Workplace Internet Access - Abuse.

I have been instructed to look into internet access abuse in our workplace. I know there are a few .orgers that may have some pointers on this. So please give me some feedback on what I can take to my MD to prevent the facebook/ebay/twitter brigade between 9am to 5pm. When its outside these hours he is happy for staff to use the internet, but not during working hours.

[SoulKiss]

Quote:

Originally Posted by SV-net

I have been instructed to look into internet access abuse in our workplace. I know there are a few .orgers that may have some pointers on this. So please give me some feedback on what I can take to my MD to prevent the facebook/ebay/twitter brigade between 9am to 5pm. When its outside these hours he is happy for staff to use the internet, but not during working hours.

Loads of options...

1) Proxy server on a non-standard proxy-server port, and your firewall/router set up to block all port 80/443 (web and secure-web) traffic that does not originate from the proxy, this will mean you can see what sites are bieing used AND then redirect them to a "page not available" message - if done on a Linux box you can have a CRON job to load a restricted config @ 9am and then a more permissive one @ 5pm.

Should cost a couple of hundred for the server and take a day or so to set up.

If you dont have a hardware firewall (the best solution for blocking the traffic out rather than the router) then add a couple of hundred for one of those too.

Quote:

Originally Posted by SV-net

I have been instructed to look into internet access abuse in our workplace. I know there are a few .orgers that may have some pointers on this. So please give me some feedback on what I can take to my MD to prevent the facebook/ebay/twitter brigade between 9am to 5pm. When its outside these hours he is happy for staff to use the internet, but not during working hours.

The irony being that I try to hide your avatar in work

[ophic]

hardware firewall... pfft. You're funny SK

[timwilky]

I am with SK. However, I would advice to block all out going traffic except that through a proxy, not just the named protocols above. Obviously allow outgoing SMTP from your mail server etc.

Then get some analysis done of usage through the proxy. Look at the use of published black lists etc.

[ophic]

I agree with SK too. I just don't like the description "hardware firewall". All firewalls run in software, even if you have a dedicated box for it.

Just me being pedantic.

[timwilky]

And don't listen to arguments between techys. A bastion firewall is a necessity. depending upon your business use on the net, you may need to have at least a fail over pair with state database sharing to ensure smooth fail over.

We use Nokia hardware with Checkpoint NG firewall. Expensive but worth it. you then probably need devices for prioritising certain traffic etc. (packet shaping, profiling whatever)

[SoulKiss]

Quote:

Originally Posted by ophic

I agree with SK too. I just don't like the description "hardware firewall". All firewalls run in software, even if you have a dedicated box for it.

Just me being pedantic.

OK so Dedicated Firewall...... Mr Pedant

[ophic]

its a pet hate. I'll pull my head in now.

We require to allow certain access due to being a mail order department in the warehouse they need to raise, track and view deliveries which are all web based applications. There are no email requirements at all. Just looking to give a name of some applications to investigate for this purpose.

For the record we do have a dedicated area for internet access which all staff have use of. We decided to put two internet workstations in so that people would have complete freedom during break and lunch times. In the hope it would be used in break times and therefore they would (we hoped) not want to be doing it while working. But nah, nah just got to be looking all the time eh!