My small business is remote and uses Satellite internet services. My crew of 12 shares the connection.
The ISP imposes a 5 gig download limit per week which we periodically exceed. This results in being throttled back for some period of time until we get back under our rolling 7 day cap.
I use OpenDNS which is great for blocking most video streaming, internet radio, etc. But there are sites that it does not cover and other ways around these limits and we hit our cap again.
What I'd like it a way to register the devices my employees use by Mac address (or IP if I can bind Mac to specifics IPs) and limit each to some realistic subset of that total limit by day or week.
When an individual device meets its limit, it gets cut off.
How cool would it be if employee Bob's combined usage could be limited. Only when his usage on his laptop, his iDevices, and his wifi enabled barbecue exceed his allotment would all his devices go dark.
We often have a bad week when a new iOS updated is released and everyone tries to update at once. Any way to cache that sort of thing?
Seems like a complete solution will involve multiple strategies.
You are going to have to insert a firewall type device in the path. The key difficultly here is that you need someplace to store data over longer periods of time. You need a device with a hard drive.
There are some very expensive boxes put out by bluecoat or F5 that large companies use but you best bet is to build your own.
There are a couple of ubuntu images with most the tools preinstalled. These are intrusion detection prevention loads of firewalls. They have a number of tools to limit the usage of users. To solve the caching thing you may be able to run a transparent proxy.
The main disadantage to the free stuff is you have to learn how to configure it and integrate all the part yourself. What you are paying for mostly in the commercial appliances is the integration of these tools, the actual tools work very similar to the free ones.
Your first step may be to try to manually control this. If you can load your router with dd-wrt there is a feature called netflow that will export data to another machine that will let you run reports. Sometimes just telling people that all traffic is logged will reduce the abuse.....well for a couple of days at least until they figure out nothing happens to them.