Citrix/Terminal Server and Monitoring Activities on Your Home Computer

Can your home computer be tracked

if you connect to work

via Terminal Server/Citrix session?

A question from our users: “Does Citrix Track Home Activity?”

The situation is:

You work from home and connect to your working (company’s) environment via Terminal Session (Windows Terminal Services, Terminal Server, Citrix Server). When you are in the Terminal Session screen you actually work (in other words, you do what your employer pays you for). And here is no problem. But the concern is here: you do all this work from Your Home Computer. This is where you keep your personal information, this is where you do your personal activities (web banking, chatting, personal emails, Internet browsing and more).

Concern/Question:

Can your personal home computer to be tracked/monitored by your employer when you connect to work via Citrix/Terminal Server session?

 Answer:

1. If you do not install any software from your employer
2. If your employer does not have physical access to your home computer (to install some software)

Then the answer is NO. Your employer cannot monitor your home computer. There is no way anything can “jump out” of the Terminal Session Screen and do harm to your computer.

Keep in mind, though:

Your employer can monitor what you do within the Terminal Session screen.

Employee monitoring software WorkTime – www.worktime.com

Monday, Feb 10, 2014

Citrix/Terminal Server monitoring

How to monitor Citrix/Terminal server

Depending on the task you need to solve you can choose different third-party software to monitor Citrix Server (or Terminal Server, Windows Terminal Services). If you are looking to monitor Internet usage (web-sites visited), documents and applications usage (including published applications) for every user you can try WorkTime Corporate software (http://www.nestersoft.com/worktime/corporate/user_activity_monitoring_terminal_services_citrix_server.shtml) 30 days free trial - all features, unlimited users.

Computer monitoring -

looking for a "common sense" line

Abstract

Computer monitoring from an employer side: reasons, goals, law, ethic.
Why would employers monitor computers?
How to be reasonable, when monitoring computers?

Computer monitoring from an employee side: employee rights, how to behave if being monitored, how to protect yourself.

Employer side

Reasons

Computer for an employer is one of many resources required for the business and, of course, an employer might want to monitor this resource. Why?

In general, there is just one main reason, why employers would decide to monitor computers: employers want to improve (or to optimize) work processes in the company. To achieve this, employers need to know how company's resources are used.

In particular, employers have many different reasons to monitor computers, like, for example: employers might want to improve employee attendance, reduce overtimes, minimize Internet usage, optimize software usage, minimize times when computers are on, but not used - of course, this list is not complete. And all of it looks good and simple until it comes to employee monitoring. Employers want to monitor their resources - fair enough. Employees are also called "resources" in project management tools, but they are not really, that is why computer monitoring is not that simple.

Under normal circumstances, speaking of employee monitoring aspect, employers want to be sure that employees work good enough. If a company is that big so an employer simply does not know every employee or if a company has remote sites/departments, then reasons to monitor employees are pretty natural and understandable. In small teams, when an employer knows every employee personally, monitoring also can be helpful, but it can easily turn into a micromanagement issue.

Goals

In general, an employer expects everything and everyone to work the best way - and this is the main goal.
In particular, there could be the following goals, fore example: to save on electricity (computers should be off if not used); to minimize software related expenses; employees should be at work on time; Internet should not be used more than allowed - there could be many other goals.

Speaking of employee monitoring, employers want everyone to do a good job. To achieve this goal, employers want to know employees, who spend too much time browsing the Internet or doing other things, not related to work, or employees, who spend too much time away from their computers and they really should not, or employees, who are constantly late and leaving too early. Under normal circumstances the most important words in this sentence are "too much" and "constantly", because all we are human. And a good employer always understands this.

Law, Employer rights

In general, employers have their right to monitor their property: computers, for example. This is the way for employers to protect their business. Before implementing computer monitoring in the company, make sure you do not violate any local law. Usually this is enough to get everyone signed off, but it always good to check with professionals.

Ethic

A good employer understands, that all rules at the workplace should be clear to everyone, especially rules about monitoring. Not all people would accept something like that. And, unfortunately, the more talented employee is, the less chance he or she would accept an idea to be monitored.

To avoid any ethical issues, communicate to your employees.

Explain your reasons and goals

Do not only notify generally your employees that there is computer monitoring in the company, but also explain all reasons and goals, why computers are being monitored. This shows your respect to the employees and helps them to accept monitoring as a necessary business tool.

Be detailed in your expectations

Provide a clear list of all expectations, like, for example: employees are expected to access Internet for their personal needs not more than for 30 minutes a day, or employees are expected to work with a computer for at least 4 hours per day (in average), etc. This gives more understanding to employees and definitely helps to reduce tension. Define everything to details, so everyone is clear and feels confident.

Respect your employees and their privacy

When defining monitoring policies, stay business-related, do not bring in any unnecessary restrictions. Every rule should have a good reason.
Do not prohibit any personal usage of company's computers. Just limit the time.
Do not monitor keystrokes and screens. Employees might access their web-banking accounts or write personal messages.
Do not track how often employees press keys. Before pressing correct keys, people should spend some time thinking.

Make this no secret

The sources where you state monitoring policies should be easily accessible and obvious (the 25th page of some addition to the company's policies would not be enough).

A common sense line

You, as an employer, you want to create a healthy environment in the company.
You want to attract as many professional employees as possible and you want your employees to do a good job.

Before you go for computer monitoring, you really need to be clear why are you doing this. Define your reasons and goals, keep them business-related. At first you need it for yourself.

After you decide to monitor computers, educate your employees. State clearly all computer monitoring policies in accessible and obvious sources. No doubts, that as a very good employer, you will remember the main thing: all we are human, so the rules should not be against our human nature. You don't have the goal to nail every employee, you want to be reasonable, all you need is to be sure that your business is protected and everyone does a good job. If your reasons for monitoring are business-related and monitoring policies are not impossibly strict (if, for example, you do not prohibit any personal Internet usage), then your employees will most likely accept computer monitoring with understanding.

And of course, computer monitoring is not a panacea and a good employer knows that.

Employee side

If you are being monitored

Computer monitoring, no doubts, might create additional stress and tension at the workplace. With the current financial situation, employers tend to monitor computers more often. Answering certain questions helps employees to find the most suitable decision. And there are things to understand, like, for example:
- Is computer monitoring business-related?
- Are computer monitoring policies reasonable?
- Is there some room for your privacy?
- Is there any time allowed to use company's computers for personal needs?
- Does computer monitoring in your company look like spying (catching keystrokes, screens can be considered as spying)?

Employee rights

In general, employers have the right to monitor computers and this is not restricted by the law. But this may vary depending on the country, state, union. If you have concerns, you can always get a professional consultation about your local legislation.

A common sense line

If you are a very good and professional employee and if you do a good job, you might find the idea of being monitored not very fair and even offensive. But you always need to remember that the worse financial situation is, the more chance that your employer would monitor computers. If you work more than speak of it, managers might not know that you are a good worker. In this case computer monitoring can be very helpful.

If you do not want to be monitored, before you are going to deny it, read company's computer monitoring policies very carefully, so you clearly understand everything. The policies might not be that strict and unfair.
If you do not mind to be monitored, you still need to educate yourself.

Summary

Employers and employees can benefit from a computer monitoring; all what is needed to find the right balance - a common sense line.

NesterSoft Inc., Jul 04, 2012
Computer monitoring software WorkTime

Ubuntu - protecting against "slow" DoS attack on apache2 web-server (defend from Slowloris)

Yesterday I've discovered some sort of attack on our web-site.
Some sort - because most likely it was caused by misconfigured client, but nevertheless it effectively put the web server down.



Effect
Ubuntu server 8.04 LTS, Apache 2 webserver.
Server works without any problems - you can ping, connect via ssh, FTP, receive or send email, etc, CPU load is minimal and absolutely not suspicious, but webpages are extremely slow and most of the time will not open at all.


Log ( /var/log/apache2/error.log ) shows single line:
[Wed Feb 03 12:44:00 2010] [error] server reached MaxClients setting, consider raising the MaxClients setting

Indeed, there were 150 (default maximum limit in Ubuntu) apache2 processes started, so no new connections can be made.

Site access-log shows frequent requests every few seconds from the single IP:

[03/Feb/2010:12:46:01 -0500] "GET /download/timeleft.exe HTTP/1.1" 206 ..
[03/Feb/2010:12:46:03 -0500] "GET /download/timeleft.exe HTTP/1.1" 206 ..
[03/Feb/2010:12:46:03 -0500] "GET /download/timeleft.exe HTTP/1.1" 206 ..
[03/Feb/2010:12:46:05 -0500] "GET /download/timeleft.exe HTTP/1.1" 206 ..
...



What happens
Most likely client was trying to download EXE file using some misconfigured downloading tool over the very slow network - it starts downloading, then abandons the thread and starts next.
On the server side - new process is started to serve client request, and pretty soon client request count exceeds maximum. Default client count is 150 and timeout is 300 seconds, so even 1 request at second will completely overload the server in less than 3 minutes.

This is absolutely the same tactics which is used in the "Slowloris" HTTP DoS script (I will not publish a link on it here) which is used to slow down Apache web server (IIS and ASP are not affected - which is quite a surprise, but it's only because of different design - non-threading). You can find more information about Slowloris in the Google. In short - this is very easy way to disable a webserver, and quite dangerous because it doesn't require powerful computer and fast connection (which are needed for the "ordinary" flood attack) - even started from inside virtual machine over quite average cable internet connection - it locks quad-core Ubuntu server with 4Gb or RAM!



Monitoring
Quite simple - monitor number of running apache2 processes and trigger some action (send email, etc if it reaches your apache's MaxClients value).
This command returns number of active connection (OK, number+1, grep is counted as well ;) )
ps aux grep apache2 wc -l



Prevention
1. Short-term prevention - restricting client using firewall. Example using iptables:
iptables -I INPUT 1 -s 55.55.55.55 -j DROP
Where 55.55.55.55 - is attacker IP address.
This adds first rule into the chain to drop all packets from the given IP. Just don't put your IP there - you won't like the result.

2. Tuning MaxClients value. In general, do not increase it to more than:
(Total Memory - OS memory) / Apache process size.
Check apache2 process memory with ps aux. See column RSS (size in kilobytes). So if you have 2Gb of memory and average apache2 process (without much modules, php, mysql, etc) takes 5Kb, then maximum client count should be ~ (2048-250)/5 = 360.
Increasing is more will cause going into the swap space, and performance will degrade dramatically.
However keep in mind that increasing MaxClients will only postpone, not fix the issue.

3. Restricting number of connects from one IP address using firewall - for example using recent module. I really could not make it working, and playing with the firewall on production system is not the best idea, so I skipped this part. (If you have the solution - please let me know)

4. Restricting number of connects from one IP address using mod_qos module for Apache.
Install prerequisites:
apt-get install apache2-threaded-dev gcc
Get mod_qos from sourceforge:
wget http://downloads.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.7.tar.gz?use_mirror=iweb
Unpack:
tar xvfz mod_qos-9.7.tar.gz
Compile and install:
cd mod_qos-9.7/apache2/
apxs2 -i -c mod_qos.c
When compiled - new library should be created in /usr/lib/apache2/modules/mod_qos.so
Make sure pemisions are rw-r-r: chmod 644 mod_qos.so

Now setup this module in Apache:
Create two files in /etc/apache2/mods-available/directory:
qos.load:
LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so

qos.conf:
## QoS Settings
<ifmodule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1000
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</ifmodule>
 
Enable module and restart apache:
a2enmod qos
/etc/init.d/apache2 restart

That's it!

How to monitor employees work from home

To monitor your working at home employees, you can use third-party employee monitoring software. Such software automatically records what employees do on a computer during their working time.

The situation of monitoring employees' work from home might look a bit to difficult technically, but it all depends on how you organize it. For example: an employee works on its own home computer, how to track employee' work on it and nothing besides work?

How to organize monitoring:
1. Remote Desktop (Citrix, Terminal Server)
If your employees work at home, connecting to the company's working environment using Citrix/Terminal Server, you can simply install third-party time tracking software on the company's server side. And in this case the software will monitor employees under Citrix only (in company's environment only). So, under this environment employees have to work only and you, as an employer, have your right legally to monitor everything. And at the same time your employees are secured: if they want to access their web-banking from their home computers using their own Internet access - no problems, you will never even see it, as the time tracking software has no access to employees' home computers.

So, the solution in this case is:
- Installing employee monitoring software on the company's Citrix/ Terminal Server;
- Educating your employees, when working from home not to use Citrix environment for their personal needs.

How employee monitoring software works: it launches automatically in the background as an employee connects to the Citrix/Terminal Server environment, it works invisibly to the employee, automatically recording user name, applications, documents, Internet usage and times.

2. Company's laptop
If your employees work at home, using company's laptop, you also, as an employer, have your right to monitor your property usage. Just install third-party employee monitoring software on your laptops.

So, the solution in this case is:
- Installing employee monitoring software on company's laptops;
- Educating your employees when working from home not to use company's laptops for their personal needs.

How employee monitoring software works: it launches automatically and works invisibly to employees, automatically recording user name, applications, documents, monitoring Internet usage and times. When laptop is connected to the company's network, employee monitoring software automatically sends recorded data to the centralized location.


3. Employees' personal computer or laptop.
If your employees work at home using their own home computer or laptop (no Citrix or Terminal Sever), then you can request your employees to install third party time tracking software right on their home computer, laptop. To secure your employees privacy, you can educate employees to setup the software to track selected applications only or to start the software only when employees actually work for the company and stop it when doing other things.

So, the solution in this case is:
- Installing employee monitoring software on employees' personal home computers, laptops;
- Educating your employees as proposed above.

How employee monitoring software works: it automatically records user name, applications, documents, Internet usage and times. Then recorded data can be automatically sent to the centralized location using FTP connection or employees can simply generate reports and submit them to you over email.

NesterSoft Inc., Jan 19, 2010

Is it possible to monitor employee’s laptop while working from home?

I work on company's laptop. Can my company track time on it?

The situation
You work on a company's laptop. You have this laptop with you at home and in your business trips. And of course, you do not always work on it. When you do not work, you might want to use it for your personal needs, like browsing the Internet, accessing your online banking or your personal emails, chatting, playing games. This is all OK if you are done with your work duties for today. But there is a big concern that you have.

Your concerns
So, the concern is: you use company's laptop for your personal needs; can your company track time, Internet usage, software usage, basically anything on its laptop?

The answer
Yes, your company can track time, Internet usage, software and documents usage on its own laptop – see monitor laptop employees

At first, your company is legally allowed to do it.

Your company can technically track its laptop using third-party software in the following cases:

1. If at the moment when you receive your laptop there is software installed already. There already can be some time tracking software installed.
2. If you ever physically connect your laptop to the company's local network. When you login to your company's server, some software can be installed automatically; many companies have this process centralized. You might not even notice as installation can be "quiet".
3. If you ever connect to the company's network using VPN. This is just another way to connect to the company's local network. So, see the item 2.

Using time tracking software your company can record the following information:

1. Computer monitoring – Computer related activities – login, logout time, usage interval;
   
2. Software usage monitoring - software usage, documents accessed;
   
3. Internet monitoring – web-sites visited.
   
4. Time spent on each of these tasks.
   
5. User login names.


6. Screens, keystrokes, emails or chats content.

Your company cannot technically track its laptop using third-party software in the following case:
If you install only Microsoft software, if you do not install any company's or third-party software, if you connect to your company's work environment using Terminal Server, Citrix server, Remote Desktop or VNC connection – then it will be not possible to monitor your laptop using some third-party software.

Your company can monitor Internet usage with some hardware, if you use company's Internet access. Just in this case it is not possible to see time spent on each web-page.

NesterSoft Inc., Nov 06, 2009

Toronto Swine Flu (H1N1) hysteria

Outside Etobicoke City Hall, Sat Oct 31, 2009, 11:20am

Public is really risking to catch cold (Weather: Overcast, +12C, Wind 41km/h, Wind gusts: 65km/h, officially issued Wind warning for the City of Toronto) in a several-hours wait hoping to get a Swine Flu vaccination.

Following broad media coverage of the alleged “H1N1 pandemia” people line up for the vaccination. Crowd looks upset and scared, general atmosphere is near-panic. There are more than a dozen security guards, 2 police cruisers, and two police officers are walking around. CTV news is conducting interviews.

Some statistics: Previous SARS epidemic was a “probable case“ of 44 deaths in 2002 - 2003. At the same time traffic accidents in 2003 caused 2,778 deaths.