RE: Content blocking - Singapore seems to manage??

[Henry Sieff <hsieff () orthodon com>]

> -----Original Message-----
> From: Desai, Ashish [mailto:Ashish.Desai () fmr com]
> Sent: Monday, June 21, 1999 8:48 AM
> To: firewall-wizards () nfr net
> Subject: RE: Content blocking - Singapore seems to manage?? 
>
>
>
>
> > -----Original Message-----
> > From:       Marcus J. Ranum [SMTP:mjr () nfr net]
> > Sent:       Sunday, June 20, 1999 10:59 PM
> > To: Di Phelan; firewall-wizards () nfr net
> > Subject:    Re: Content blocking - Singapore seems to manage?? 
>       ..snip.. 
>
> > One of the problems with content blocking is handling violations.
> > I suspect the easiest way to handle them is never to see them in
> > the first place. ;) As I said in my previous message, a lot of
> > companies have _existing_ policies that would cover online
> > "objectionable material" -- they ask for technologies to block
> > it at the firewall yet, at the _same_ time, they have firewall
> > logs that show without reasonable doubt who the offenders are
> > already. Why not just deal with them directly? Oh, no, that would
> > cause too much conflict...   In fairness it's because it puts
> > the network manager in a position of having to do H.R.'s job,
> > which is kind of ridiculous. But then the whole idea of preventing
> > communication over a communication channel is kind of ridiculous.
>       ..snip.. 
>
>       Content blocking + proxy logs is needed to cover a company legal
> liability.
>       We had instances where we blocked porn sites (using 
> some blocking
> service company)
>       and we still had employees trying repeatedly to  go visit those
> sites. Turns out look at
>       the proxy log we found they were visiting other sites 
> that were not
> block and were spending 
>       quite a lot of time there (whole day!). Investigating further we
> find they had some really nasty
>       stuff on the local machines. Needless to say some of 
> them got fired
> and one was handled over to
>       the US District Attorney (child porn). 

</LURK>
Hey folks. First of all, obligatory thanks to all of you; reading your
discussions have helped me at my job tremendously, in providing a fairly
vendor independent perspecive on realistic security implementations. so
thanks, y'all.

I'd like to add that I feel it takes both types of involvement, for a
company to really implement a viable safeguard against liability for
illegal/inappropriate access. At my organization, we had a rather
unfortunate case of idiocy, which, although it didn't do much damage
prompted us to invoke some limitations on web traffic. We used a combination
of router based and independent software solutions to restrict access to a
list of categories of url's, and track and log all access.  Using this,
along with periodic human log reading, we are able to decide if we need to
have reiterate the companies web browsing policy (which we TRY to ensure
employees are aware of when they are hired, although whose to say what they
ACTUALLY read in this day of quick signatures). The policy has been used to
discipline several employees, and we saw a growing degree of awareness of
the policy, as warnings have been issued about excessive non-work related
browsing.

We are, however, a smaller organization so this is feasible. I do not think
the work scales well, as the larger the organization the more segments to
monitor, the more access points you'll have, and the more general network
chatter you're going to have. All in all, I'd say its a waste of time,
actually, but The People Who Decide Things wanted it, and I actually enjoyed
setting it up in a sick sort of Control Freak way.  

Anyways, that is all. Just thought I'd share; ultimately, the technology is
only going to aid you in enforcing a strong policy, and that takes not only
the will to enforce a policy, and the technology to make it tricky enough to
break that the attempt alone, which is logged, constitutes a clear desire to
break it and not an accident.

--
Henry Sieff
Network Drone
Orthodontic Centers of America
(504) 834-4392 ext.135


>       The moral of the story is the company needs to have 
>       blocking in place, saying that they did their part to 
> have ?reduce?
> a hostile work
>       environment and then occasionally visit the proxy logs and do
> something about it. 
>
>       Ashish