No More Unrestricted Internet At Work 797
Schlemphfer writes: "You can forget about using private email or surfing the web while at work if these bozos have their way. And judging by the Reuters article, it looks like they might. Basically what they're doing is trying to scare senior management into thinking that allowing employees unrestricted use of the net will cripple a company with viruses and lawsuits."
It's about control... (Score:5, Informative)
Additionally, all mail is screened against the server's pattern file, which tries to update itself hourly. If sometimes passes through mail, it'll be found if on a server, and the client software, which updates its pattern file upon logon, will find things as they're opened.
All with unnoticable performance difference. We haven't had a virus infection in a LONG time now.
Worms like Nimda are a bit more annoying, but we take things like this seriously, and by doing so, avoided Nimda and others completely.
=====
As for net access, we do run reports on the proxy logs occasionally. Employees understand that they have little privacy in the workplace and that if we see them goofing off (except for after hours or at lunch), they do get an email regarding it. But we haven't had to do that in years. They more or less behave, because we trust them and they trust us.
-----
Limited resources (Score:2, Informative)
I am the system administrator at a college here in Australia and if we did not filter/limit the kids access to the internet then all the bandwidth on our (meager) internet connection would be soaked up by kids wasting time on MUDs, IRC, HotMail, Chat, Online games, Warez sites, and other such activities, and the staff and students who actually try to do some work (research/E-mail etc) would have a hell of a time trying to get anything done.
So whilst I agree that private use of the 'net should be allowed, there is limits that need to be put on WHAT private use is allowed. Not only to free up the bandwidth for legitimate uses, but also free up computers for thos that wish to work rather than just waste their time...
technical solution to a people problem (Score:3, Informative)
Having said that, there is indeed a need for increased security awareness in many companies. Buying more gear isn't really that cost effective though. Educating your people and letting them know the expected behaviour is better. This includes increasing the Cluedness of manglement so that they are aware of what their people are doing. If someone feels a need to surf pr0n all day instead of doing their job, your problem is not giving them access to pr0n. Why not find out why people are doing it instead of working?
If you've got people using decent passwords that they don't put on PostIt notes on their monitor; if your network techs are using ssh instead of telnet to configure routers; if every two bit middle manager stops demanding to be an exception to all the rules; and if you still have security issues, then maybe you can start looking at more drastic solutions. Security must be holistic, and more often than not it's more a business process issue, not a purely technical one.
Lastly, I've been at sites with really tight access policies that were easy enough to bypass for someone in the know. If there's any outbound access permitted, there's a way to bypass the security. So go ahead and implement this stuff. If I really want to get past it, I probably can.
But then, I've got better things to do with my time than surf pr0n at work, so when I say I need ssh access outbound, I actually do. Don't stop me doing my job by implementing some half-assed pseudo-security solution. Better yet, hire me to do it right! ;-)
Re:Whatever (Score:2, Informative)
Yes, you are being paid for your time by the company. But it is the companies job to make sure that you are happy, unstressed and relaxed while giving your time - otherwise they are a slave driver, tying you to your desk for every last bit of that 8+ hours. And if they are a slave driver, the slaves are unlikely to be productive, produce good work, or hang around long.
For employees to be productive, they must be happy, to make employees happy they must be relaxed, to relax tech employees you have to give them some leeway in what they do online.
The golden rule is - as long as the job gets done, in the time you said you would do it, then the employer shouldn't care when exactly in that time period you did it.
Re:Yea, dont want any WORK happening. (Score:3, Informative)
So the internet lowers productivity by 25% just by connecting to it. Anyone with any brains at all would pull the plug.
Maybe you don't remember time wasting activities in the pre-internet era. Things like: wandering the plant on epic donut quests, endless banter with your office mates, reading thick publications like Byte and PC-Week cover-to-cover, writing video game emulators, calling all of the car stereo stores in the Yellow Pages looking for the best deal on an in-dash cassette player, and countless others.
I'm guessing that Internet usage has cut into the above activities more than into real work. In my case, I think the amount of off-topic time I spend at work has remained roughly constant over the last 15 years. (And it's been more than balanced by work I've done while at home).
Slashdot blocking? (Score:1, Informative)
Unfortunately there's too many proxy servers out on the web for them to block, and any anyone using slashdot knows how to find them
They also try blocking the usual porn sites via Websense [websense.com], but don't block google cache. Also they try block file extensions from email, so you have to ask people to rename that
Just don't ask how much money they've spent trying to half-heartedly implement all this blocking, it would run a small country. However I guess it keeps a skyscraper of IT people in work, and that can't be bad.
Re:It's about control... (Score:5, Informative)
At home I use junkbuster and watch all the unlogged internet there is without ads, too. OpenSSH also gives me access to nntp, smtp, and pop over a secured connection between my office and home.
So before you go off yelling about office proxies and you have dsl or cable connections at home, set something like this up and go the distance.
Lucent now blocks webmail (Score:3, Informative)
However, they have expressly allowed limited personal use of company e-mail.
VPN sucks.
Re:Office e-viruses - "The Microsoft Disease" (Score:2, Informative)
Nice try.
But syphilis is a bacterial infection, not a viral one.
Comment removed (Score:3, Informative)
Re:It's about control... (Score:2, Informative)
Re:What is the problem?? (Score:1, Informative)
Hint - remember yesterday's bull about M$ banning VNC on XP systems? Had Timothy bothered to check the post before accepting it, he'd have realised it was 100% wrong and spared us. but then slashdot wouldn't be slashdot if the "editors" bothered to check facts.
and they expect us to PAY for this?
*sigh*
$30,000 for e-mail filtering software? (Score:2, Informative)
The biggest developments are around email prevention, experts say. Elaborate content filtering software, which can run upwards of $30,000 to install, can block all but the tamest incoming emails, and most attachments, said Trend Micro's Genes.
...
But instituting these new security measures can be a costly and labor-intensive investment, experts say, likely discouraging firms with meager IT budgets from upgrading beyond the status quo. "It's a question of resources," said a spokeswoman at UK-based Sophos Anti-Virus. "If you have one or two guys implementing IT at your organization, it's not going to make much sense."
What a crock... I am a network administrator (and basically the ONLY IT employee) for a small company of about 50 people and using some procmail scripts on our FreeBSD mail server, have been able to accomplish this with probably about 3 hours total of set up time. For those interested, here's a URL to a FREE solution to blocking e-mail attachments based on extensions, filenames, and even content (it can scan for Office document macros). Procmail Security [impsec.org]
Since I've been there, we've had absolutely ZERO e-mail based viruses/worms that penetrated the desktop through our mail server (One did get through but that was through an executive's AOL account...)
So far, most employees have been very cooperative towards the policy and are grateful that they don't have to be so worried when they read about e-mail viruses going around because the server automatically mangles or quarantines viruses that match the ruleset we implemented.
Re:Wasn't yours to begin with.... (Score:2, Informative)