Date: Wed, 30 Jun 1999 13:56:33 +1000 From: "Andrew Johns" <A_Johns@TurnAround.com.au> To: "Matt Curtin" <cmcurtin@interhack.net>, "Evan Brastow" <ebrastow@automatedemblem.com> Cc: "Joe Konecny" <jkonecn@green-mfg.com>, "FreeBSD List" <freebsd-questions@FreeBSD.ORG> Subject: RE: internet monitoring Message-ID: <002c01bec2ac$8b14c430$4001a8c0@tasajohns.turnaround.com.au> In-Reply-To: <14201.36621.135367.877478@strangepork.interhack.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Whilst I agree in part with you Matt, there are some other considerations...I'm being the devil's advocate here a bit, I might add.. > > For sexual harassment to take place, someone must be unwillingly > exposed to something of a sexual nature after having made it clear > that they do not wish to be exposed thusly. > > For that reason, monitoring would actually *increase* the probability > of harassment. Someone doing the monitoring is much more likely to be I'd imagine that the person chosen to perform the monitoring would be suitably qualified (read hardened) to such an extent that they wouldn't be offended by anything. If that is not the case then serve the company right for not picking someone with the skills they need. > exposed to something like that than someone else randomly doing their > job. > > Evan> and defamatory lawsuits, > > Now that is silly. When was the last time that a company was sued > because of something that joe random employee wrote on the Internet > whilst on "company time"? Would YOU want to be the first to be sued for several million $'s? Methinks not. > > Do you monitor the telephone? Someone could make a phone call, and > the name of the company would show up on the caller-ID box, after > all. This leaves a trail in the phone accounts. > > Do you monitor the mail? Anyone could write a letter on a piece of > letterhead. > This leaves a trail of physical evidence. Without monitoring, what _evidence_ will you be able to supply to justify whatever decision you make (eg:unfair dismissal cases). [snip] > productivity is below expectations. In either case, those are matters > for the personnel department, not the firewall administrator. The personnel dept cannot enforce any disciplinary action without evidence. Assuming that you are the boss in a company, how will you answer the lawyer that asks you what evidence you have to backup your claim that the person you fired was spending company time (your money) surfing inappropriate sites? You saw him do it? He says he didn't! => His word vs yours. Where to now? You produce detailed log files and can prove that the documents have not been tampered with (I know someone who had to do just this, albeit it was hackers, not employees...and they won the case hands-down ONLY because they had evidence). All these things aside, I agree that monitoring is essentially useless to try to stop people from surfing. The only way to do it is to have a list of allowable sites, and restrict access to only those sites via your proxy. Occasionally you might get re-directed, depends on the site's policies and ability of the target system to repel hackers (who will quickly add redirections, etc). But on the whole, it's the only way. If employees want to add a site to the list, they can give a business plan as to why they need to visit that site and only then will it be added to the list of allowable sites. Otherwise, as far as I'm concerned, they're stealing from the company. Regards (all flames will be forwarded to /dev/null :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01bec2ac$8b14c430$4001a8c0>