Firewalls - Questions

[Starman 0]

Hi,

 

Hope you can help.

 

A mate of mine has been suspended from work for excessive internet use.

He has just been provided with a list of numbers for sites visited and number of

hits etc. Non of the site are of a ****ographic nature.

 

The majority of sites are advertisments but the company is making a big deal out

of number of hits etc.

 

Could anybody answer me the following please :

 

1) What is classed as a session?

 

2) Sites visited: what does a proxy server class as a site

 

3) Hits: what is classed as a hit?

 

 

4) What does a proxy server class as a hit?

 

 

5) Is this a reliable way of measuring a users

usage?

 

 

6) What are Page view Impressions & What would a firewall count as a Page View

Impressions.

 

Any help would be most appreciated.

 

 

Starman

[Bursar 0]

If your friends company have an AUP (Acceptable Use Policy) that details what is and is not allowed, then he is likely to be out of luck.

 

Although adult sites will be a definate no-go area, there are bound to be some clauses about personal use of the Internet (such as chatting to friends, booking holidays and so-on). If he has broken these rules, then he is likely to get the book thrown at him.

 

The rules are there for good reason. Not just because adult sites might offend someone, but because bandwidth is expensive, and to have it wasted as he wanders around checking this site and that isn't a good thing. It also means that he isn't doing the work that he is actually paid to be doing.

 

Most companies allow a limited amount of personal surfing (in the same way that people make personal phone calls from work), but Internet access from work is generally a privilage, not a right. Abuse of that privilage will land you in trouble.

[jaywallen 0]

I would say only that, if your friend disputes the accusation that he was making improper use of his Internet access I can think of two things that might give him hope:

 

1. It is customary, though not mandatory, for companies to provide a user with a warning and a chance to improve their behavior. Summarily dismissing or suspending someone for this type of behavior seems a little extreme. However, that does depend on the context in which he works and just how egregious his behavior was. If he works in a high security environment(whether governmental or industrial) then such behavior may certainly be grounds for immediate dismissal.

 

2. If he REALLY didn't do this, it's just possible that something else is involved. Can the employer prove that he was using the computer at the times when the improper browsing behavior occurred? (This involves an analysis of both the physical security situation of the PC AND the type of operating system / network security employed for using the machine.) It's also possible that something like a Trojan or an automated search / download / capture application (like NetAttache') on the machine was doing this accessing, too. In such a case, it's possible that he would have been unaware that the machine was engaging in the forbidden "surfing". In either case you would need an expert to examine the logs (and possibly the machine, if such access were granted by the employer OR required by a writ). We're talking lawyers, guns and money here! (In this case the "guns" are technical experts. And I do mean EXPERTS. Not just one of us guys who says he knows a lot about networking.)

 

I hope things work out for him.

 

Regards,

Jim

 

[This message has been edited by jaywallen (edited 28 March 2001).]

[Moniker 0]

Starman-

 

Sounds like an internet nazi to me. I'm an admin for a company, my view on it is that its not my place to tell people that they can or cannot surf the internet. The only way I will get involved with someones internet surfing is if their manager complains to me then we implement the acceptable use rules. I dont strictly adhear to them.

 

A session may be what is referred to as a browser session when you open the browser and use it to browse sites it records your trails.

 

Most likely when they are talking about proxy stuff. Your admin probably has a squid box. What's a squid you ask? Well, let me tell you its a box that all internet requests go thru and return to so it will populate its cache with sites you go to. Really what this is designed for is, to speed browse speeds up by having the cached info much closer(less hops). So it can return it faster. Because it stores this info it is possible to review anywhere the user went times, dates, etc. Sorry for the over simplified explaination.

 

A hit probably is referring to how many pages were loaded or how many pages he reached.

 

Yes sorry to say it is a very accurate way of measuring usage.

 

I'm not sure what you are referring to when you say page view impressions. Could be because I'm stupid though.

 

To be honest this sounds like a situation a friend of mine is dealing with. I really wouldnt push the admin around too much he is just a control freak and there is nothing you can really do about it. If he is taking it up a level he probably has loads of logs to back his side of the story up. So be prepared to fight with a guy that already hates people. I would just openly start calling him an internet nazi everytime you see him.

 

Moniker

 

Im betting you work for a video game company right starman? and your first name may even start with a st

[Starman 0]

Nope. Totally wrong. I don't work for a video game company and my name does not start with ST.

 

The action was started by my mates line manager not the IT dept. There is no Acceptable use policy. Is this something that is signed by an employee?

 

Previous information leads me to believe that Hits are not accurate as a hit is registered for everything that is needed to be downloaded for a particular page i.e. htmls, asp, gif, jpegs etc.

 

Can anyone shed any further light on it.

 

BTW - my m8 has just been sacked for it.

 

Starman.

[clutch 1]

Impressions are generally "first time" hits (that's what I read, but I could be way off). From what I did read, some sites use the "impressions" count to drum up business for advertising.

 

As far as policies go, I use Surf Control at our company, and it locks down on sites based on DNS requests. It can also do reporting on user and/or workstation, such as most use, host hits for a give site, etc. Mine is just setup so if someone tries to go to a **** site, it will send me an alert email. In addition, only certain people are allowed online (mostly the ones that signed the acceptable use policy) and this is monitored through the info in the DNS packet and then compared to the SAM for approval validation. The system works quite well, though we did have some problems where people were allowed to go to unauthorized pages because the system read them as "smsclisvcacct&", which is the SMS client that is installed on each PC. That's the only issue that we have had.

 

------------------

Regards,

 

clutch

[Moniker 0]

sorry starman a friend of mine is goin through the same sh*t right now with his admin. The story just sounded real familiar.

 

As far as AUP I don't make anyone sign anything unless their manager complains to me that every time they walk by he\she cube they are on the internet and they dont get their work done. This way the first is a verbal warning to let them know we know they are abusing privis, and we want them to sign something now to say they wont do it anymore. The second after the agreement has been breached they get the boot(I've never had to implemnt this policy). This is the same way I deal with telecommuting. I know some admins enforce policies because of security issues. I dont feel that it causes a real threat to me because of the security measures that have been taken. I feel for your friend man that is a sh*tty way to go. Like I said before time to refer to him as "The Internet Nazi"

[DosFreak 2]

What software does the company use to monitor net access? Sessionwall? Most surfing these days most of the bandwidth goes to adds. Heck out of the top 10 sites I think 5 of them are banner sites.