Guest post: 7 Reasons to Monitor Internet Usage

7 Reasons to Monitor Internet Usage

Monitoring internet usage is a popular issue for companies that use the internet irrespective of their size. There are various and valid reasons why a business should monitor internet usage. In this article we’ll discuss some of them and the benefits of doing so:

1. Security – Perhaps the most important reason for internet usage monitoring is to ensure data transferred to and from the internet does not contain malicious code or malware. This type of monitoring can protect your organization from potentially destructive malware infections and Trojan infections that could compromise the company’s intellectual property.

2. Productivity – While there are advantages in allowing people access to the internet, even if this means occasional periods of browsing for personal reasons, monitoring is essential to prevent excessive use by employees. Proper internet usage monitoring and control can work in an organization’s favor if usage is maintained at a level that promotes productivity, rather than a situation that results in multiple incidents of cyberslacking and unacceptable levels of internet usage.

3. Costs – Internet connectivity is not free; bandwidth costs money and there are additional costs if something goes wrong. If an organization monitors Internet usage these costs can be mitigated; proactively reducing unnecessary bandwidth usage and improve the security of internal networks.

4. Confidentiality – Giving employees access to use the internet also opens a door through which confidential information can be leaked, lost or stolen. Adequate monitoring of internet usage can prevent information theft – both intentional and accidental.

5. Legal Liability – There are many ways how an individual can use the internet to commit crime – from infringing on someone else’s intellectual property to actual hacking attempts. Monitor internet usage to prevent and identify such events as they occur and you’ll be able to stop them before they trigger a legal response.

6. Forensics – Monitoring also allows an organization to effectively investigate incidents. If an employee breaches company policy by engaging in prohibited internet activities, you will need the evidence to back up your position. If a workstation is compromised due to inappropriate internet usage, you will want to know what websites were accessed and led to that workstation being compromised. This information can be used to identify areas that needed increased security measures.

7. Reputation – Proper internet monitoring will help an organization to keep its reputation intact and prevent an employee’s actions from causing harm to the company through malware infections or illegal activity.

Each of the above points are strongly interlinked and together provide a robust and valid argument in favor of monitoring internet usage – each point merits equal attention and consideration. Monitor internet usage properly and efficiently to ensure your organization never suffers a fallout due to web threats. Prevention is always better then the cure.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on how to monitor internet usage.

All product and company names herein may be trademarks of their respective owners.

Monitoring filters complexity

Avoid arp poisoning in your LAN

In Linux, rudimentary but effective:

Here you are some quick measures to make arp spoofing in a shared LAN a little bit more difficult. Note, however, that these measures will not protect you from firesheep (cookie-based mechanism to steal non-https sites' credentials).

1. Avoid that the arp protocol constantly asks for the mac address of your router. Add the following line to the /etc/rc.local file:
# arp -s ipaddressofyourrouter  macaddressofyourrouter
This way, this entry will be permanently stored into the ARP cache.

2. Create an alert with arpwatch using e.g. the following line:
# arpwatch -d -i yourinterface
The arp database will reside in /var/lib/arpwatch/arp/dat

3. A way to check that there are less arp probes in the net then will be
# tcpdump -i yourinterface -n -v arp

If you change your router, remember to change your rc.local file accordingly.

In Windows, a nice tool is the one from irongeek called decaffeinatid.

This is not bulletproof but it saves you from the typical arp poisoning attack. If any reader would like to add any additional idea to this topic, please comment.

Happy browsing in a shared network ;-)!

Avoid ARP poisoning

Note to a comment: Arpon is a useful tool for this purpose. Besides, Arpon 2.7 was just release last July. Be aware that, according to Arpon site "it requires a deamon in every host of the connection".