No More Unrestricted Internet At Work

Schlemphfer writes: "You can forget about using private email or surfing the web while at work if these bozos have their way. And judging by the Reuters article, it looks like they might. Basically what they're doing is trying to scare senior management into thinking that allowing employees unrestricted use of the net will cripple a company with viruses and lawsuits."

It's about control...

[Magus311X]

At work we have somewhat of an answer to viruses. 20 file extensions including exe, pif, scr, com, bat, vbs, vbe, and others are filtered at the server into a "Quarantine" folder and reports are generated every few hours on it and piped to a line printer for our review. We deal with them from there by either giving them to the employee, or by responding to who sent it with an automagically generated email.

Additionally, all mail is screened against the server's pattern file, which tries to update itself hourly. If sometimes passes through mail, it'll be found if on a server, and the client software, which updates its pattern file upon logon, will find things as they're opened.

All with unnoticable performance difference. We haven't had a virus infection in a LONG time now.

Worms like Nimda are a bit more annoying, but we take things like this seriously, and by doing so, avoided Nimda and others completely.

=====

As for net access, we do run reports on the proxy logs occasionally. Employees understand that they have little privacy in the workplace and that if we see them goofing off (except for after hours or at lunch), they do get an email regarding it. But we haven't had to do that in years. They more or less behave, because we trust them and they trust us.

-----

Re:It's about control...

[smnolde]

And I have control without having to be in the IT department. This is where OpenSSH shines for me. I can set up port forwarding and proxy off my home machine with a cable connection and IT can't see shit for what I'm doing. It all looks like a bunch of telnet and ftp to them, all to one place. So if they are actually monitoring usage by port I'm coming up extremely low on the usage.

At home I use junkbuster and watch all the unlogged internet there is without ads, too. OpenSSH also gives me access to nntp, smtp, and pop over a secured connection between my office and home.

So before you go off yelling about office proxies and you have dsl or cable connections at home, set something like this up and go the distance.

technical solution to a people problem

[justin.warren]

First off, it seems to be security and anti-virus firms that are advocating this strategy, which rings my 'vested interest' alarm bells straight off. The subtext is 'invest more money in security and anti-virus technology to solve this massive problem you're not aware of'. FUD for upper management.

Having said that, there is indeed a need for increased security awareness in many companies. Buying more gear isn't really that cost effective though. Educating your people and letting them know the expected behaviour is better. This includes increasing the Cluedness of manglement so that they are aware of what their people are doing. If someone feels a need to surf pr0n all day instead of doing their job, your problem is not giving them access to pr0n. Why not find out why people are doing it instead of working?

If you've got people using decent passwords that they don't put on PostIt notes on their monitor; if your network techs are using ssh instead of telnet to configure routers; if every two bit middle manager stops demanding to be an exception to all the rules; and if you still have security issues, then maybe you can start looking at more drastic solutions. Security must be holistic, and more often than not it's more a business process issue, not a purely technical one.

Lastly, I've been at sites with really tight access policies that were easy enough to bypass for someone in the know. If there's any outbound access permitted, there's a way to bypass the security. So go ahead and implement this stuff. If I really want to get past it, I probably can.

But then, I've got better things to do with my time than surf pr0n at work, so when I say I need ssh access outbound, I actually do. Don't stop me doing my job by implementing some half-assed pseudo-security solution. Better yet, hire me to do it right! ;-)

Re:Yea, dont want any WORK happening.

[Waffle+Iron]

The studies show people with internet access at work waste 2 hours per day on it.

So the internet lowers productivity by 25% just by connecting to it. Anyone with any brains at all would pull the plug.

Maybe you don't remember time wasting activities in the pre-internet era. Things like: wandering the plant on epic donut quests, endless banter with your office mates, reading thick publications like Byte and PC-Week cover-to-cover, writing video game emulators, calling all of the car stereo stores in the Yellow Pages looking for the best deal on an in-dash cassette player, and countless others.

I'm guessing that Internet usage has cut into the above activities more than into real work. In my case, I think the amount of off-topic time I spend at work has remained roughly constant over the last 15 years. (And it's been more than balanced by work I've done while at home).

Lucent now blocks webmail

[chill]

E-mail went out to all Lucent today -- starting ASAP all access to webmail accounts (HotMail, Netscape, Yahoo, etc.) will be blocked and is against policy. It seems they don't like the threat of viruses getting thru around the normal e-mail checks.

However, they have expressly allowed limited personal use of company e-mail.

VPN sucks.

Comment removed

[account_deleted]

Comment removed based on user account deletion