Filter
Top Products
SurfControl Web Filter for ISA v5.5 Starter Guide 13
I
NSTALLATION
D
ECISIONS
User Name Resolution
2
USER NAME RESOLUTION
By default, SurfControl Web Filter doesn’t monitor user names. The Configuration Wizard enables you to
monitor your users by name, in the following ways:
• By using ISA Server to authenticate user names. This also prevents having to install EUM on all your
domain controllers. This is the recommended method.
• By installing the supplied Enterprise User Monitor (EUM) utility, which you can install either on your
domain controllers, Novell NDS tree servers or via a logon program stored on your network.
• By issuing a NetBIOS query based on the MAC address.
SurfControl recommends monitoring by user because:
• Monitoring by workstation name only identifies the machine requesting the data, not the user who
originated the request.
• Monitoring by user name is more convenient in a workplace where employees share or swap
machines frequently.
• Monitoring by user name enables you to filter users based on NT Users and Groups.
• Monitoring by user name makes it easier to track users that frequently login to multiple machines.
Web Filter places data on the Monitor with the following precedence:
1 User name resolved with NetWareEUM.
2 User name resolved with EUM.
3 User name based on NetBIOS query.
4 Workstation ID.
5 IP address.
EUM
EUM accesses Windows NT, Windows 2000 and 2003 security auditing data to resolve user names. This
provides Web Filter with the ability to monitor traffic on a routed network by user name. EUM provides Web
Filter with continuous, accurate reporting of logon activity by user name.
For example, when jsmith attempts to access http://www.cnn.com, Web Filter sees jsmith’s IP address in
the HTTP request. EUM provides the missing link by receiving data from the domain controllers regarding
jsmith’s identity.
Note: Web Filter supports three monitoring methods: user name, workstation name or IP
address.