Track Employee Web Use / Block certain Websites
Discussion
Hi,
One client, SME, small team of circa 6-8.
Wants to get a little more strict with employee web use and block some social media sites to improve efficiency. I know that this is possible and used but lots of businesses but I wondered if anyone on here had any recommendations or experience with any particular piece of software?
Preferably a piece of software that is installed after hours on certain employees computers and runs in the background without their knowledge but enables the Directors to have a check every so often to see internet use and also to block facebook etc.
Any advice or experience appreciated.
Cheers
One client, SME, small team of circa 6-8.
Wants to get a little more strict with employee web use and block some social media sites to improve efficiency. I know that this is possible and used but lots of businesses but I wondered if anyone on here had any recommendations or experience with any particular piece of software?
Preferably a piece of software that is installed after hours on certain employees computers and runs in the background without their knowledge but enables the Directors to have a check every so often to see internet use and also to block facebook etc.
Any advice or experience appreciated.
Cheers
Personally, I'd install a transparent proxy on the network (to handle all traffic, without having to install anything on the desktop machines) and set some rules in there to intercept/block the required sites. The log files will then be kept on a separate machine (the one that runs the proxy) and it will automatically (if the network is properly configured) take care of any additional devices on the network.
Software costs can be minimal (Linux + Squid are free, but need a little configuration), but it will need an extra machine to run it. It also then provides a useful node which can be used to probe a little deeper into any suspicious activity without the users being aware of anything being installed on their machines.
Software costs can be minimal (Linux + Squid are free, but need a little configuration), but it will need an extra machine to run it. It also then provides a useful node which can be used to probe a little deeper into any suspicious activity without the users being aware of anything being installed on their machines.
Put a small firewall with web filtering on the gateway, WatchGuard, Sophos, Checkpoint, Cisco...they all have add on modules. Dont f
k about on the machines themselves
The biggest jump you'll see in productivity is when you tell people you're going to put filtering in, not when you actually turn the filtering on. It's generally not cool to flick the switch on first thing on Monday, people start seeing 'Sorry, this website is blocked, please contact your Administrator' and Ian in IT gets 35 emails that he has to copy and paste the reply to.
If people want to go look at Facebook, they'll do it on another network. You're better off trying to get them educated into when they're working, they're working.
k about on the machines themselvesThe biggest jump you'll see in productivity is when you tell people you're going to put filtering in, not when you actually turn the filtering on. It's generally not cool to flick the switch on first thing on Monday, people start seeing 'Sorry, this website is blocked, please contact your Administrator' and Ian in IT gets 35 emails that he has to copy and paste the reply to.
If people want to go look at Facebook, they'll do it on another network. You're better off trying to get them educated into when they're working, they're working.
Thanks all - Good advice.
I need to go in and check their current network config. From what I can make out its
Router > Ethernet Switch > 6 PCs
The two directors still want to retain full access to any site that they wish so I'd have to isolate the local machine IPs on the router to ensure that selected sites were blocked to them. Seems like for tracking purposes we'll need a separate machine, or could we use one of the Directors machines?
Thanks again
I need to go in and check their current network config. From what I can make out its
Router > Ethernet Switch > 6 PCs
The two directors still want to retain full access to any site that they wish so I'd have to isolate the local machine IPs on the router to ensure that selected sites were blocked to them. Seems like for tracking purposes we'll need a separate machine, or could we use one of the Directors machines?
Thanks again
Stick the proxy/filter between the switch and the router and set it to allow all traffic from the directors' IP addresses through without interference, but channel everything else through the filter ruleset.
(It can be done at a software level by changing default gateway in the DHCP leasing rules, but using the physical connections makes it harder to bypass that).
(It can be done at a software level by changing default gateway in the DHCP leasing rules, but using the physical connections makes it harder to bypass that).
jonamv8 said:
Seems like for tracking purposes we'll need a separate machine, or could we use one of the Directors machines?
Again. You cannot do this secretly. The company has to make clear their internet use policy and ensure that everyone understands what they can and cannot use the company's internet access for.
If they intend to monitor access, they need to further make clear how that will be done, who in the company will have access to the monitoring data, how that data will be kept secure and what the repercussions will be for people who fall foul.
V8mate said:
jonamv8 said:
Seems like for tracking purposes we'll need a separate machine, or could we use one of the Directors machines?
Again. You cannot do this secretly. The company has to make clear their internet use policy and ensure that everyone understands what they can and cannot use the company's internet access for.
If they intend to monitor access, they need to further make clear how that will be done, who in the company will have access to the monitoring data, how that data will be kept secure and what the repercussions will be for people who fall foul.
V8mate said:
Again. You cannot do this secretly.
The company has to make clear their internet use policy and ensure that everyone understands what they can and cannot use the company's internet access for.
If they intend to monitor access, they need to further make clear how that will be done, who in the company will have access to the monitoring data, how that data will be kept secure and what the repercussions will be for people who fall foul.
And this, definitely, this. The HR implications cannot be discounted - they could open up a world of pain for themselves if they don't have a proper agreed & notified AUP in place with notification about monitoring etc.The company has to make clear their internet use policy and ensure that everyone understands what they can and cannot use the company's internet access for.
If they intend to monitor access, they need to further make clear how that will be done, who in the company will have access to the monitoring data, how that data will be kept secure and what the repercussions will be for people who fall foul.
Id advise them against blocking social media its a false assumption that it reduces productivity.. Lots of studies have been done, its actually a valuable work place tool that can increase engagement, inter-department communication and internal communication.
Why is it that people always try to solve management issues with technology..
Blocking porn and stuff, definitely.
Why is it that people always try to solve management issues with technology..
Blocking porn and stuff, definitely.
Why not just issue a set of business rules that tell the employees what they can & can't do with the companies internet access provision? They are adults aren't they? so they should understand actions & consequences if they get caught and besides you can't go all secret squirrel on them without having a policy in place anyway!
barracuda web filter should do the trick. can be used to monitor, and block as required. can have media restrictions, time restriction etc.
I think there is a product called websense that does a similar thing, and I imagine there are many more!
might be a good idea to lift restrictions at break times and lunchtimes?
I think there is a product called websense that does a similar thing, and I imagine there are many more!
might be a good idea to lift restrictions at break times and lunchtimes?
Gassing Station | Business | Top of Page | What's New | My Stuff