Re: Another Newbie with questions

[Michael Kelley <michaelkelley () home com>]

Houser David DW wrote:
<Lots of good advice, thanks>

> Finally, a word of advice.  You don't want to be the Internet police. 

 I wholeheartedly agree. I really don't. Admittedly, if the Boss says he
wants to have acess to "The Weather Channel" website, he gets it. 
 I'm employing a mix of Sun Tzu and BOFH at the moment with regards to
the issue. Here's why.
 1. We have to have internet access in order to continue doing business
with our one and only client, an Automobile Manufacturer.
 2. Outside of the MIS department, practically nobody in the company has
ever been, or is knowledgeable about the Internet. Example: Me- Who is
your Internet Provider? Them- Um, well, I just turn on Internet
Explorer. 
 3. As soon as it is available, Internet access will become blamed for a
loss in productivity in the workforce. It won't matter if that is
actually the case. It will be another excuse in the tool box of some of
the managers there to deflect thier problems in another direction. If
this sounds silly, or absolutely unbelievable, it is. But I know who I
am dealing with.
 4. (Finally) I want a paper trail. I've been sending out memos and
speaking in meetings about the risks involved. If there is going to be
access, and they want it available to everyone in the company, I want it
in writing. I want to be able to say, "I told you so" instead of them
being able to say "Why didn't you think of this in advance?".
 
>  If
> you try and establish the position of  "restricting internet access to only
> the places we have to go"  you're going to have a fulltime job setting up
> ACLs and restricting access, and you'll be making some very subjective
> calls, all of which will get old very quickly!   For your sanity's sake,
> make sure policies are in place and agreed to, and then suggest a means to
> enforce (e.g., once a month you'll post "SITES VISITED" on the bulletin
> board, and at management request will follow through to see who went there.
> Or weekly, Webtrends/Telemate/whatever will be used to generate a report
> that gets mailed to management.).   Maybe you'll even want an automated
> control mechanism (Cyberpatrol, Surfwatch, NetNanny, etc), but I'll bet very
> quickly you'll find out you don't want to be the means of controlling who
> goes where.
 Thanks. I'm going to take this advice to heart. I don't want to spend
more time than I have to administering one component of the network when
my time can be better spent elsewhere. 
 I'll have users from 10-15 office locations around the country that
I've never personally visited using this access via my servers.
Fortunately, I think (remember, I'm learning this on the fly) I can
restrict who gets access via MS Proxy server. I'll probably have 200
employees out of the entire company who actually need access. I don't
want the entire 2-3000 getting online.