The very highest echelons of my company will not permit me to install any type of Internet monitoring tools (probably because they don't want their own usage subjected to scrutiny). However, when mid-managers suspect an employee is violating our Appropriate Use Policies, they call me and want to know if I can provide them with copies of an individual's history files or cookies. Some of our people have become savvy enough to know how to delete things that are not permitted by policy. Is there any other way I can verify what they've visited? We're running W2K on both servers and desktops.
If you can't install any network monitoring or content filtering tools, you still have a few more options:
- Enable HTTP, etc. logging on your firewall and trace it back that way.
- Install an undelete utility on each PC that allows you to undelete cookies or history files.
- Utilize forensics or data-recovery tools that can recover deleted files (there are dozens). There are commercial, freeware and open-source that will allow you to go in and see what was deleted. You'd have to do this pretty quickly before the data's entries on the hard drive are overwritten with new data, though.
- Automatically backup each user's cookies and history files to your server for offline access. You could schedule a batch file that does this on every PC at random times every day. You'd have to do this fairly often though to make sure you copy the files before they are deleted.
For more information on this topic, visit these other SearchSecurity.com resources:
This was first published in March 2003
Dig deeper on Information Security Policies, Procedures and Guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.