Firewall Wizards mailing list archives
Re: Another Newbie with questions
From: Michael Kelley <michaelkelley () home com>
Date: Wed, 11 Aug 1999 12:07:05 -0400
Houser David DW wrote: <Lots of good advice, thanks>
Finally, a word of advice. You don't want to be the Internet police.
I wholeheartedly agree. I really don't. Admittedly, if the Boss says he wants to have acess to "The Weather Channel" website, he gets it. I'm employing a mix of Sun Tzu and BOFH at the moment with regards to the issue. Here's why. 1. We have to have internet access in order to continue doing business with our one and only client, an Automobile Manufacturer. 2. Outside of the MIS department, practically nobody in the company has ever been, or is knowledgeable about the Internet. Example: Me- Who is your Internet Provider? Them- Um, well, I just turn on Internet Explorer. 3. As soon as it is available, Internet access will become blamed for a loss in productivity in the workforce. It won't matter if that is actually the case. It will be another excuse in the tool box of some of the managers there to deflect thier problems in another direction. If this sounds silly, or absolutely unbelievable, it is. But I know who I am dealing with. 4. (Finally) I want a paper trail. I've been sending out memos and speaking in meetings about the risks involved. If there is going to be access, and they want it available to everyone in the company, I want it in writing. I want to be able to say, "I told you so" instead of them being able to say "Why didn't you think of this in advance?".
If you try and establish the position of "restricting internet access to only the places we have to go" you're going to have a fulltime job setting up ACLs and restricting access, and you'll be making some very subjective calls, all of which will get old very quickly! For your sanity's sake, make sure policies are in place and agreed to, and then suggest a means to enforce (e.g., once a month you'll post "SITES VISITED" on the bulletin board, and at management request will follow through to see who went there. Or weekly, Webtrends/Telemate/whatever will be used to generate a report that gets mailed to management.). Maybe you'll even want an automated control mechanism (Cyberpatrol, Surfwatch, NetNanny, etc), but I'll bet very quickly you'll find out you don't want to be the means of controlling who goes where.
Thanks. I'm going to take this advice to heart. I don't want to spend more time than I have to administering one component of the network when my time can be better spent elsewhere. I'll have users from 10-15 office locations around the country that I've never personally visited using this access via my servers. Fortunately, I think (remember, I'm learning this on the fly) I can restrict who gets access via MS Proxy server. I'll probably have 200 employees out of the entire company who actually need access. I don't want the entire 2-3000 getting online.
Current thread:
- Another Newbie with questions Michael Kelley (Aug 10)
- Re: Another Newbie with questions Woody Weaver (Aug 11)
- Re: Another Newbie with questions Paul Alukal (Aug 11)
- Re: Another Newbie with questions Rick Smith (Aug 12)
- <Possible follow-ups>
- RE: Another Newbie with questions Houser David DW (Aug 11)
- Re: Another Newbie with questions Michael Kelley (Aug 11)
- Re: Another Newbie with questions Bill Pennington (Aug 11)
- Re: Another Newbie with questions Chris Boscolo (Aug 12)
- Re: Another Newbie with questions Bill Pennington (Aug 13)
- Re: Another Newbie with questions Michael Kelley (Aug 13)
- Re: Another Newbie with questions Joseph S D Yao (Aug 13)
- Re: Another Newbie with questions Chris Boscolo (Aug 12)
- RE: Another Newbie with questions sean . kelly (Aug 13)