Discussion on:
Unobtrusive employee monitoring
View:
Show:
We use an internal software program called TaskIt that tracks the hours spent on projects and specific deliverables (We also market it to the public www.schoollink.net/new_site/products.html)It is a great way to track how problems are resolved and how much time it took to resolve them. It allows multiple people to access a particular project and update and add their pieces to the project. It has great reporting features. It allows you to pull the time an employee spent on a project or how much time they spent on all projects for a week, a month etc... I run a department of IT staff that are required to keep the total time logged in to TaskIt as close to 40 hours as possible. It also is valuable to show the boss who is putting in extra hours and what not. I know this all sounds like a sales pitch but I'm not in sales, I'm just a satisfied user of TaskIt.
If you need a high-level overview of internet access, consider a reasonable firewall solution. I am familliar with Watchguard, and it's logging is perfect for this. Several times I have been able to identify downloads that defy company policy regarding employees installing unauthorized software. This doesn't allow me to see specific details of e-mail as an example, but it does provide usable info on what I CHOOSE to log.
HTH
HTH
In case IT hasnt been suggested in any previous post, Surf Control(or Equal) is exactly what you'll need! It'll tell you if the boys are lookin at porno or the gals are shopping. Complete with reporting tools with neat graphics listing the biggest abusers on down. If you dont use it to block any particular sites the users will not even know you're watching!!! PRINT OUT THE GRAPHICS...GET OUT THE PINK SLIPS.... AND CUT OFF SOME HEADS!!!!!!
We have SurfControl (www.surfcontrol.com), the program is installed on a server or a computer close to the internet gateway and nothing is installed at the user?s computer,
You can control who is allowed to go where or not to go where, it has a wide range of rules you can create. Also they have IM filter. You can also see live demo on the web.
Nassef
You can control who is allowed to go where or not to go where, it has a wide range of rules you can create. Also they have IM filter. You can also see live demo on the web.
Nassef
William, at the school district where I worked in the past we use Aristotle, not sure if you're familiar with it. It's a very good tool for monitoring what your users are doing on the network. I understand you didn't want details but you can get some pretty deep ones if you want to (it drills down to the keystrokes), and also the interface is very easy to use and straigh forward. It runs on a Unix box and it's very stable, however it does a little piece of software that goes on the client machine but you don't have to touch each individual host, you can install if from one host by netbios or ip address (specify a range). The client is invisible to the user, you can see it only if you look at the processes running on the client computer (through task manager). http://www.sgtlabs.com/
Rossella
Rossella
I'm the Director of IT at a rural hospital and I understand your position. I'm not a fan of "snooping" on employees and being a one person department doesn't really give me the time to monitor logs BUT...
Here is what we do: We use Secure Computing Sentian software (N2H2) which integrates with your firewall - we use a Cisco PIX. Read about it here:
http://www.securecomputing.com/index.cfm?skey=1316
This software tracks all activity - and allows you to block sites, etc. just like Websense and others but I like what I read about this better. I performed 30 day trials on a couple of these packages and felt this worked best in our environment.
Anyway, let me continue...We chose to monitor employees for a different reason than 'false time reporting' or 'inappropriate billing.' We chose to monitor because about 9 months ago 'someone' downloaded 'something' which caused our network to come to a stand still - even with the latest version of Corporate SAV...
We found the ?culprit? and action was taken: We talked to this person, explained the situation and requested they common sense and caution next time. The result: no more incidents (the person is still employed and the incident is history).
While nobody in Administration has any desire to limit what an employee may do or where they may go on the internet (that isn't what this is about for us), we decided it important to be able to track where a potential 'virus' or 'worm' may have come from (who's PC). For this reason we chose to put unobtrusive monitoring in place (the users do not realize they are monitored because the authentication is transparent to them - they know we monitor because we informed them, they just don't see it).
If someone complains about their PC performance or popups, etc. I clean the PC and IF what is found warrants further investigation I consult N2H2 logs on a specific user to see their online habits. If their habits warrant disciplinary actions appropriate ones are taken (based on our employee policies/handbook). Since implementing this software I?ve been investigated (1) person and no action was taken. Monitoring can work both ways ? it can ?exonerate? as well as ?condemn? an employee.
I have no desire to be big brother and neither do our Administrators but I must protect the network and Patient data ? this is most critical because Patient data cannot be compromised.
I don?t really care if employees do online shopping, bill paying or whatever (heck, we all do it) as long as work gets done and nothing is ?unleashed? on the network.
The two most regulated industries, banking and healthcare, have an obligation to their customers to insure confidentiality and I plan to do whatever is necessary to make sure this happens in my facility. To wflanagan and his ?boss?, I say: Don?t abuse the software by ?spying? on employees, use it only when necessary for backup documentation when you already know someone needs disciplinary action.
Anyway, this is just my 2 cents and you can take it or leave as you see fit.
Here is what we do: We use Secure Computing Sentian software (N2H2) which integrates with your firewall - we use a Cisco PIX. Read about it here:
http://www.securecomputing.com/index.cfm?skey=1316
This software tracks all activity - and allows you to block sites, etc. just like Websense and others but I like what I read about this better. I performed 30 day trials on a couple of these packages and felt this worked best in our environment.
Anyway, let me continue...We chose to monitor employees for a different reason than 'false time reporting' or 'inappropriate billing.' We chose to monitor because about 9 months ago 'someone' downloaded 'something' which caused our network to come to a stand still - even with the latest version of Corporate SAV...
We found the ?culprit? and action was taken: We talked to this person, explained the situation and requested they common sense and caution next time. The result: no more incidents (the person is still employed and the incident is history).
While nobody in Administration has any desire to limit what an employee may do or where they may go on the internet (that isn't what this is about for us), we decided it important to be able to track where a potential 'virus' or 'worm' may have come from (who's PC). For this reason we chose to put unobtrusive monitoring in place (the users do not realize they are monitored because the authentication is transparent to them - they know we monitor because we informed them, they just don't see it).
If someone complains about their PC performance or popups, etc. I clean the PC and IF what is found warrants further investigation I consult N2H2 logs on a specific user to see their online habits. If their habits warrant disciplinary actions appropriate ones are taken (based on our employee policies/handbook). Since implementing this software I?ve been investigated (1) person and no action was taken. Monitoring can work both ways ? it can ?exonerate? as well as ?condemn? an employee.
I have no desire to be big brother and neither do our Administrators but I must protect the network and Patient data ? this is most critical because Patient data cannot be compromised.
I don?t really care if employees do online shopping, bill paying or whatever (heck, we all do it) as long as work gets done and nothing is ?unleashed? on the network.
The two most regulated industries, banking and healthcare, have an obligation to their customers to insure confidentiality and I plan to do whatever is necessary to make sure this happens in my facility. To wflanagan and his ?boss?, I say: Don?t abuse the software by ?spying? on employees, use it only when necessary for backup documentation when you already know someone needs disciplinary action.
Anyway, this is just my 2 cents and you can take it or leave as you see fit.
I also worked for a company which wanted this type of information. There is a combination you can use. One is a product like Websense or Web Inspector. It will monitor web activity and lenght of time using the web. As for overall traffic on your bandwidth, try a product called Packeteer. It is a condenser of data traffic, but it also is great for reporting and shaping your network traffic. You might be able to get your local vendor to hook it up for you to get reporting. Hope it helps.
We have an application that was developed for the intelligence community that we are now taking to the commercial market. It is 100% undetectable (former NSA developers reviewed), and it monitors all aspects including internet, email (corporate and web), IM, files, etc. and is developed to monitor thousands in an enterprise structure with little manpower required ie. one person manages thousands of users. It is also supports multiple languages. Contact me at 402-502-3220 if interested.
Every employee, you and the CEO included, needs to be aware that their activity can and may be monitored. They need to know what will be monitored, whether it's their Internet surfing, their logon and logoff times, their incoming and outgoing email. They also ought to be informed as to why these montioring actions are necessary, including for their own protection, to protect the corporate network, and deter DoS and other external threats.
That's just the way it is.
Simultaneously, the employees need to know that you or whoever does the monitoring will use the information gained by that monitoring only for clearly-stated specified reasons, whether that includes for time and billing or for corporate protection (no corporate espionage or slandering)
That's just the way it is.
Simultaneously, the employees need to know that you or whoever does the monitoring will use the information gained by that monitoring only for clearly-stated specified reasons, whether that includes for time and billing or for corporate protection (no corporate espionage or slandering)
on the part of management. I know all of my employees are working because I know exactly how long the tasks I assign should take. I measure productivity by their output. I don't need to check their email or web usage. A manager who needs those tools is probably not qualified to judge who is and isn't productive.
Version 6.0 allows you to...
1. Log individual website visits
2. Log file downloads
3. customize what is blocked
4. detail individual download and bandwidth used on a daily basis
5. customize who can get access to what
6. Log in and log out timings to firewall
I would advise you to inform via memo that you've implemented this service. Unless you have an IT policy that enforces such activity on your part, it is a breach of privacy although a day in court will be more of a pain-in-the-neck than result to anything else.
As again, don't quote me on that, har har!
1. Log individual website visits
2. Log file downloads
3. customize what is blocked
4. detail individual download and bandwidth used on a daily basis
5. customize who can get access to what
6. Log in and log out timings to firewall
I would advise you to inform via memo that you've implemented this service. Unless you have an IT policy that enforces such activity on your part, it is a breach of privacy although a day in court will be more of a pain-in-the-neck than result to anything else.
As again, don't quote me on that, har har!
If employees are using company equipment legal precedent supports that this is not spying nor invasion of privacy, however I would be sure you have a policy that outlines monitoring is approved and that employees have not come because of other corporeate culture, statements by executive, hr etc.. to expect privacy in their use of company equipment.
I also don't believe you can get much accurate information without something installed at the workstation level unless you are only looking for some very specific statistics such as use of the Web, the something like a Websense or other similar tool with that kind of reporting capability will work.
If you truly need to monitor to compliance there are very very few robust and adequate solutions to do that.
There is a product that is the best solution that I've seen in my 20 years in secuirty that meets this on a commercial basis without all the mystery and sneeking around. Doing monitoring should be done up front and not in some black magic/hidene way.
The ELEVATOR SPEECH that I would make is as follows:
Proof of control over your network sometimes means an organization must track employee?s personal computer usage. An unpleasant, undesirable and time consuming task with potentially negative repercussions for the company.. The proper solution can automate the process, helps protect employee?s privacy and their dignity while protecting the company assets. It can help meet compliance requirements for monitoring and auditing activity against Corporate data without the heavy administrative burden or any application modifications.
Contact me for more information on the solution if you are interested in knowing more: kmshaurette@buympc.com
I also don't believe you can get much accurate information without something installed at the workstation level unless you are only looking for some very specific statistics such as use of the Web, the something like a Websense or other similar tool with that kind of reporting capability will work.
If you truly need to monitor to compliance there are very very few robust and adequate solutions to do that.
There is a product that is the best solution that I've seen in my 20 years in secuirty that meets this on a commercial basis without all the mystery and sneeking around. Doing monitoring should be done up front and not in some black magic/hidene way.
The ELEVATOR SPEECH that I would make is as follows:
Proof of control over your network sometimes means an organization must track employee?s personal computer usage. An unpleasant, undesirable and time consuming task with potentially negative repercussions for the company.. The proper solution can automate the process, helps protect employee?s privacy and their dignity while protecting the company assets. It can help meet compliance requirements for monitoring and auditing activity against Corporate data without the heavy administrative burden or any application modifications.
Contact me for more information on the solution if you are interested in knowing more: kmshaurette@buympc.com
A simple vb script can report on logon and logoff success audits. This will tell you when people are coming and going anyway. If they're surfing the web the whole day, while they're there, that's another story.
I say trust no-one
I say trust no-one
visionGATEWAY with its INTERScepter solution provides a different approach that is more than monitoring, but provides full detail of all usage of all 65,000 plus ports by bandwidth, by port, by date, by time, by location, by ...., etc. Depends on the parameters you create. This can be looked at in summary form or drill down to lower level as and when required. If you wish to provide to end users the intranet application includes a "My account" information page that facilitates a "self-management" approach. This does not have to be used though.
For more information contact emersonmf@visiongateway.net
For more information contact emersonmf@visiongateway.net
Currently, I'm using SARG which generates an HTML report of SQUID server use. You may try it if you are using Linux as internet gateway. I don't know if there's a equivalent software under windows.
You may also try WEBANALYZER also under Linux.
I hope this could help you in anyway.
You may also try WEBANALYZER also under Linux.
I hope this could help you in anyway.
Check out Packeteer.com
They have a solution that will give you a high level view. Their application will count the number of hits per classs of traffic.
You can also get connectivity data on single IP addresses if you need that level of information.
They have a solution that will give you a high level view. Their application will count the number of hits per classs of traffic.
You can also get connectivity data on single IP addresses if you need that level of information.
Looks like everyone has an opinion on this and I'm not going to read them all, but DC was pretty spot on with his reply except you all missed the main point. 'Your' boss wants to monitor 'Your' department - that means he doesn't believe he is getting value for money from your department. You must stand by your department (and prove you are the right person for the job). IT has always been a thorn in the companies budget and non IT people will always question the value they are getting (You will notice your boss brings his home computer to you to repair - because it is too expensive to go to a pc shop. But how much did that little repair actually cost the company!). Your department has a workload and you can calculate how many man hours each task should take. You can therefore make a pretty good guess at who is underperforming and this can be handled (hopefully you know how to increase a persons performance by now). But what happens when outside influences cause your stats to drop. You are the one that has to keep your users and boss informed of how things are going and it is this ability that demonstrates the value of you in your role. If you keep all informed and you deliver the goods within budget and explain any fluctuations your boss will realize you do know your job and you are in control - So forget about 'unobtrusive monitoring'.
Try WorkTime - it looks like this solves your employee monitoring task. The only thing, you still need to install it on every computer.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
