INSTALLATION DECISIONS
User Name Resolution
2 |
USER NAME RESOLUTION
By default, SurfControl Web Filter doesn’t monitor user names. The Configuration Wizard enables you to monitor your users by name, in the following ways:
•By using ISA Server to authenticate user names. This also prevents having to install EUM on all your domain controllers. This is the recommended method.
•By installing the supplied Enterprise User Monitor (EUM) utility, which you can install either on your domain controllers, Novell NDS tree servers or via a logon program stored on your network.
•By issuing a NetBIOS query based on the MAC address.
Note: Web Filter supports three monitoring methods: user name, workstation name or IP address.
SurfControl recommends monitoring by user because:
•Monitoring by workstation name only identifies the machine requesting the data, not the user who originated the request.
•Monitoring by user name is more convenient in a workplace where employees share or swap machines frequently.
•Monitoring by user name enables you to filter users based on NT Users and Groups.
•Monitoring by user name makes it easier to track users that frequently login to multiple machines.
Web Filter places data on the Monitor with the following precedence:
1User name resolved with NetWareEUM.
2User name resolved with EUM.
3User name based on NetBIOS query.
4Workstation ID.
5IP address.
EUM
EUM accesses Windows NT, Windows 2000 and 2003 security auditing data to resolve user names. This provides Web Filter with the ability to monitor traffic on a routed network by user name. EUM provides Web Filter with continuous, accurate reporting of logon activity by user name.
For example, when jsmith attempts to access http://www.cnn.com, Web Filter sees jsmith’s IP address in the HTTP request. EUM provides the missing link by receiving data from the domain controllers regarding jsmith’s identity.
SurfControl Web Filter for ISA v5.5 | Starter Guide 13 |