PDA

View Full Version : Internet Policies at work.



BDNiner
December 21st, 2007, 05:20 PM
At my job we are going to implement a policy where only one computer per remote location has unrestricted internet access. The rest of the computers will use a white list with approved websites. we have about 30 remote locations. What are other IT pros experiences with blocking the internet?

One of my responsibilities at work is repairing computers, I pushed for this change because i am tired of cleaning up spyware and viruses on computers. in fact i am cleaning up a computer as i type this. We also have had issues with users accessing explicit content at work which again opens the door to viruses and spyware. I welcome this change in policy, hopefully it will free up my time at work to learn more interesting stuff.

Ocxic
December 21st, 2007, 05:42 PM
so long as the blocking doesn't interfere with the actual work, then great ppl are at work they don't need myspace etc..

rickyjones
December 21st, 2007, 05:48 PM
so long as the blocking doesn't interfere with the actual work, then great ppl are at work they don't need myspace etc..

I would agree with that. I would also say that it greatly depends on the work environment - is it more relaxed?, etc...

-Richard

Engnome
December 21st, 2007, 06:06 PM
At my job we are going to implement a policy where only one computer per remote location has unrestricted internet access <snip> I pushed for this change <snip> in fact i am cleaning up a computer as i type this.

Well I guess if people at your work browse non-work related sites maybe you have a reason for this white list system :P

LaRoza
December 21st, 2007, 06:07 PM
The work places own the internet connection, the computers, and the employee's time (so to speak). They have every right to restrict it to work related use.

They have every right to dictate the software used (usually Windows, MS Office and IE) because they own the licenses and the comptuers.

Iehova
December 21st, 2007, 06:08 PM
If it is affecting their work (including the viruses and spyware), then it shouldn't be going on and you're right to block it, IMHO. I think that if employees were only surfing facebook (or whatever) on their breaks, and even then not surfing bad stuff (explicit content, sites brimming with malware...) that's fine, but otherwise it should be work work work...

billgoldberg
December 21st, 2007, 06:29 PM
At work you need to work, it's that simple.

You don't need to access non-work related websites, porn, messenger, programs, ...

BDNiner
December 21st, 2007, 07:03 PM
our old policy was to limit unrestricted access to only 1/2 and hour a day, so if people wanted to go on non work related website then they could. but it was a black list system and keeping up with the long list of blocked sites was time consuming. and juniper networks how provides our networking equipment wanted more money to increase the number of sites we could black list. currently it is about 200 per device.

Dimitriid
December 21st, 2007, 07:14 PM
Why provide internet in the first place? Emails and a few needed sites are perfectly doable with an intranet only.Providing internet however is asking for trouble. It becomes tiresome to try and keep up with ways around it like proxy servers and such.

Bottom line is that every single job I had with internet access had many people getting around the restrictions to IM and play games or view porn.

LaRoza
December 21st, 2007, 07:43 PM
Bottom line is that every single job I had with internet access had many people getting around the restrictions to IM and play games or view porn.

That violated the policy, and they could be reprimanded for it.

There are many instances of rule breaking in all areas of life, but in none of them does a lack of punishment mean it is permitted.

Why should a company which hires adults have to watch their employees every steps? That is quite juvenile.

Why have internet at work? Good question, anyone caught breaking the policy will go on time out. Or more realistically, for the adult world, anyone breaking the policy will be fired.

schauerlich
December 21st, 2007, 07:46 PM
At work you need to work, it's that simple.

You don't need to access non-work related websites, porn, messenger, programs, ...

+1

BDNiner
December 21st, 2007, 08:09 PM
That violated the policy, and they could be reprimanded for it.

There are many instances of rule breaking in all areas of life, but in none of them does a lack of punishment mean it is permitted.

Why should a company which hires adults have to watch their employees every steps? That is quite juvenile.

Why have internet at work? Good question, anyone caught breaking the policy will go on time out. Or more realistically, for the adult world, anyone breaking the policy will be fired.

Nothing was ever done to employees who were caught watching porn. This part was really frustrating to me since i would get e-mails to my blackberry in the middle of the night saying that a user was browsing a restricted site, i would forward them to the corporate office but nothing would get done. It actually took someone getting caught at work watching porn with his door closed and it blaring over the speakers for something to finally get done.

I don't think that you need to block the internet. you just need to enforce the policies that you already have. we are all supposed to be adults and if we don't act accordingly then we should be fired. this didn't happen at my company.

LaRoza
December 21st, 2007, 08:13 PM
I don't think that you need to block the internet. you just need to enforce the policies that you already have. we are all supposed to be adults and if we don't act accordingly then we should be fired. this didn't happen at my company.

Bad management it seems, the most demoralizing situation at work places.

BDNiner
December 21st, 2007, 08:31 PM
Bad management it seems, the most demoralizing situation at work places.

Tell me about it, i have seen employees lose 1.5 -2 million dollars and not get fired. but that is another topic. I am lucky that i am not working out of the corporate office, so i will still have unrestricted access. but facebook and myspace my get blocked at my office since a couple employees spend all day on them.

CCNA_student
December 21st, 2007, 11:06 PM
I believe that the management of the company should be able to decide where their workers can go on the Internet while at work. People can waste so much time playing video games or looking at porn.

Sin Cere,

CCNA

samjh
December 21st, 2007, 11:13 PM
Our official policy is business-only internet use. To me, this is impractical.

However the real policy is at each manager/supervisor's discretion. Basically if there isn't enough work to do and employees can't go home early, then casual browsing is fine, within common-sense limits (ie. no porn, or other inappropriate material).

The only hard restrictions are no videos, like YouTube, and social networking sites like MySpace. They are blocked by the server, which I agree with.

If I had my way, downloading of .exe, .zip, .rar, and such files should be blocked also. I've found some junk on our workstations that shouldn't have been installed. I don't know about other departments, but my guys are pretty good with their internet: most of them only use it to read news, weather, order meals, and other productive content. ;)

djsroknrol
December 21st, 2007, 11:19 PM
Work is work...surfing at work is stealing time from your boss and effecting work performance...

my .02 from the desert....

Spike-X
December 22nd, 2007, 12:39 AM
It always annoys me when I see people at other forums complaining that this image or that thread isn't "safe for work".

JUST DO YOUR WORK INSTEAD OF SURFING MESSAGE BOARDS AND SHUT UP, CRYBABIES!!!

jinx099
December 22nd, 2007, 12:40 AM
Here's a little HOWTO on bypassing your work's internet filters. Use at your own risk! I don't recommend you use this method to look at porn all day! :lolflag:

At home:
1) Setup a linux server, or use your desktop at home and install squid web proxy and sshd.
2) Give your server a static IP address and forward port 22 to it if you're behind a NAT.

At work:
3) SSH to your home server and forward squid's port to your localhost. "ssh user@homeip -L 3128:localhost:3128"
4) Configure your browser to use a proxy, set it to localhost at port 3128

Now all your web surfing will be done on your home server, and it will be brought to you over SSH which will be encrypted. This assumes you can SSH out of your work. I recommend using a 2nd browser to use this proxy because you won't be able to browse sites on your work's network.

:)

Dimitriid
December 22nd, 2007, 12:50 AM
That violated the policy, and they could be reprimanded for it.

There are many instances of rule breaking in all areas of life, but in none of them does a lack of punishment mean it is permitted.

Why should a company which hires adults have to watch their employees every steps? That is quite juvenile.

Why have internet at work? Good question, anyone caught breaking the policy will go on time out. Or more realistically, for the adult world, anyone breaking the policy will be fired.

Some where indeed fired because of it but people kept doing it. For some reason they just can't help it, thats why I think internet shouldn't even be provided if not really needed ( can work ok with just intranet )

LookTJ
December 22nd, 2007, 12:54 AM
As long as they don't block my SSH access via PuTTY, I have unrestricted access as well.:). Every businesses restricts access to keep people from getting distracted on what they are supposed to be doing.(Yes I tunnel with SSH :P with dynamic port 8080)

Dr Small
December 22nd, 2007, 12:55 AM
Here's a little HOWTO on bypassing your work's internet filters. Use at your own risk! I don't recommend you use this method to look at porn all day! :lolflag:

At home:
1) Setup a linux server, or use your desktop at home and install squid web proxy and sshd.
2) Give your server a static IP address and forward port 22 to it if you're behind a NAT.

At work:
3) SSH to your home server and forward squid's port to your localhost. "ssh user@homeip -L 3128:localhost:3128"
4) Configure your browser to use a proxy, set it to localhost at port 3128

Now all your web surfing will be done on your home server, and it will be brought to you over SSH which will be encrypted. This assumes you can SSH out of your work. I recommend using a 2nd browser to use this proxy because you won't be able to browse sites on your work's network.

:)
That's what I was going to comment about.

I mean, I'm all for Work restrictions, as it is WORK, and not your personal computer, so since it belongs to the company, they should restrict the usage of it.

Restrictions would stop the average Joe, but not some highly expirenced geek, who will do whatever it takes to violate rules and bypass restrictions.... :|

Dr Small

mips
December 22nd, 2007, 02:04 AM
The work places own the internet connection, the computers, and the employee's time (so to speak). They have every right to restrict it to work related use.

They have every right to dictate the software used (usually Windows, MS Office and IE) because they own the licenses and the comptuers.

+1

It's all their resources and they can do with it as they please.

Pethegreat
December 22nd, 2007, 02:43 AM
I think it is OK for an employer to regulate internet access. People have internet at home. If they need their porn fix they can get it at home. Having people browsing the internet at work can slow down the whole network.

My workplace places no restrictions on internet usage. We don't need restrictions though. Everyone at my workplace self regulates their own usage well enough. I get enough internet at home that I have only used my workplace's less than 10 times in 2 years.

A intranet would be a good idea. You would not need as much bandwidth since none of it is being wasted on non-work sites.

cluepon
December 22nd, 2007, 02:54 AM
The employer is paying you for your time, pays for the connection and the computer you use. They probably even pay for the chair you sit in.

To be sure, employer "rights" in this area are still gray to some effect. However, employers have a right to know what their network is being used for, and they have a right to block/restrict access as they so see fit.

And, to that end, while it's not ubuntu, I encourage you to check out this wonderful turnkey filter system:

http://www.censornet.com/

Open Source. Based on Debian...and a plethora of options. Pretty much any option you could think of.

Great product, I have put Censornet into use at a couple of places. It works well, installs fast, and it works well out of the box, with a lovely administration interface. It can also link to Active Directory for account based access. =)

Give it a whirl.

jflaker
December 22nd, 2007, 02:59 AM
Blocking sites is good for business>


Blocking downloads of softwares,which may be laced with viruses or malware.
Preventing inappropriate sites from being visited, such as porn or violence, which have no business necessity
Preventing end users from wasting time on sites such as myspace or facebook. Another site category which has very little, if any, business purpose.
Prevent corporate liability by not allowing employees to make posts on certain sites........If traced back to the company, it may be considered as good as a public statement from that company----Most employees are not authorized for such statements!

LaRoza
December 22nd, 2007, 04:03 AM
Also, employers can be sued for their employees actions. If a female employee sees porn or something offensive on another's computer, that is sexual harrassment, and the employer is liable. (This is in reference to an actual case, this isn't the only scenerio)

Tundro Walker
December 22nd, 2007, 04:42 AM
My personal thoughts are that internet restriction should be based on your pay-grade & job duties. Folks lower on the totem pole are generally more apt to screw off if they think they can get away with it. That's why managers are constantly harping at menial task workers to get off their cell phones or office phones and stop surfing the net and get back to work.

EG: folks working in a call center ... restrict access, otherwise they'll surf the net instead of doing their job.

EG2: Manager or other "professional/specialist" (especially project-oriented work that's feast or famine), they should be allowed looser restrictions, since part of their pay-grade is for them to be professional enough to be responsible and self-regulating in their duties / screwing off.

This is how they set it up at my place, and I like it. Keeps the call center folks from screwing around, but lets me mess around a bit when I don't have any projects and would otherwise be bored out of my mind. Could I surf for porn or other such stuff? Sure. But, my job and pay-level comes with the responsibility to know better. So, I don't abuse the privilage.

Of course, devil's advocate would say some might abuse the privilege. If you find out a high pay-grade worker is abusing the privilege, instead of just restricting access, they should probably get fired. I mean, if they're shirking their duty there, it can be assumed they're shirking their duties in other areas, too.

BDNiner
February 13th, 2008, 08:52 PM
So the new internet policy went into effect today, and I almost quit my job. Of course no one read any of the e-mails detailing the new policy so only about 6 of the 40 remote locations we support sent us a white list of sites. The phones have been ringing off the hook with users trying to get their sites added to the white list. The only thing that makes it difficult is that the memo said that new sites can only be added at the begining of the week. So for the next couple weeks things will be bad until the users realise that we are not going to change the policy back.

jpittack
February 13th, 2008, 09:03 PM
At would have problems with my high school's internet policy way to often. I would try to download some stuff from lego.com for mindstorms, and I couldn't even do that. I found a very slow way around it, so I would end up having to work at home for the main downloads and take care of whatever I could at school.

The IT guy had no time to take care of the policy. He spent most the time deleting games off the computers.

Christmas
February 13th, 2008, 09:07 PM
This depends. If only several sites are allowed, the security is increased, and you as an employee won't have the possibility to surf the internet when you should actually work. On the other hand, it's no good if browsing it helps your work or you can take pauses. Where I used to work a while ago there was restricted access to IRC (Windows PCs there), which really sucked because we were allowed to take pauses very often.

BDNiner
February 13th, 2008, 09:17 PM
There are quite a few employees that have to browse the internet for their jobs, but since we only allow one unrestricted computer per location, everyone has wanted their computer to be the unrestricted one. The big one has been aol.com, all the outside consultants use this for their e-mail. They don't get company e-mails because like i said they are only consultants. This next week should be interesting. I am lucky that in the IT dept. nothing gets blocked.

Kernel Sanders
February 13th, 2008, 11:00 PM
IMHO, providing you get your work done well and on time, they have no reason to care what websites you visit now and again. Be that facebook, myspace, or the ubuntu forums.

Relaxed work environments are more productive anyway in my experience.

yabbadabbadont
February 13th, 2008, 11:20 PM
Trying to "be fair" in what they blocked, and trying to deal with people "working around" the restrictions listed in the employee handbook, resulted in the last company I worked for implementing a zero tolerance policy. Employees were warned when they were hired, and acceptable use was listed in the handbook. Any violation and the employee was immediately fired. No excuses, no second chances, pack up your stuff and be escorted out of the building. No one was excluded from the policy either. A senior manager and a network admin were both fired in the same week. That pretty much took care of the problem with compliance at that company.