Proxy talk


Recommended Posts

I wanted to piggyback the open forum we were having from the "Proxy at work" thread I had started earlier. I just want to clarify - I am NOT looking for proxy suggestions or any type of network circumvention in this topic. (I did not realize that this was against policy the first time). However, I was more interested in the rest of the conversation we were having. It brought other questions to mind.

Who creates the network policies within a company? Why are some companies more strict with their policies? Why is a company so concerned with what its employees are using the internet for?

I will have more questions as the conversation moves. Since I am a user of the company's network, as opposed to the administrator of the network, perhaps my thoughts/views will provide some food for thought, or just fodder for laughter.

Link to comment
Share on other sites

1) It's usually the IT support team who decide on sets of rules, or use default blocking rules that come pre-configured within bought filtering systems

2) Different company, different people, different rules.

3) A company is concerned about you doing your work, and them getting their worth out of you. If you're wasting your time online, expect to be sacked and replaced by someone who will do the job.

Link to comment
Share on other sites

Who creates the network policies within a company?

Normally the IT department and Security Analysts I think.

Why are some companies more strict with their policies?

Different companies have different forms of information on their network.

Why is a company so concerned with what its employees are using the internet for?

Taking it to extremes, imagine a government organisation like the CIA or MI6. The "company" wouldn't be too happy if a user started sending out confidential material, would they? Also, there is the subject of productivity in the workplace. If you're doing your personal work then your not doing the work that you're being paid to do.

Link to comment
Share on other sites

Since you haven't check your pm, I will post it here:

People bring in personal letters to send from the office. They also use telephones for personal calls. What is the difference? What does the company care what I do during my 30 minute lunch break?

The difference is that you are on a company network, if your casual browsing introduces a mass spread virus/malware your computer is to blame. If there are not restrictions to stop this from happening from known sources IT might as well pack up their bags and leave. The whole point of it is to secure the network against treats. You poking a hole through the security they have in place is an issue.

Perhaps you can ask them to put in a open wireless network that you can have access to that is unrestricted to bring your personal stuff in to run amok. At a few places I work, we have those in place for users. Their home equipment does not ride on the same network as the business network, which includes phones, tablets, laptops, etc.

As to who makes up the policies, it is usually a group effort. HR, IT, and other management.

---------------

As a Network Architect/System Engineer, I really don't care where you go or what you do. I need my network to stay clean, and if stopping you from known areas that can breech my network is what needs to be done, it will be done. I don't need to send out people to put out fires that careless browsing causes, personal email causes, or other crap. This is a waste of resources, a waste of time, and a waste of money. Some places deal with high level government projects and need secrecy and need to be locked down tight, just because you work in the mail room of proctor and gambel (just using this as an example, they make a lot of things and have ties into other things that the general public does not know, not to mention secret forumlas and what not for their products) does not mean that they only make soap, they have other things and other ties that they produce.

Bottom line, do your work...IT really doesn't care where you go or what you do just don't screw up their network or do anything questionable to hurt, defame, or diminish your fellow employees, they have better things to do with their time.

Link to comment
Share on other sites

I work for a large worldwide company, based in Denmark. I am @ the N. American HQ here in Dallas. Denmark sets the overall guidelines, they are relayed to the CIO here in Dallas. He tells the IT Manager (my boss) - who determines how things will be implemented (or who will implement them). yours truly

For example - Denmark - will tell the CIO "NO TWITTER" - he tells my boss, who tells me to make sure nobody can access twitter across all locations.

I will then inform my boss when it is done - he will usually check to see if it is all good & then consider the job done & on to the next task.

Denmark recently set forth our data backup policies. How long each data set needs to kept, how often to perform complete backups, etc.. It was relayed to my boss - who told me to make sure our backups were in line with the new policy. I told the backup operator last week we need to have a meeting in the server room and go over our backup scheduling.

Some companies are more/less strict possibly due to the type of business they are in, or the age/mentality of the execs (old school compared to modern thinking) Or they might be more strict because of past experiences (Some bonehead in accounting clicked on a link in twitter and infected his machine.

Rules need to be set so employees dont spend 2 hours a day looking @ funny youtube videos instead being productive @ their job.

More specifically - I noticed one employee was getting large emails everday (videos attached) from his father. His mailbox is nearly full @ 50GB. I told him to inform his father to send these emails to his personal email account instead of clogging up our email server.

I dont like telling people what to do when it is something like this - so I will kind of put a nice spin on it so they dont get feelings ruffled. I asked him if his father was sending him pr0n - and told him he forgot to cc: me on it ! He laughed but understand why I was needing it to be stopped. Problem solved & the employee understands, will oblige the request & isnt all bent out of shape with it.

-on to my next thing - Is it Friday yet ? :s

Link to comment
Share on other sites

Since you haven't check your pm, I will post it here:

The difference is that you are on a company network, if your casual browsing introduces a mass spread virus/malware your computer is to blame.??If there are not restrictions to stop this from happening from known sources IT might as well pack up their bags and leave.??The whole point of it is to secure the network against treats.??You poking a hole through the security they have in place is an issue.??

Perhaps you can ask them to put in a open wireless network that you can have access to that is unrestricted to bring your personal stuff in to run amok.??At a few places I work, we have those in place for users.??Their home equipment does not ride on the same network as the business network, which includes phones, tablets, laptops, etc.

See, this I understand. I am not against network security one bit. However, network censorship is where I have some issues. But perhaps the two cannot be mutually exclusive? I feel like there is a middle ground that can be found.

Link to comment
Share on other sites

See, this I understand. I am not against network security one bit. However, network censorship is where I have some issues. But perhaps the two cannot be mutually exclusive? I feel like there is a middle ground that can be found.

Unfortunately not. In a workplace you're there to do your job, not waste time.

Link to comment
Share on other sites

See, this I understand. I am not against network security one bit. However, network censorship is where I have some issues. But perhaps the two cannot be mutually exclusive? I feel like there is a middle ground that can be found.

All avenues of crapware need to be taken into consideration. Also, there is a certain amount of sensorship needed. Watching porn would be a big no no, even on your lunch break. But on top of that, if your company has secrets they want to keep, limiting users to use company email that can be controlled would be an avenue to take. There are a lot of considerations made to lock you down, and it is at the disgression of HR/Management/IT to lock down those features. You want internet to be a bit more loose, talk to HR/IT, make a suggestion. There are also bandwidth limitations in place due to the amount of available bandwidth your company has so they may block streaming media or streaming media sites. There are a lot of reasons for IT to block you completely throught the day.

Link to comment
Share on other sites

Unfortunately not. In a workplace you're there to do your job, not waste time.

I understand. But, like I said on the previous thread, what does a company care what I do on my 30 minute lunch break? (within reason of course).

Link to comment
Share on other sites

I understand. But, like I said on the previous thread, what does a company care what I do on my 30 minute lunch break? (within reason of course).

They don't care during that period, however they won't stop their filtering system for the sake of 30 minutes because people will exploit that.

Link to comment
Share on other sites

And nowadays everyone has a personal smartphone to "waste time." That's why I feel that censoring a company's network is a false sense of security (in terms of an employee's time management) to a company.

Link to comment
Share on other sites

yes, but while your phone can't be tracked if using the mobile network, you computer can be tracked very easily. How many minutes you spend on each website can be had by running a report, or how many minutes that you spend on the internet can be had as well. You want to surf do it on your personal device. If you attach it to the network, be prepared to be scrutinized just like your pc is at it has now become another node on the network that can become breeched, even more so being that IT cant control it 100% of the time and if you bring in something from home it can pose a threat onto the network. No IT person in their right mind would allow home devices on their secured network.

I firmly believe for your situation a unsecure network is warranted for your personal browsing, but your work computer should not be able to be joined to that unsecured network. You would need to bring in a personal device for that, as you said, everyone has one. It is up to management to provide this, you can't bring it in on your own.

Link to comment
Share on other sites

And nowadays everyone has a personal smartphone to "waste time." That's why I feel that censoring a company's network is a false sense of security (in terms of an employee's time management) to a company.

That isn't their network, plus most companies would discipline you if they caught you playing on your phone instead of working. During your lunch, they don't care.

Link to comment
Share on other sites

To explain a little bit about how important network security (both browser traffic and all else) It is important enough that monitoring these things is All i do all day, that is my whole job. I can monitor traffic, I can move traffic if needed. If i see someone able to go somewhere that they should not be able to that for some reason is not blocked I can block it on the fly. however, at the same time if the user is on their lunch break and wants to go to the local news papers website I am not going to block that sort of thing because they are not wasting company time.

Link to comment
Share on other sites

So does anyone watch the network admins and their internet usage? Not that I am implying that they don't follow their own rules. Just wondering.

That depends on how high up the ladder the IT person is. But yes they are watched. Personally I am excluded from being blocked, but I am monitored.

Link to comment
Share on other sites

"Why is a company so concerned with what its employees are using the internet for?"

So the topic of malware and protection of the network has already been covered. But I want to address an issue I am currently working on with a customer.

Does not always come down to user not working, or possible compromise of the network via a infection of some sort or release of data from that machine.

Sometimes it all about the bandwidth -- if users were reading the news, or even sending a few emails or shopping for their kids bday present your not talking about any significant traffic here normally.

But what can kill the internet for actual working employees is users streaming videos/music -- you might not think that few MBs of of bandwidth your music is using that big of a deal -- multiply that by 100's of users that all SHARE the same internet pipe. Quite often this pipe is the same pipe that is used for normal work traffic (exchange/sql/sap/file shares/etc)

Maybe companies use a wan type connection between their locations, and then internet is from a central point. Even if the internet pipe is HUGE, what is the pipe between say the core of the network where the company systems are housed and the remote location. These are quite often much smaller pipes -- now you have 100 users in this remote location all streaming pandora or watching the latest cat videos on youtube.

Current customer working with has issues with multiple locations with sites that fall under streaming media - they have this allowed because of actual work reasons. Video streaming of work related items - problem is lots of non work related stuff falls under the same category. So now that video presentation that users are suppose to be watching has to contend for traffic with pandora, spotify, YT, highlights from last nights game, etc. etc.

User: IT -- why is SAP so slow??

Admin: Because you get 230 users listening to pandora!! And the pipe FULL, that is why!

We could buy a bigger pipe, we could put in QoS/CoS we could optimize the traffic, we could .... All of which cost time and money.. So what do you think is the better solution. Limit what the users can do on the work network, or spend more money to allow them all to stream netflix while they work on that spreadsheet? ;)

Link to comment
Share on other sites

although if a company are simply cutting out internet for productivity, this will in its self hinder it ... maybe a company should allow people to access their stuff during their lunch break? allow 30 mins free time (access to things like gmail/hotmail and twitter/facebook) allow people to get their internet fix and they will be happy or use their 30 mins over the day allowing them to quickly check their emails... i think it could be a good system

Link to comment
Share on other sites

As I said, it isn't just for productivity. There are many reasons to block access. It can easily be guised as productivity, but there are many other implications that could be the reason why. It could even be the productivity of the company as a whole that is effected, as budman has so nicely pointed out in detail.

Link to comment
Share on other sites

So does anyone watch the network admins and their internet usage? Not that I am implying that they don't follow their own rules. Just wondering.

I am a technician who enforces these policies and nobody checks ours. However my boss will give me a warning if I misuse my time.

Link to comment
Share on other sites

Just to give you some food for thought on what kind of traffic you can be talking about. So this is a snip of 30 minutes of traffic that falls under the Streaming Media category.

post-14624-0-58024300-1327942436.jpg

Just showing some of the top hits as example sites, and some size of the traffic. Yeah that's right about 2GB of traffic in 30 minutes!! Sorry I don't care what type of network you have this could put a hurt on it! Not a large amount of users mind you - and yes this like for 30 minutes over the lunch break time 12:00 to 12:30 - but traffic crosses a few different time zones here. So not every location would of been at lunch.. Or shouldn't have been.

And yes they have a LARGE internet pipe, and some sites are GigaMan connected to their core. But lots of sites are only 10MB to the core, etc. Some even less - this is the report for only North America mind you.

So as a customer paying for your pipes to connect your locations together - do you really want that amount of NON Work related traffic flowing over it?? Keep in mind you have users complaining that stuff is SLOW.

Link to comment
Share on other sites

Ah yes bandwidth. A limited resource in a company. This is very true. And once again, I can totally understand the censoring of bandwidth hog websites such as Pandora, Netflix, Youtube, etc. However, personal email is totally different. Yes, I realize that viruses can malware can spread via our personal email, but most of these personal email providers now scrub their users emails for viruses. Correct? Or isn't that protection from Google, Yahoo, etc robust enough?

Someone mentioned securing the network so that documents can't spread outside the company. If someone decided to email confidential documents, they are dumber than a rock. That is the easiest way to get caught. I of course do not condone any criminal behavior, nor have ever partaken in any criminal behavior, but it is the same premise that criminals use cash or prepaid visa cards instead of writing checks and/or using their personal credit cards.

Link to comment
Share on other sites

"they are dumber than a rock."

You just described 97.3% of the user base at most companies ;)

yep...I would even say higher...possibly 98.9%....people are stupid and we must protect ourselves from stupid.

but I only went to xyz site, they are safe right and after I went their my computer got a warning saying my computer is infected with lots of viruses so I put in my credit card to fix it and it didn't fix it, then I tried another credit card, and then another....

Users are stupid even the more tech savvy ones, they are actually more dangerous than average users because they with try to fix it causing bigger issues.

Link to comment
Share on other sites

This topic is now closed to further replies.