How can you tell if social media use is out of control?
Monitoring user social media activity can be quite tricky, for reasons outlined in this article. In short, because of Content Delivery Networks (CDNs) it is not easy to see the websites and social media apps that people are using on your network.
If we use conventional Internet monitoring
Using layer 3 and 4 of the OSI model we will get a lot of information on our Internet traffic. We can see at the port level we're getting some port 80 and port 443 traffic (http and https). However, at this level we don't know what websites users are visiting.
NOTE: Social media traffic is difficult to see with layer3/4
Let's look at our http(s) proxy server
What information can we get from our web/http(s) proxy server? Well a web proxy server, or a domain name server for that matter, will give you domain name information to go on.
aWhat domain information can we see?
Some useful domains but a lot of Content Delivery Networks that obscure some application types
Look at the same traffic with Deep Packet Inspection
Deep packet inspection gives us application level monitoring
With deep packet inspection we get more information about each packet that travels to and from the Internet on our network. We can see past the content delivery network information which doesn't really tell us anything.
Much more useful information. In this chart we see applications
Findings and conclusion
With deep packet inspection we're able to quickly determine what users are actually doing on our network. In the chart above we have highlighted the social media sites that were accessed. We can also see other application types we may not want on our network, such as BitTorrent and Steam. What does this enable us to do?
- Track social media use throughout the day
- Determine if social traffic negatively impacts business application traffic
- Find the local PCs/Macs/Phones which are accessing social media
- With Active Directory integration and NetScope find out which users are responsible
- Protect your important application traffic with QoS