Rendering Policy Violators Speechless
Novell Cool Solutions: Tip
Digg This -
Posted: 15 Nov 2002
Having a strong Security Policy is great, but enforcing it is sometimes difficult. Nowhere is this truer than in academic settings, where students in the lab are wont to dabble in sites that are most decidedly NOT part of the curriculum.
BorderManager can be a powerful ally to help enforce your Internet Usage policies. Here are some ideas from the School Cool Solutions Advisory Board.
If you are using BorderManager it is really easy to log what the students are doing. It logs the username, IP address, date and time and the urls of where they went in a text file. You can write scripts to search through the files and look for key words. Just print it out and present it to the students - that usually renders them speechless.
They always try the old "Someone else must have my password..." trick, but we still ban them and discipline them for not keeping their password secret. You can even view realtime logs in BorderManager and look at a specific students' tracks. It is a brilliant tool.
A couple of good suggestions about how to use these BorderManager Access Control logs. You might try exporting the deny list each week into a text file and importing that into Excel so you can filter the list by OU and create a printout for the building administrators.
We have recently been using Adobe Acrobat to create PDFs of these "printouts" so we can post them to a secure location of our intranet server (password protected). This allows us to get the information to the building adminstration faster and creates an archive of this information without having to buy a bigger file cabinet.
There are some free tools that can help analyze these log files. One good one is Analog. Another one that comes highly recommended by Cool Solutions readers, who have so far given it a whopping seventeen 5-star ratings, is the BorderManager Proxy Statistics Tool.
Here's another suggestion: Using BorderManager logs is great, but before you take it to the parents add one more thing. Starting with NAL as the shell now you can remote in undetected and record the activity (with third party software like notes screen cam etc...). You should see Mom and Dad's face when they see the screen movie with the student's ID there in lights and you get to catch all the sites they were denied. They see how their child surfs while unattended and for a lot of parents it's a new view of their child.
Check out the School Cool Solutions Forums, where you can discuss these and other tactics for running a tight ship in your school.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com