worth the time taken to 
collate it?

Interestingly - visits to legitimate sites increased as users became 
familiar with the URL's published in the top 100 list and talked to the most 
frequent users.

As far as I am concerned - self-regulation by information is far better than 
regulation by enforcement.

Andy Dent
Senior Product Support Specialist
Siemens Nixdorf Information Systems Ltd
Siemens House
Oldbury
Bracknell, ENGLAND
RG12 4FZ
Email: adent @
 sni .
 co .
 uk

My opinions are my own and not representative of SNI in any way.

Follow-Ups:

AUP and monitoring via firewalls (was Re: monitoring user's web usage
From: jet @ abulafia . genmagic . com (J. Eric Townsend)

Indexed By Date	Previous:	RE: Selective Filtering From: jah @ alien . bt . co . uk
Indexed By Date	Next:	AUP and monitoring via firewalls (was Re: monitoring user's web usage From: jet @ abulafia . genmagic . com (J. Eric Townsend)
Indexed By Thread	Previous:	Re: monitoring user's web usage From: Matthew J Brown <mjb @ sophos . com>
Indexed By Thread	Next:	AUP and monitoring via firewalls (was Re: monitoring user's web usage From: jet @ abulafia . genmagic . com (J. Eric Townsend)