All Categories :
Intranets
Chapter 21
How Intranet Monitoring Software
Works
CONTENTS
In the last chapter, we saw how network administrators can block
intranet users from visiting objectionable sites on the intranet
using server software. But in many cases, intranet administrators
want to do much more than simply block users from visiting objectionable
sites. They may also want to track the overall usage of the Internet
from inside the intranet, and be able to see in exquisite detail
exactly how the Internet is being used-for example, to see the
times of the greatest access, or which departments and subnets
make the greatest use of the Internet. And they may want to track
not only how people on the intranet are accessing the Internet,
they may also want to see how they are using the intranet itself.
All that can be done-and a lot more-using intranet monitoring
software. This is software that sits on a server, and monitors
all traffic between the Internet and the intranet. It can also
monitor all traffic on the intranet itself.
The software works by examining every IP packet coming into and
going out of the intranet. It looks into both the IP header and
at the data itself. The intranet administrator decides what kind
of traffic to track. For example, access to intranet and Internet
Web servers; FTP (File Transfer Protocol) usage; access to newsgroups;
use of e-mail; and Telnet could all be tracked using this software.
The monitoring software can then log all that traffic in extraordinary
detail. It can track the destination address as well as the originating
address; the amount of data transferred; the time of day; and
many other pieces of data. All that data is automatically put
into a database that intranet administrators can use to create
reports of just about any type.
This information can help intranet administrators in many ways.
It can help them know when new bandwidth needs to be ordered or
new servers need to be installed. And it can also tell them if
inappropriate sites are often visited.
Some monitoring software goes beyond merely tracking usage, and
allows administrators to set access rules for the entire corporation
or for individual departments. For example, it will allow network
administrators to lock out certain sites from the entire corporation,
such as those that have pornographic material on them. And it
can let them decide on a department-bydepartment basis what kind
of Internet access should be allowed.
While this type of software is certainly helpful to intranet administrators,
some intranet users may be leery of it. They may think that it
has a "Big Brother" feel to it, that intranet administrators
are violating their privacy, or watching in detail how they use
their computers. While that is a possibility, when used correctly
the software can help to make sure that the network is functioning
at top efficiency, and not to snoop into other people's lives.
Server software is available to allow for extensive monitoring
of how intranet users access the Internet. Administrators may
find it useful to know, in general, what kinds of sites are being
visited, and may even want to track what sites individual users
are visiting. It is possible to do much more detailed analysis
as well, including how much individual users access the Internet,
what hours are most heavily trafficked, and much more. The software
can also customize how people are allowed to access the Internet
and/or the intranet. All outgoing and incoming traffic must pass
through the monitoring machine.
- The software uses packet filtering, much like filtering routers
(see Chapter 13). Both look at the data in the header of every
IP packet coming in and going out of the intranet, and every packet
traveling across the intranet. However, they differ significantly
in that filtering routers make decisions about passing or dropping
packets. Monitoring software simply lets the packets pass through,
and tracks information about packets. Data such as the sender
and destination address; size of the packet; type of Internet
service involved (such as the Web or FTP) and time of day is captured
to a database.
- While all packets must pass through the server, the software
does not necessarily put information about every packet into the
database. For example, information about HTTP packets (World Wide
Web), file transfer protocol packets (FTP), e-mail packets (SMTP),
newsgroup packets (NNTP), and Telnet packets might be tracked,
while streaming audio packets might be ignored.
- Software included with the server program allows network administrators
to view and analyze intranet and Internet traffic to a remarkable
degree. It can show the total amount of network traffic by the
day and the hour, for example, and show in any hour which Internet
sites were being accessed and how much data was being transferred.
It can even show what sites individual users on the intranet were
visiting, and the most popular sites visited in graph form.
- Some software goes beyond analysis, and allows intranet administrators
to change the kind of Internet access allowed to intranet users,
based on traffic, usage, and other factors. For example, an intranet
administrator could allow only certain departments access to some
Internet resources.
- The software could also allow intranet administrators to ban
certain sites from being visited by the entire intranet. For example,
if there are pornographic sites that analysis has shown intranet
users are visiting, the administrator could set rules that would
ban anyone from visiting those sites. The packet filtering software
would then not allow in any packets from those sites.
Contact
reference@developer.com with questions or comments.
Copyright 1998
EarthWeb Inc., All rights reserved.
PLEASE READ THE ACCEPTABLE USAGE STATEMENT.
Copyright 1998 Macmillan Computer Publishing. All rights reserved.
SHOPPING
JOB BANK
REFERENCE
JOURNAL
COMMUNITY
ABOUT US