Security Fears Prod Firms to Limit Staff Web Use

Carl Bialik from WSJ writes "Companies are limiting employees' use of free Internet services, such as Skype and video downloading, to protect themselves from viruses, communications traffic jams and regulatory missteps, the Wall Street Journal reports. ABN Amro's global head of strategy and engineering tells the WSJ, 'I'm not allowing Skype because I don't know what it does.' Some colleges and departments at Cambridge University also ban Skype. The limits affect executives as well as the rank-and-file, the WSJ finds: ' "I used to think nothing of checking my Yahoo mail several times a day," says Global Crossing Chief Marketing Officer Anthony Christie. Now that he can't, his long workday makes it hard to avoid using his work email account for personal messages, he says.'"

ssh tunneling

[Rinisari]

As long as it's not against company policy, you could try using SSH tunneling to hit a proxy at home. It might be a lot slower, but you can go anywhere. I've been using one written in Python for six months and haven't had a hitch.

Re:ssh tunneling

[gosquad]

An even easier method of doing this is using the built-in SOCKS proxy in OpenSSH. Simply add "DynamicForward 3000" to your ssh_config file (or use the -D switch of the ssh command). After you connect, a locally accessible SOCKS proxy is then available on localhost port 3000, all nicely tunneled through the server. Set Firefox/Gaim/etc to use this port (be sure to use the SOCKS proxy settings and not HTTP) and you're set.

The Internet is not only for pr0n

[lushman]

As a consultant based overseas, using my client's corporate internet for Skype actually SAVES them a fortune. They would normally pay for the POTS international phone calls we make (VERY $$$$$), but the fact that they allow Skype means that we make all of our calls Skype-Skype without it costing them (or us) anything in call costs. Bandwidth charges are negligible in comparison.

If firms continue to be ignorant about new or alternative technologies then they will continue to be left behind. These savings can be significant over the long term, financially as well as productivity wise. Companies in the future will be split into two categories - those that embrace new technology and those that struggle under malinformed regimes run by beaurocrats who prefer the trusted path, the path of least resistance, over the newer, technologically superior one. I've seen this too many times than I'd care to remember.

Ogg still gets through

[rdfield]

In many places I've worked, MP3 files are blocked at the firewall, but Ogg files are let through. http://www.mvine.com/ streams Ogg music direct to your desktop. And it's free.

Re:This type of admin is the bane of users

[porkUpine]

As a Network Admin I have no problem with our trustworthy users getting access to tools they need. We lock down our network and desktops, and then unblock as needed. Our in-house developers all have local admin rights, and we allow them ability to download tools from the web. HOWEVER, *most* of these guys are smart enough to use Firefox, not download 'weather bug', 'Smiley Central' etc... Now, the vast majority of our users have no such access, because there is no NEED (we allow casual web surfing, but we had to install 100K worth of filtering equipment because our users kept infecting themselves with spyware). Network admins and IT in general need to be flexible enough to allow users to get their jobs done, but still keep the network protected from outside and INSIDE threats... it's tough to balance the two. -PP

Re:This type of admin is the bane of users

[giantsfan89]

The problem here is selective enforcement. Okay, so the admins allow you to run your unapproved application. What if Suzy the administrative assistant wants to run her fav screensaver app? And Jim wants to run Weatherbug so he knows when there's bad weather on his kids in the Midwest? The problem is that machines are locked down to prevent users from shooting themselves in the foot, because if you give them the loaded gun of admin access, they will. Then they start shooting other peoples' feet.

Find out how to get the software approved and do it. Go through the proper channels.

99.9% of corporate users should not have administrative access to their computers. There is no need to.

Re:This type of admin is the bane of users

[crabpeople]

"This means that if something I install causes problems, I have to resolve them or have my box re-imaged. I'm fine with that."

DEvelopers... oh im sure you are perfectly FINE with it, but its not you who has to waste his time re imaging a machine now is it>?

We had one developer join a few months ago. The first day his machine was owned. I said ok, your a dev you have admin rights, be careful, etc.. Reimaged his machine.

2 days later, owned again. So owned it just bluescreens on startup. I say, Ok sorry have to lock down the machine now. Developer complains he cant install shit. Management directs me to give him admin access again. I do and his machine is again owned within a week.

After that i had a talk with management about how much time he was wasting me and now they dont listen to him anymore. Moral? dont just assume 'lalala ill do whatever i want' because when you DO fuck it up (which you will) who has to fix it? me.

Re:Bandwidth always a worry at Cambridge

[zrq]

I work as a software developer for a department at Cambridge.

We are part of a distributed project, with team members in other institutes within the UK and around the world.

We use both Skype and Jabber to collaborate with each other.