[techtalk] Bad surfing habbits part two

Liese liese at pandora.be
Sat May 26 18:57:29 EST 2001 

Hi,

Thanks to everybody for your replies. I've bundled some of the things, but 
its still long.. sorry for that..

Mark wrote :
"Get each user to read, and sign, a computer usage agreement 
contract.  This says that work facilities will only be used for work 
purposes, and though reasonable allowances will be made, downloading of 
objectionable material is strictly prohibited and suitable warnings, 
followed by dismissal, will be the result of a breach of this contract."
We did this but some people simply refused and we had no support from upper 
management so we cant *make* people.
We also found out that such a document is - legally i mean - worthless. It 
does not give us the right to check surfing (and email) habbits, it doesnt 
even give us the right to fire someone when they ignore it.

"a possiblity also includes suspension of internet access; if this makes 
the users job impossible to perform, thats a fairly good motivator to not 
break the rules / risk being sacked for inability to complete their jobs"
Once again no support from upper management. If we lock down internet 
access the user complains to his boss, his boss complains to mine and I am 
told to enable it again because this users cant work without.

Paul wrote :
"Not really wanting to plug any commercial products but it does sound like 
the only way would be to stick in some sort of filtering proxy that uses 
content-based filtering.. "
I have been thinking about this too.. However, surfing is only one part of 
the problem, email is another. But I'll look into "surfcontrol"it sounds 
interesting.

Keith wrote :
"Privacy concerns aside, if the Company owns the System,  then System Rules 
should not fall  under the section of Law concerning privacy."
Ah, but they do.
As far as i understand it we are alowed to keep track of how many mails a 
user sends or receives, but we are not allowed to keep logs of who the mail 
is from/to and what is in the body. However, it is very hard to check if a 
mail is work related without checking out the body.
The same with sites, we are alowed to track which sites are visited and how 
many times, but we are not allowed to track which users visits which sites.

James wrote :
"If I understand you correctly, the problem is not the content they are 
downloading, but the fact they're using a large amount of bandwidth to do it?"
Actualy its both and none. :)
What I mean is : i dont really mind that users sometimes surf a little or 
send some emails with funny pictures in. I dont mind that some people cant 
start a working day without seeing some "meat". People are people and we 
spend enough time at our job as it is.
What bothers me is that some users don't know the limit and what really 
bothers me is that uppermanagement AND the government take way any power 
you might need to keep those users in line. And leave you with nothing to 
defend your system with.
And valuable resources like bandwidth, diskspace, my time (keeping track of 
it all), their time (the work isnt getting done whilst surfing) , the pc 
support team's time ( because they have to fix the consequences : virusses, 
crashed computers, ...), security, ... are wasted.

"So if you can't filter effectively, what should you do? I'd look into 
Squid's "delay pools" facility: this will allow you to restrict user 
bandwidth quite effectively, allowing fast "bursts" but throttling big 
downloads to conserve bandwidth for other users, and other useful things."
Thx, ill check this out..

"Setting your mail server to block some or all attachments could be a big 
help here: if you do have a lot of mail traffic, attachments are probably a 
large part of that. "
We do that allready, its part of our anti virus policy (and it has saved us 
from morevirusses then our AV software). We block exe, com, bat, cmd, scr, 
vbs, avb, html, xhtml, ... But we cant block jpg, gif, zip because some 
people need this. :(

"Beware of driving your users to using a webmail service, though; if you 
stop them using your mail system, they could switch to Hotmail or similar."
I have disabled Hotmail (and others) on our proxy server. This has saved us 
huge amount of surfing time.. :) Really, some users were on this site for 
more then 200 hours a month, refreshing often.

Walt wrote :

"How about a mass deleting of people's archives of non-work-related content 
followed by a note that says <snip> "
Actualy we do that, attachments older then three weeks are automaticly 
deleted and once a month my coworker runs a check on the attachmentsfolder 
from all the computers from the netwerk and deletes "unnecessary" items. 
But this is a slow manual labour which cannot be automated. (Files on the 
c-drive are not backed up and so just deleting them would also delete 
important fiels)

Anyway, I am glad that i am not the only one with this problem. I do feel 
better..
After hearing some of your replies is is obvious that current laws are not 
sufficient to deal with these issues, and not only in my country..


Greetings,
liese

Ps: im sorry for the occasional spelling error.. english isnt my native 
language..

More information about the Techtalk mailing list