FIELD OF THE INVENTION

This invention relates to communication and data networking equipment in particular but not limited to a computerised business method and device for monitoring data packets within a network, logging and reporting of data packets or the particulars thereof for use as a productivity tool to be used by both management and staff, and in the management of and compliance with an Acceptable Usage Policy.

BACKGROUND OF THE INVENTION

The Internet is a necessary part of life and modern business in providing low-cost access to information. It is a highly effective means of communication and provides the ability to respond quickly to customer issues and competitor strategies. Indeed, few companies can remain competitive without involving the Internet in today's business environment.

With the Internet becoming both rich in multimedia content and addictive in design, a problem is developing in the workplace. For example, the increase of bandwidth speed on the Internet has resulted in the prevalent inclusion of video rich content. Users are tempted to interact with each other through social networking sites and facilities such as 'instant messaging clients'. The new generation of Internet users often have a combination of work and personal email addresses from vendors such as Google, Hotmail, MSN, Yahoo, etc. This is further complicated by a myriad of website memberships for a wide variety of interests, including interpersonal networking, sports, arts, movies, dating, cars, and many others. With the wide scope of content available on the Internet, no matter how obscure a subject matter is, there is a fair chance that it has a website and a cult following. Such wide variety creates temptation for improper Internet usage in a workplace context. For example, employees seek to maintain personal relationships on social networking sites such as Facebook, MySpace or Tagged; often run 'instant messenger clients' such as MSN Messenger or Yahoo Chat, and are also tempted to check the football scores or browse for bargains on Internet shopping or auction websites such as EBay. Feedback from employers and organisations suggests that employees in general cannot regulate their use of, or abstain from non work related Internet usage.

The Internet is thus used for both work related and personal activities. Legitimate work related access such as research, networking and communication is often supplemented with personal activities such as 'surfing' and socialising, resulting in an overall decrease in productivity. Recent research estimates that Internet misuse costs Australian businesses in excess of AUD $5 Billion per year in lost productivity (Information Week, Australia, August 2007), while another survey reports that almost forty per cent of Internet browsing at work is personal (Tom Young, www.computing.co.uk, September 15, 2006). UK research found the average office worker does just 4 hours productive work a day, costing approximately £140 Billion per year (Daily Mail Online April 21, 2008). PandaLabs research estimated personal use of the Internet at one hour per day, accounting for an estimated £200 billion in lost productivity in 2005. (Reference: vnet.com, September 15, 2006) Further, the Internet activities of employees may expose employers to potential legal consequences for illegal activities such as viewing (child) pornography, or downloading pirated music or movies. The details of what constitutes acceptable and unacceptable usage in an office environment are rarely expressed or explained to employees, and if expressed, rarely before the employee is facing disciplinary action for unacceptable use.

One proposed option is to simply introduce a blanket rule banning Internet use during work hours. There are however too many advantages to making the Internet available for work purposes for this to be a practical solution. There is therefore a need for employers and organisations to be able to implement rules and controls within the workplace environment, analyse employee Internet usage data, manage usage and set an appropriate Acceptable Usage Policy accordingly.

Presently, employers that do take steps to monitor Internet usage often take a heavy handed approach, such as blocking all access or firing employees detected accessing a forbidden' website. These employers often face a backlash from staff, resulting in an erosion of office morale. Employees are especially sensitive to the idea of a manager monitoring their minute-to-minute activities; however most accept that certain usage is not appropriate in an office context. An amicable balance can be struck between the employer and employee to create an Acceptable Use Policy to codify what Internet usage is acceptable and what is unacceptable in a work environment.

Similar problems have been faced in the past with telephone usage. One solution was to install a 'switchboard' between the employee's phone and the outside world. Both incoming and outgoing calls passed through this switch and a switchboard operator logged the details. The logs produced could be inspected by a manager and if calls by a certain employee provoked suspicion, the issue could be investigated and remedied. More recently, itemised bills were introduced for telephone companies that effectively perform a similar function over a longer timeframe. Other electronic solutions have also been explored. A firewall is a hardware or software solution which enforces preset security policies to prevent unauthorized electronic access to a PC or networked computer system. When correctly configured, a firewall will only allow authorised packets of information through, while blocking all other packets based on a static set of rules or other pre-defined criteria. Most home computer users are familiar with basic firewall software that is often pre-loaded on modern computers and the requests initiated by the software to allow or deny access to a program. Users are rarely educated regarding what should be allowed or blocked, or what a particular request relates to. Many users either automatically confirm access, potentially authorising a dangerous program, or alternatively deny access turning off useful features of programs or system processes. In a business context, such frequent reminders slow productivity in addressing the same security issues of a home system. Business users operating within a pre-configured rule set are sometimes unable to allow access to time- sensitive information due to policy or procedural restrictions, or lack of IT experience or education. Poorly configured firewalls often provide a false sense of security for employers. A web filter is a content filtering device or software which can be programmed to block access to particular websites that have been pre-identified on a 'blacklist' as likely to compromise security, or by only allowing pre-identified content with reference to a 'whitelisf. They often work by blocking or only allowing access based on individual IP addresses or address ranges. Some web filters also block specified applications, such as MSN Messenger or Skype, specified file types, such as .exe executable files, or a by comparative reference to a search list. Nearly three million websites are added to the Internet every month (Netcraft November 2008). Blacklists of suspect sites usually grow at a similar rate, providing an exponential decrease in processing speed as each file is compared to the list in its entirety. An average Internet user only visits approximately ten (10) to twenty (20) websites in any given day. Web filters usually introduce unnecessary delays in network access to the Internet as they continually compare data content to 'blacklists', "whitelists', and / or banned keywords. Further, unacceptable content that is not found on a blacklist, for example websites not flagged as inappropriate, or not found on a poorly updated blacklist, will be allowed through. Similarly, acceptable content that is included on the blacklist, omitted from the whitelist, or some of the content is included in a banned keyword list will be blocked. Many businesses use a third party black / white //sf to save the time and expense of configuring their own list that is likely not flexible to their particular business needs.

Both firewalls and web filters have the potential to create employee resentment and erode staff morale if implemented harshly in the workplace. Further, they are technical blocking solutions, and to be effective the IT manager must know what to block and the device must accordingly be configured correctly. Incorrectly configured systems on the other hand, often build a false sense of security for the system or a false sense of trust in employees.

In summary, current solutions to the abovementioned problems include one or more of the following disadvantages. They are static technical solutions; they require technical installations to operate correctly; they include multiple hardware and software components of a technical configuration; they require training to use, install and maintain; they have a high overall cost; they may be influenced by technical people to disguise their own use; and for the most part they are only designed for large enterprise organisations. In one application, there is a need for employers to analyse employee Internet usage, and to manage employee Internet access through the use of organisational policy. Creation, maintenance and enforcing compliance with an Acceptable Usage Policy is aimed to improve business productivity and decrease the time and financial costs associated with Internet misuse without causing a significant decrease in staff morale. In a domestic environment there is a need for parents to monitor Internet access and allow through only appropriate content.

OBJECT OF THE INVENTION

It is the object of the invention to ameliorate some or all of the above disadvantages of the prior art, or at least provide the public with a useful choice.

STATEMENT OF INVENTION

In one aspect the invention resides in a computerised device for monitoring, logging and reporting of data packets detected within a network comprising in combination, data packet detection means (or 'packet sniffer'), adapted to monitor data packets passing between a first and second network device, a physical controller, adapted to store and retrieve data from a database and the data packet detection means; a database for storing the data packets or the particulars thereof; a database management system for logging and recording the data packets or the particulars thereof in conjunction with the data packet detection means, physical controller and database; reporting means incorporated into the database management system for the generation of reports regarding data stored in the database or otherwise generated; a user interface adapted to give the user control over the database management system, the user interface further adapted to display output from the reporting means; wherein in use, the device herein described is incorporated into a digital network environment, such as a small business or home network, and located between two network devices, such as a network router and external modem, wherein data packets from the first network device are monitored and recorded by the data packet detection means, and forwarded to the second network device and wherein the physical controller, database management system and report generation means are utilised to record the data packets or particulars of the data packets so monitored and to generate reports based on pre~ defined criteria or logical rules set by the user through the user interface, logically expressed through the user interface.

Preferably the data packet detection means consist of one or more network devices, such as a commercially available Local Area Network card.

Preferably the data packet detection means monitors data packets passing along the network in both directions between the two network devices, for example, monitoring both upload and download network activity.

Preferably the data packet detection means monitors every data packet passing along the network between the two network devices.

Preferably the data packet detection means monitors data packets passing along the network between the two network devices in real time.

Preferably the data packet detection means, in conjunction with the physical controller, only analyses a data packet's header layer or equivalent (for example an IP header) for the purposes of increasing processing speed, and preventing the storage of potentially private or privileged data contained in the body of the data packet.

Preferably, the physical controller comprises in combination a central processing unit, random access memory and a motherboard. Preferably the database comprises a physical non-volatile storage medium, such as a hard drive, and a logical relational database structure, such as a Comma Separated

Values (CSV) data structure.

Preferably the database management system is an open source database management system such as MySQL.

Preferably the database management system may apply logical rules to the database to deny further transmission of data packets based on set criteria, said criteria preferably based on an Acceptable Usage Policy.

Preferably, the logical rules applied may deny further transmission of data packets on the basis of port number, effectively blocking internet access to a particular application.

Preferably, the logical rules applied may deny further transmission of data packets on the basis of source or destination IP address, effectively blocking internet access to a particular server, website or user.

More preferably the logical rules are applied distinctly to different user configurations, to monitor, and preferably allow or block data packets applying a discrete set of logical rules for a particular user destination or source IP address. In a preferred example wherein the device allows for the termination of data packets, preferably the database management system only stores information about data packets that are on-sent to a second network device to improve efficiency.

Preferably the report generation means incorporated into the database management system generates a report containing data accurate to the previous minute.

Preferably the report generation means incorporated into the database management system generates a report based on logical rules relating to specific particulars of the data within the database such as source or destination IP address, port number and or time the data packet was intercepted.

Preferably the user interface may allow for the configuration of different users of different access levels.

Preferably, the user interface may allow restricted access for individual (non administrative) users to request reports and view the reports generated from their request or otherwise without the ability to modify the logical rules.

Preferably the user interface may allow for the implementation and application of various sets of logical rules with respect to different user configurations.

Preferably the user interface is accessible by a web browser, for example Microsoft

Internet Explorer, Firefox or Safari. Preferably the user interface does not require a high standard of background or technical knowledge to utilise.

Preferably the reporting means may output a report for delivery to an email address. Preferably the device further comprises a network bypass, such that the device will not restrict data packet flow through the network in the event of a power failure.

In another aspect the invention resides in a computerised business method for monitoring data packets within a network, utilising the computerised device substantially as herein described, the method comprising the steps of, installation and configuration of the said computerised device for monitoring data packets within the network, analysis of data packets detected, and generation of reports regarding the data packets detected, wherein the reports assist in the creation of an Acceptable Usage Policy, and in the on going maintenance and revision of the Acceptable Usage Policy, and in enforcing compliance with the Acceptable Usage Policy by identification of Internet misuse by users.

Preferably as variations to the device are made, the above method may be used to assist in enforcing compliance with an Acceptable Usage Policy by the additional step of configuring the device to block the transmission of specific data packets in accordance with applied logical rules, for example blocking all data packets addressed to and from the IP address of a website (for example www.facebook.com) deemed unacceptable by the Acceptable Usage Policy.

Preferably the above method may include the additional step of individual users generating reports and monitoring their own Internet usage in self-compliance with an

Acceptable Usage Policy.

Preferably such an Acceptable Usage Policy is clearly expressed to the user prior to enforcement, and suitably adapted to the unique individual situation tailored with regard to usage information generated by the device herein described.

In a preferred example in a home or business environment, an Acceptable Usage Policy may define between what hours internet usage is allowed, or what web-sites are not permissible, said policy to be enforced by blocking data based on logical rules, such as blocking specific applications by port number, or IP addresses within a defined time period.

BRIEF DESCRIPTION DRAWINGS In order that the invention may be better understood and put into practical effect, reference will now be made to the accompanying drawings wherein,

Figure 1 shows a diagram of the architecture of the computerised device according to the invention.

Figure 2 shows a diagram of the device of Figure 1 in use depicting data packet flow within a local area network.

DETAILED DESCRIPTION OF THE INVENTION

Referring now to Figure 1 there is shown a diagram of a preferred architecture of the computerised device for monitoring, logging and reporting of data packets within a network according to invention.

With reference to the Physical Layer (10), there is shown data packet flow (12) or network traffic from a first network device (not shown) to a second network device (not shown) through the data packet detection means (14). In a preferred embodiment of the invention, the data packet detection means (14) will monitor data packet flow (12) in both directions as shown. The physical controller (16) in association with the database (here depicted incorporated with the physical controller 16) processes the data gathered from the data packet detection means by applying the Logical Layer (20). With reference to the Logical or Business Logic Layer (20) there is shown the logical business engine (22), where logical rules are applied and processed, and the user interface (24), where a user may interact with the logical business engine. The core of the logical business engine is the Database Management System (DBMS) (26). The DBMS determines the logical process applied by the physical controller to processes data. The DBMS on a logical level organises and retrieves data in the database for comparison, processing or storage. Logical rules are applied to the DBMS to be carried out by the physical controller (16) to determine what data is monitored and in a preferred example, blocked or allowed. If the DBMS instructs that a data packet be blocked, the data packet will not be forwarded to the second network device (not shown). In a preferred embodiment of the invention instructions may be applied directly (28) from the user interface (24) to the physical controller (16). Such direct application of logical rules allows for the immediate application of said rule, whereas application of a logical rule to the DBMS may be applied or processed at a later time. The reporting means, shown here as incorporated into DBMS (26) may process a query to extract particular data from the database, to be expressed in a logical form (such as comma separated value data), and output to the user interface. Such a query may be generated from logical rules defined in the DBMS, or by instruction from the user interface. For example, a logical rule may output a report every hour containing the particulars of data flow over the previous hour. In another example, a user may, through the user interface, request a report of number of times a particular IP address was accessed over the previous week. The user interface (24) includes the output from the reporting means (30), an interface for setting logical rules (32) to be applied to the DBMS or physical controller, and where appropriate output from a logical rule (34). The user interface may take any appropriate form, including an email to a specific address, a web page, or client side application. In accordance with the method as herein described, reports generated (30) may be analysed to assist in the creation, maintenance and enforcement of an Acceptable Usage Policy. The Acceptable Usage Policy will define at a business level what constitutes acceptable usage, to be applied to the device as logical rules through the user interface (24, specifically 32).

In preferred example in use, a data packet will be monitored from the data packet flow (12) by the data packet detection means (14). The physical controller (16) will analyse the particulars of the data packet and compare them, using the logical DBMS (26), to existing logical rules. If the data packet meets the criteria set according to those rules, the particulars of the data packet will be logged in the database and the data packet will proceed onto the second network device (not shown). Preferably, if the data packet does not meets the criteria set according to those rules, the particulars of the data packet will be logged in the database and the data packet will be terminated, that is it will not proceed onto the second network device. Preferably where applicable in such a situation, notification (36) of this will be sent to the user interface or first network device, for example instructions to display a 'blocked content' web page.

Referring now to Figure 2 there is shown a diagram of a preferred example of a computerised device and method for monitoring, logging and reporting of data packets within a network according to invention, in use within a network. The diagram depicts the device of invention (2) incorporated into an internal network (38) between a first network device (4, 6) and a second network device (Q, 4). Data packet flow (12), or network traffic through the network is depicted in this preferred example to show all network traffic between the internal network (38) and the external network, or Internet (8) processed through the device of invention (2).

In use, the network traffic (12) is analysed by the device utilising the process described above. In this preferred example, the DBMS (26) will only log and store particulars of data packets that are allowed (40) by the logical rules with the aim of improving efficiency. Further in this preferred example, data packets that are blocked (42) will not proceed through the device to the second network device (6, 4) and notification of such

(36) this will be sent to the user interface or first network device (34). The diagram further depicts an example report (30) of output from the reporting means. In use such a report may be used according to the method described herein to assist in the creation, maintenance and enforcement of an Acceptable Usage Policy.

VARIATIONS

It will of course be realised that while the foregoing has been given by way of illustrative example of this invention, all such and other modifications and variations thereto as would be apparent to persons skilled in the art are deemed to fall within the broad scope and ambit of this invention as is herein set forth.

Throughout the description and claims in this specification the word "comprise" and variations of that word such as "comprises" and "comprising", are not intended to exclude other additives, components, integers or steps.