Internet Logging Software

Monopoly money comes in many flavors: 7, Vista, XP, 2K, ME, 98, etc.

Moderators: Flying Fox, Ryu Connor

Internet Logging Software

Postposted on Fri May 13, 2011 9:46 am

So at work we have a machine employees use that has been getting viruses like clockwork during a specific shift. I would like to get a better idea of exactly when it is happening, so I can track down which user is the cause. Does anyone have any recommendations for software capable of logging web traffic on the machine? I've got a pretty good idea what the employee(s) is(are) doing, but I'd like to prove it.

I tried a bit of searching, but most result sets are clogged with noise from either enterprise security software, or parental control filters.
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1 x64
SuperSpy
Graphmaster Gerbil
Gold subscriber
 
 
Posts: 1496
Joined: Thu Sep 12, 2002 8:34 pm
Location: TR Forums

Re: Internet Logging Software

Postposted on Fri May 13, 2011 9:56 am

Can you not simply pull up the IE history?
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3070
Joined: Mon Dec 29, 2003 10:55 pm
Location: Southwest Missouri, USA

Re: Internet Logging Software

Postposted on Fri May 13, 2011 10:01 am

Buy the full version of MalwareBytes Anti-Malware and install it on the problem box. The logs it generates will ID URL and time, making it easy to ID the perp.
There are people that embrace the Oxford comma and people who don't. Never get between these people when drink has been taken. I use the Oxford comma and always will. The rest can sod off.
Captain Ned
Global Moderator
Gold subscriber
 
 
Posts: 19739
Joined: Wed Jan 16, 2002 6:00 pm
Location: Vermont, USA

Re: Internet Logging Software

Postposted on Fri May 13, 2011 11:19 am

bthylafh wrote:Can you not simply pull up the IE history?


Nope, the involved party knows enough to nuke the (Firefox) history.

If it were up to me I would just go full madmin and downgrade the default user from admin to normal user (or guest) and wash my hands of the issue, but powers that be want timestamps and hard proof.
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1 x64
SuperSpy
Graphmaster Gerbil
Gold subscriber
 
 
Posts: 1496
Joined: Thu Sep 12, 2002 8:34 pm
Location: TR Forums

Re: Internet Logging Software

Postposted on Mon May 16, 2011 7:45 am

Can you use a hardware appliance?
Usacomp2k3
Gerbil God
 
Posts: 21240
Joined: Thu Apr 01, 2004 3:53 pm
Location: Orlando, FL

Re: Internet Logging Software

Postposted on Mon May 16, 2011 4:45 pm

It strikes me you should be able to use Software Restriction Policies to prevent Firefox from running on that box. Force them to use IE and disable the History Erasing.

Computer Configuration > Adminstrative Templates > Windows Components > Internet Explorer > Delete Browsing History > Prevent Deleting Web sites that the User has Visted

- There are many more in that subfolder that would make the life of the perpetrator quite hard.

If this is a Windows 7 box I'd highly recommend AppLocker to disable the use of Firefox, but if you only have XP or Vista then Software Restriction Policies (SRP) should work.

I could put up a hypothetical SRP policy that would work if this idea seems like it might fit the bill.
"Welcome back my friends to the show that never ends. We're so glad you could attend. Come inside! Come inside!"
Ryu Connor
Global Moderator
Gold subscriber
 
 
Posts: 3450
Joined: Thu Dec 27, 2001 6:00 pm
Location: Marietta, GA

Re: Internet Logging Software

Postposted on Tue May 17, 2011 7:48 am

I normally stay away from IE on non-Vista/7 machines, but I'll try that setting for IE (and uninstall/hide FF)
Desktop: FX-8350 | 32 GB | XFX Radeon 6950 | Windows 7 x64
Laptop: i7 740QM | 12 GB | Mobility Radeon 5850 | Windows 8.1 x64
SuperSpy
Graphmaster Gerbil
Gold subscriber
 
 
Posts: 1496
Joined: Thu Sep 12, 2002 8:34 pm
Location: TR Forums

Re: Internet Logging Software

Postposted on Tue May 17, 2011 8:41 am

There's an .MSI version of Firefox available from a third party, and the installer includes .ADM files so you can control the thing with group policy. Maybe it has a setting to disable clearing history.
Think for yourself, schmuck!
i5-2500K@4.3|Asus P8P67-LE|8GB DDR3-1600|Powercolor R7850 2G|1.5TB 7200.11|1988 Model M|Saitek X-45 & P880|Logitech MX 518|Dell 2209WA|Sennheiser PC151|Asus Xonar DX
bthylafh
Grand Gerbil Poohbah
 
Posts: 3070
Joined: Mon Dec 29, 2003 10:55 pm
Location: Southwest Missouri, USA

Re: Internet Logging Software

Postposted on Tue May 17, 2011 8:59 am

Yay, another chance to pimp pfSense, Snort, Squidguard, and Lightsquid running on a spare box in your network! You could also get other types of IPS/IDS (IBM Proventia, for example), but pfSense is free and will work exceptionally well for what you're trying to do.

Try it today!

It's also a fun project to do to earn those golden overtime hours!
Calm seas never made a skilled mariner.
drsauced
Graphmaster Gerbil
 
Posts: 1446
Joined: Mon Apr 21, 2003 12:38 pm
Location: Here!


Return to Windows

Who is online

Users browsing this forum: Google Adsense [Bot] and 2 guests