Every time I've gotten a new management job I've made a point to immediately do three things:
1) Draft an acceptable use policy 2) Draft a development policy 3) Draft a security policy
#1 had all the usual disclaimers (we (the company) own the computers, etc., etc.). Even if you don't like them on the surface they at least give you the legal right to punish them for being script kiddies, using up bandwidth for porn (ie blocking the admin from getting his porn), etc... and, if you properly craft a MOTD and/etc/issue (/etc/issue.net) and incorporate into your policy doc you can legally monitor, insult or denigrate the mothers of script kiddies who hit your system.
#2 equals "Fuck you, you WILL use CVS". Saves a lot of headache in the long run.
#3 means you get to do what you want, security-wise. It's important to be able to say "no, you can't get executable email" or "yes, your're fired for giving out your password" or "yes, you have to use an uncommon combination of at least eight characters for your passwords" and have A POLICY DOC TO BACK YOU UP.
Draft a good, easy-to-read version of the above and you'll be fine (and, oh yeah, convince the management to adopt it).
Slashdot Mirror
That's what they get for using WEP...
Every time I've gotten a new management job I've made a point to immediately do three things:
/etc/issue (/etc/issue.net) and incorporate into your policy doc you can legally monitor, insult or denigrate the mothers of script kiddies who hit your system.
1) Draft an acceptable use policy
2) Draft a development policy
3) Draft a security policy
#1 had all the usual disclaimers (we (the company) own the computers, etc., etc.). Even if you don't like them on the surface they at least give you the legal right to punish them for being script kiddies, using up bandwidth for porn (ie blocking the admin from getting his porn), etc... and, if you properly craft a MOTD and
#2 equals "Fuck you, you WILL use CVS". Saves a lot of headache in the long run.
#3 means you get to do what you want, security-wise. It's important to be able to say "no, you can't get executable email" or "yes, your're fired for giving out your password" or "yes, you have to use an uncommon combination of at least eight characters for your passwords" and have A POLICY DOC TO BACK YOU UP.
Draft a good, easy-to-read version of the above and you'll be fine (and, oh yeah, convince the management to adopt it).