Watching the Web

By Teresa Anderson

AAAE wanted a way to monitor Internet usage to assess bandwidth needs and to provide a record of employee Web activity.

The American Association of Airport Executives (AAAE), headquartered in Alexandria, Virginia, has nearly 80 employees, and as in most workplaces, employees use the Internet as a critical tool to obtain and share information. Patrick Osborne, senior vice president of IT at AAAE, has taken a number of steps to ensure network security over the years. He has installed e-mail-sanitizing products, virus protection, a firewall, and intrusion detection systems to protect the network from outside attack. But he was bothered that a critical part of the protection equation was not addressed: He needed a way to monitor Internet usage companywide and per employee.

"Initially, we wanted to look at monitoring to justify more bandwidth if we needed it," says Osborne. "But we also wanted to determine which employees were using the Internet and for what reason."

When he looked into available products, however, he was unsatisfied with the options. At first, Osborne brought in two different bandwidth utilization software packages for testing. Both of the programs caused the organization's switches to fail. (A switch is a device that channels incoming data from multiple input ports to its intended destination.) To run the software, AAAE would have had to install redundant switches. Because that was cost prohibitive, the project was put on hold.

The solution came from an unexpected quarter. A company called eTelemetry, based in Annapolis, Maryland, had a product that monitored wireless Internet use at airports, and Osborne was doing a project with the company that involved the wireless product, which he liked because of its tracking ability and graphic interface.

Osborne casually mentioned that he wished the company had a similar product for traditional networks. A few months later, an eTelemetry representative called with information about two new Internet usage monitoring products that might do what Osborne wanted.

The products are called Metron and Locate. Metron is the monitoring tool, and Locate creates an active directory that synchs IP addresses to specific departments and employees. This tool is critical, says Osborne, because other products that he looked at merely listed an IP address; it was up to the IT department to manually cross-reference the address to a user.

Last summer, Osborne went to senior management to get approval for the Metron and Locate systems. (The cost of the two systems was $22,500.) "It was a pretty easy sell," says Osborne. "Partly because IT has a good relationship with senior management but also because of the information Metron could offer us."

The information included statistics showing that most viruses or other malicious code gets into a company network via employee Internet activity.

Installation began in early October. Osborne wanted the system up and running by December so that he could introduce it at the organization's staff retreat that month.

There were a few glitches in the installation, according to Osborne. The first was that the association hadn't realized that it would need additional ports - input points for the switches - for both the Metron and Locate devices. Adding that capability was not a major hurdle, however, as the small piece of hardware that provides additional ports is not costly.

Another issue was that the association's network had to be reconfigured to accommodate the software. Osborne had the network organized into subnets to ease traffic congestion. However, Metron requires that all users be on the same level of the network. But, again, the adjustment was not difficult. "This was a minor issue that was easily taken care of," says Osborne.

The installation took only two days. The first day and a half were devoted to the switch issue; reconfiguring the network took the remaining half day. The system was set up to start working on a Friday because it would need the weekend to run its own diagnostic program to coordinate IP addresses with end users. "We spent Monday getting used to the system and by Tuesday, we had our first set of statistics," says Osborne.

At AAAE, the system automatically provides Osborne with the bandwidth used by each department. He can look at the usage as it compares to what the department's function is and assess whether the usage rate needs to be investigated. "If the IT bandwidth is high, that makes sense because the servers are in the IT department, but if the mailroom suddenly has a spike in bandwidth, that might be a problem," he explains.

The other reports Osborne gets from the system reflect e-mail and instant messaging use. Osborne established a range of time that the organization considers is appropriate to spend on such activities. If a user exceeds this time, an alert is triggered.

Osborne can access the password-protected system from any computer with an Internet connection. Currently, all network administrators have access so that they can monitor the bandwidth reports when on duty and address any network problems as they arise.

According to Osborne, the next step is to set up a system to automatically send some of the reports to department heads. "This is still in the works," says Osborne. "We don't know yet whether each person has to log in to see the reports or whether they can be sent out via e-mail."

At the annual retreat in December, Osborne showed employees color print-outs of what the software could do. "Our organization is set up to offer more of the carrot than the stick," he notes. "But it was important to let employees know that we could pull up a chart telling us what sites they had visited."

Osborne explained to employees that the program would not be used to monitor employee activity in real time, but the information could be used when addressing performance problems or HR concerns. The system will be highlighted each year at subsequent retreats.

Metron has not uncovered any employee wrongdoing or bandwidth issues yet, but Osborne considers it an important tool for monitoring usage not only for employee performance but also for assessing network needs over the long term. It will give him a basis for requesting more bandwidth when appropriate. "It will be nice to go to management with hard numbers," he says, "and show them why I think the system is overloaded and prove that we need more bandwidth."

(For more information: Paul Volkman, executive vice president of sales, eTelemetry, phone: 888/266-6513; e-mail:

Teresa Anderson is a senior editor at Security Management.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.