user monitoring

autumn

autumn

Active Member
Reaction score
26
Location
Geelong, Victoria, Australia
G day all from down under,

I had a client today ask if we can monitor a users usage. Not just internet but their programs, well everything they do. I know keyloggers is possible but I think they will want more. Does anyone use anything?

I'm using Atera for RMM, I haven't checked if they have a plug in that will do something that will help me.

What's the reporting of websites in the Dream Machines like? Could a user easily access and read these?

I'll need to check the legalities here as well.

Of course they ask this when I'm heading off on holidays for 2 weeks.
 
Yes, definitely need to address the legal aspects. Up here creating an Acceptable Use Policy, reviewing it with them and having them sign usually addresses all those concerns. Unless there are direct statutory violations with in the AUP.
 
Well...couple of approaches.
Best way, including monitoring programs..and everything they do, is....some form of "big brother watching over your shoulder"" software.

Employee Productivity, Monitoring & Insider Risk Solutions - Veriato

Improve your remote or hybrid employees' productivity, track access to sensitive data, and detect insider risks with Veriato.
veriato.com veriato.com

...it literally...records what the user is doing. Just like the boss was standing behind them watching over their shoulder.

You mention Dream Machines....so you're thinking of a firewall approach, which....most "UTMs"...have some form of reporting of host names and IP addresses that computers will go to. For example, our "go to UTM" was Untangle (recently bought up by Arista).
However to sit there are go through those reports....it will show a user, or computer, or both....ALL of the traffic. Every_single_request made by the computer. So if you think about it...all day long, computers are doing heartbeat network traffic to microsoft, to antivirus, to search engines, to kajillions of domains that have cookies in the computer, browser plugins, 3rd party software like adobe, dns...dns...dns...manufacturer management software, IT peoples RMM software, yeah...you can pull a daily report for a user and spend DAYS trying to sift through it to extract info that you might find useful.

Ubiquiti gateways and some other "light weight UTM" software can dumb that down a bit, and simply it. Here's a few screenshots from a campground I recently stood up.
1687526521313.png
 
LOL at the "pornhub" in the above list.....
So..what I can do is...drill into the "domain" I want to investigate. Let's take "porn hub" for example. It shows 2x devices that went there...so I can drill into that...and get this...
1687526646651.png
 
Markverhyden said:
Yes, definitely need to address the legal aspects.
Click to expand...

Indeed. I wonder if it's like the USA where, when last I had any involvement with this sort of thing at distance, the employee had essentially no rights if it was company owned equipment (which really sort of makes sense - company owned and for company business means pretty much that).

Any time I've dealt with this sort of thing it was part of data gathering so that a dismissal was, essentially, airtight.
 
Can't speak for AU, but here in the USA....a business have 100% full legal rights to fully monitor web activity by staff on company owned devices ...AND....in and out of company owned networks ..even traffic from BYOD...if its on company owned networks.
 
YeOldeStonecat said:
a business have 100% full legal rights to fully monitor web activity by staff on company owned devices ...AND....in and out of company owned networks ..even traffic from BYOD...if its on company owned networks.
Click to expand...

Which is precisely what I recalled. And, to me, this makes sense. You are using company owned equipment for (in theory) company business. We all know that "a bit of latitude" has always been allowed, but it's a narrow path, not a 10-lane-highway's-worth of latitude.
 
Yep, I'm handballs the legalities back to the customer. And will do as instructed by them. I'll have all that in writing. Not my first rodeo. A quick look and basicallu, yes the business has the right to monitored as long as the employees knows that, however what is done with that information is murky here, as the user has a right to privacy.

So really my question is about what to monitor with? And as mentioned it's not just Web insights they want they were talking full monitoring.
 
There's this: https://www.pctattletale.com/ Caveat: I have not used this myself - and hope I never need to. This kind of snooping may be legal, but it still leaves me a bit queasy...just personally. AND - not sure your client will think it's worth the cost. But who knows?
 
autumn said:
So really my question is about what to monitor with? And as mentioned it's not just Web insights they want they were talking full monitoring.
Click to expand...

Yeah, so...there is software out there that silently "records" computers.
It's not cheap
And..it's...very...very..time consuming to review.
That link I posted in my first reply, Veriato, used to be called "SpectorSoft". It's not cheap.
They have (at least...had)...various versions, from individual services..such as "cheating spouse" licenses...where one person spies on their partners computer. To...full corporate versions, that record all the computers...and save those records on a huge folder on the server. Guessing they have "cloud versions" now that records to cloud storage. We were resellers of that software years ago, sold a couple of licenses of it.
 
@YeOldeStonecat

Interesting.

What's even more bizarre is that if I attempt to get there on my smartphone, it goes right through. But if I'm on my laptop, whether using the mobile hotspot on my phone or the wireless internet (both via T-Mobile) the failure is the same. And it fails under Edge Dev and Vivaldi on the PC, but goes through using Vivaldi mobile on the phone.

Who knows, but it is a rare, and very odd, error.
 
Yeah it's an odd blocking error he has, the DNS PROBE FINISHED NXDOMAIN means whatever he's using for DNS failed to resolve the domain. Perhaps some upstream safe DNS service, although that usually presents a different error. I'm going through Untangles full gauntlet at my office, as well as...DNS forwarders for our network using the DNS Filter service...they didn't block it for me.

However, I know that these "big brother watching" services have a hard time keeping up with various security software to keep them "whitelisted". Because, typically, most security software tries to block "spyware"..which is really what this stuff is..it's 3rd party software that records everything you do.
 
You must log in or register to reply here.

Similar threads

frase
Surgery Day
Replies
17
Views
389
frase
frase
YeOldeStonecat
Ubiquiti's new Unifi Express came in
Replies
5
Views
644
YeOldeStonecat
YeOldeStonecat
britechguy
I appear to have been hacked, but to what purpose, I have no idea . . .
Replies
9
Views
655
britechguy
britechguy
HCHTech
New+old Unifi setup struggles
Replies
8
Views
613
HCHTech
HCHTech
HCHTech
How to screw up with class - :-)
Replies
5
Views
680
HCHTech
HCHTech
Back
Top