Firewall Wizards mailing list archives
RE: Content blocking - Singapore seems to manage??
From: Henry Sieff <hsieff () orthodon com>
Date: Mon, 21 Jun 1999 13:29:52 -0500
-----Original Message----- From: Desai, Ashish [mailto:Ashish.Desai () fmr com] Sent: Monday, June 21, 1999 8:48 AM To: firewall-wizards () nfr net Subject: RE: Content blocking - Singapore seems to manage??-----Original Message----- From: Marcus J. Ranum [SMTP:mjr () nfr net] Sent: Sunday, June 20, 1999 10:59 PM To: Di Phelan; firewall-wizards () nfr net Subject: Re: Content blocking - Singapore seems to manage??..snip..One of the problems with content blocking is handling violations. I suspect the easiest way to handle them is never to see them in the first place. ;) As I said in my previous message, a lot of companies have _existing_ policies that would cover online "objectionable material" -- they ask for technologies to block it at the firewall yet, at the _same_ time, they have firewall logs that show without reasonable doubt who the offenders are already. Why not just deal with them directly? Oh, no, that would cause too much conflict... In fairness it's because it puts the network manager in a position of having to do H.R.'s job, which is kind of ridiculous. But then the whole idea of preventing communication over a communication channel is kind of ridiculous...snip.. Content blocking + proxy logs is needed to cover a company legal liability. We had instances where we blocked porn sites (using some blocking service company) and we still had employees trying repeatedly to go visit those sites. Turns out look at the proxy log we found they were visiting other sites that were not block and were spending quite a lot of time there (whole day!). Investigating further we find they had some really nasty stuff on the local machines. Needless to say some of them got fired and one was handled over to the US District Attorney (child porn).
</LURK> Hey folks. First of all, obligatory thanks to all of you; reading your discussions have helped me at my job tremendously, in providing a fairly vendor independent perspecive on realistic security implementations. so thanks, y'all. I'd like to add that I feel it takes both types of involvement, for a company to really implement a viable safeguard against liability for illegal/inappropriate access. At my organization, we had a rather unfortunate case of idiocy, which, although it didn't do much damage prompted us to invoke some limitations on web traffic. We used a combination of router based and independent software solutions to restrict access to a list of categories of url's, and track and log all access. Using this, along with periodic human log reading, we are able to decide if we need to have reiterate the companies web browsing policy (which we TRY to ensure employees are aware of when they are hired, although whose to say what they ACTUALLY read in this day of quick signatures). The policy has been used to discipline several employees, and we saw a growing degree of awareness of the policy, as warnings have been issued about excessive non-work related browsing. We are, however, a smaller organization so this is feasible. I do not think the work scales well, as the larger the organization the more segments to monitor, the more access points you'll have, and the more general network chatter you're going to have. All in all, I'd say its a waste of time, actually, but The People Who Decide Things wanted it, and I actually enjoyed setting it up in a sick sort of Control Freak way. Anyways, that is all. Just thought I'd share; ultimately, the technology is only going to aid you in enforcing a strong policy, and that takes not only the will to enforce a policy, and the technology to make it tricky enough to break that the attempt alone, which is logged, constitutes a clear desire to break it and not an accident. -- Henry Sieff Network Drone Orthodontic Centers of America (504) 834-4392 ext.135
The moral of the story is the company needs to have blocking in place, saying that they did their part to have ?reduce? a hostile work environment and then occasionally visit the proxy logs and do something about it. Ashish
Current thread:
- Content blocking - Singapore seems to manage?? Di Phelan (Jun 20)
- Re: Content blocking - Singapore seems to manage?? Marcus J. Ranum (Jun 20)
- Re: Content blocking - Singapore seems to manage?? Edward Choh (Jun 21)
- Re: Content blocking - Singapore seems to manage?? Technical Incursion Countermeasures (Jun 28)
- Re: Content blocking - Singapore seems to manage?? Edward Choh (Jun 21)
- <Possible follow-ups>
- RE: Content blocking - Singapore seems to manage?? Desai, Ashish (Jun 21)
- RE: Content blocking - Singapore seems to manage?? Alan Lustiger (Jun 21)
- Re: Content blocking - Singapore seems to manage?? Crispin Cowan (Jun 24)
- RE: Content blocking - Singapore seems to manage?? Desai, Ashish (Jun 21)
- RE: Content blocking - Singapore seems to manage?? Henry Sieff (Jun 21)
- Re: Content blocking - Singapore seems to manage?? Marcus J. Ranum (Jun 20)