RE: Blocking Music Sharing.

["Rick Kingslan" <rkingsla () cox net>]

"Bottom line is if management won't back the admin's attempts to stop things
like this from the office, and the admin can't (for whatever
reason) prevent it from a technical level, then the admin has no place in
taking upon themself to embarrass or discipline employees.  There's no place
for BOFH in today's corporate environment (IMHO at least) and things like
this are unfortunately what gives seed to many admin types I've either fired
or wanted to choke to death in the past.

Let management enforce the AUP in a professional manner, taking the issue
seriously or not at all."

In my current situation - I can't enforce crap because the biggest offender
is one of the VP's.  Seriously.  Currently, my hope is that he's d/ling
enough to catch the attention of the RIAA.  With any luck, he'll be served
and jailed in a week or so.... ;o)

Honestly, you make good points - and you are clearly correct.  Trying to
enforce policy that is either not communicated, or badly done - is stupid
and ill advised.  

However, if the policy IS communicated, sometimes you only have to make an
example of one or two offenders - with your actions strongly backed by
Executive Management.  Typically, if the rest of the peasants see someone
strung up out in the main courtyard or the main lobby - they get the point.

I'm really into good examples.  AUP works - examples _with_ an AUP works
better.

-rtk

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Jonathan A.
Zdziarski
Sent: Tuesday, September 16, 2003 9:33 PM
To: Ron DuFresne
Cc: Cael Abal; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Blocking Music Sharing.

> > I heartily disagree -- if an offense is considered serious enough to 
> > warrant being prohibited in an org's Acceptable Use Policy then 
> > there should be real punishment involved.  If an offense isn't a big 
> > deal, then the AUP should be rewritten.

My belief is that proactive prevention should always be tried before even
getting to this level; there should be differing levels of severity in
punishment for those who violate the AUP, but I see no reason not to block
the common ports as a first attempt.  Nearly every company has a corporate
firewall (or at least should).  Many P2P sharing tools are on obscure ports
that could easily be blocked.  Even a half-baked firewall policy ought to be
able to prevent sharing.

> > A Wall of Shame just sets a bad precedent -- a user could argue that 
> > the rules were ambiguous.  "What?  You can't fire me for running 
> > that root exploit!  None of the other rules were ever seriously 
> > enforced, our policy is a joke!"

Exposing employees instead of dealing with situations privately is always
bad politics, and can be an easy way to kill morale (not to mention bring on
a lawsuit by an embarrassed employee).  Enforce the AUP in a private, civil
manner.  

Bottom line is if management won't back the admin's attempts to stop things
like this from the office, and the admin can't (for whatever
reason) prevent it from a technical level, then the admin has no place in
taking upon themself to embarrass or discipline employees.  There's no place
for BOFH in today's corporate environment (IMHO at least) and things like
this are unfortunately what gives seed to many admin types I've either fired
or wanted to choke to death in the past.

Let management enforce the AUP in a professional manner, taking the issue
seriously or not at all.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html