4

We are setting up our office network and would like to track all the websites visited by our employees. However, we would not like to use any proxy based solutions.

Our work is highly dependent on applications in which you cannot configure a proxy. Hence, the approach we would like to follow is setting up a router inside a computer (something like this : http://www.techrepublic.com/article/configure-windows-server-2003-to-act-as-a-router/5844624)

This will also allow us to attach multiple ethernet cards and have redundancy in internet connectivity with complete abstraction from the user about which connection is being used.

But most importantly, since all the traffic will be going through the computer (configured as a router) I assume there will be a way to run packet analysis on all the request / responses being made. For example, list all the FTP servers connected to (port 21), give a graph of all the URLs visited per day by frequency.

Is there already a software which does this ? Or is it possible to build something like this ?

Robert
  • 41
  • 2

4 Answers4

5

Use a transparent proxy. Your applications then don't need any configuration change.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
  • Is there any transparent proxies that impose almost no extra latency. Do you know what's the fastest transparent proxy? Would it be better to split the connection to a listener instead of having a proxy in the middle? – CMCDragonkai Jun 09 '14 at 05:14
1

Why not use a [hardware] firewall? (Or cluster of firewalls for HA/failover.)

Every major firewall I've worked with has the capabilities you're asking about. Cisco ASAs are solid and standard for this kind of functionality, and Palo Alto Networks make great "next gen" firewalls with more advanced application and url-level filtering and reporting, if that's where your primary concern lies.

Using a computer as a router and trying to hack together some packet-capture to url filter/report sounds like a nightmare that's easily avoided by using the standard tool for this job.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
0

You could route all your internet traffic through a server running Microsoft Forefront Threat management gateway http://www.microsoft.com/en-us/server-cloud/forefront/threat-management-gateway.aspx. This contains a firewall and anti-malware filtering also so doubles up to protect your network.

It has quite flexible reporting which should help you monitor the activity of web and application traffic but also allow you to block content from sites you don't want your employees visiting.

Jay1980
  • 152
  • 1
  • 6
  • I can assure you that TMG is a proxy-based solution that won't work for the OP. – HopelessN00b Sep 29 '12 at 12:59
  • I thought considering @robert mentioned using a server as a router, TMG would be the natural choice for the application layer to configure access, provide monitoring and reporting? – Jay1980 Oct 08 '12 at 15:24
  • Except that it acts as a proxy and is very far from transparent. The line's also being discontinued, which alone is enough to make it hard to recommend, even without its other problems and assorted pains in the ass. – HopelessN00b Oct 08 '12 at 15:58
0

This is highly unpractical compared to just setting up a transparent proxy or using your gateway/firewall... You could consider a network tap off your gateway interface. Send a copy of all traffic Flowing though that link to monitoring solution. I know this company has some carrier class stuff to do that. Not sure about smb or mid range. www.netoptics.com/partners/tap/agilent

Also, if this is a small company. Less then 100 users. Take a look at untangle. Just google it. It can function as a pretty decent transparent proxy!

  • best of luck to you!
bobloblaw
  • 5
  • 1
  • 3