How would the others here restrict internet access on laptops for home workers?
This is my big problem...
I support some 35 analysts who are only allowed access to specific sites (that may change infrequently).
Previously we used Group Policy (proxy set to 127.0.0.1, Internet Options Connection tab disabled, exceptions listed in GP Proxy Settings). Now I actually use a free software that was made for a quite different public - Windows Live Family Safety. (Together with Windows Live Mesh for remote access.)
It allows me to add and remove websites for viewing for all users in two clicks, to make exceptions for specific employees - anything I want, fast and without even needing to remotely access their laptop.
Any thoughts?
Discussion on:
View:
Show:
They have access to documnets via a specific application on their desktop, which our client does not want us to allow them to be able to send outside in any way. For the same reason, USB and DVD write access are disabled.
If they had internet access they could send anything outside via any sort of website...
Now since the content we're talking about is *public domain* legal records, I don't really understand (and personally, strongly disagree with) the website blocking also, but if that's what they want, that's what we'll have to do...
If they had internet access they could send anything outside via any sort of website...
Now since the content we're talking about is *public domain* legal records, I don't really understand (and personally, strongly disagree with) the website blocking also, but if that's what they want, that's what we'll have to do...
Why not use HOSTS? The users don't have administrative privs for the laptops, I assume - and even then editing Hosts is sorta difficult.
Microsoft Live Family Safety while helpful in young family situations, is pervasive to adults and applied in the way you do DICTATORIAL. If you are Jewish, shouldn't you detest ALL forms of dictatorship?
Don't have a lot of time for it personally, but they seem to think it helps.
Sites are blocked on types of content, but the bulk of the "management" is employing responsible professionals...
When it gets down to it, particularly if your people ae techs, it's the only viable solution.
The policies are clear and strong, but the main thrust is try and shield employees from ending up on a high risk sites through some hidden or misleading link, or javascript twiddle.
Sites are blocked on types of content, but the bulk of the "management" is employing responsible professionals...
When it gets down to it, particularly if your people ae techs, it's the only viable solution.
The policies are clear and strong, but the main thrust is try and shield employees from ending up on a high risk sites through some hidden or misleading link, or javascript twiddle.
..which I implement internally and at one of my customers is Untangle server. It is by far and away the best solution for managing who can do what on the internet. Best of all, it's open source and for the most part free.
I have been using untangle since before version 6. It is a truly great product using a combination of os offerings, runs on debian, and is scalable. I would recommend the bare metal install though.
Where on the network would my 'Untangle" box sit?
Does it go between my Firewall and 2003 Server or my T1 router and firewall?
Thanks!
Does it go between my Firewall and 2003 Server or my T1 router and firewall?
Thanks!
Is to set meaningful goals for the staff who report to you and mange them against those goals and objectives. This has the added benefit of managing their smoke breaks, chats with coworkers, long-lunches, newspaper reading, etc. etc.
I'm not advocating giving your staff so much to do they are buckling under with it, but if you have a well managed work force they won't have time to be slacking off.
Any downtime they have when meeting expected targets is just part of the natural eb and flow of working patterns. None of us get through the day without chatting to a friendly coworker, checking the scores, whatever it is we are interested in.
If you have a company where a significant % of your staff are slacking off routinely then you have a badly managed workforce. The problem is not internet access, facebook, monitoring tools, etc. it is the management of the business.
Even if you ban it right off your network people can use smartphones, iPads, whatever to access Facebook, Twitter, LinkedIn, WebMail, IM, etc. without you ever tracking that. other than lead lining the walls of your office you can't stop it either.
OK, there is a different take on this if you are talking about the security of your network and risks through malware, data leakage, all that which may be percieved via social networking et al. That is where the IT part of this comes it. Managing workforce productivity is the job of business unit managers.
I'm not advocating giving your staff so much to do they are buckling under with it, but if you have a well managed work force they won't have time to be slacking off.
Any downtime they have when meeting expected targets is just part of the natural eb and flow of working patterns. None of us get through the day without chatting to a friendly coworker, checking the scores, whatever it is we are interested in.
If you have a company where a significant % of your staff are slacking off routinely then you have a badly managed workforce. The problem is not internet access, facebook, monitoring tools, etc. it is the management of the business.
Even if you ban it right off your network people can use smartphones, iPads, whatever to access Facebook, Twitter, LinkedIn, WebMail, IM, etc. without you ever tracking that. other than lead lining the walls of your office you can't stop it either.
OK, there is a different take on this if you are talking about the security of your network and risks through malware, data leakage, all that which may be percieved via social networking et al. That is where the IT part of this comes it. Managing workforce productivity is the job of business unit managers.
This it what I've been telling one of my customers for years (they completely restrict Internet access) and have yet to get them to see the light.
This is also the same argument I use with people that don't like about having remote workers or home office workers.
Managing goals, managing productivity, and mentoring obviates any need to control all aspects of an employee's day.
This is also the same argument I use with people that don't like about having remote workers or home office workers.
Managing goals, managing productivity, and mentoring obviates any need to control all aspects of an employee's day.
Amen. All of this site blocking and monitoring nonsense is just a burden on the business and winds up making employees *less* productive. How many of us have had to jump through ridiculous hoops to get access to a web site that was necessary to do the job we were being paid to do? Most of us, I am certain.
If you want to keep the work force productive, stop micro-managing their down time and start setting meaningful goals and objectives. This whole "monitoring internet usage" is nothing but an expensive red herring.
Good post, Alistair K. Well done.
If you want to keep the work force productive, stop micro-managing their down time and start setting meaningful goals and objectives. This whole "monitoring internet usage" is nothing but an expensive red herring.
Good post, Alistair K. Well done.
Completely agree, and I've been banging on the same drum for years, but to deaf ears. Last year my company banned access to any 'football' sites during the World Cup. Of course, rather than help productivity it hindered it, as people spent ages hunting for non-blocked sites (Top Tip: go to a 'fusball' site and get Google to translate for you).
It's the easy answer - rather than correctly manage those who abuse access, try a blanket block for all (apart from the CEO of course - let him do what he likes).
I feel you don't work for one large company in Nottingham with this attitude. To your credit.
It's the easy answer - rather than correctly manage those who abuse access, try a blanket block for all (apart from the CEO of course - let him do what he likes).
I feel you don't work for one large company in Nottingham with this attitude. To your credit.
Your employer is paying you for work production not to sit at your PC/MAC,etc. and watch soccer, hockey, baseball or any other live sporting event...
There is a difference between popping on a site to check a score and streaming a live event using the companies bandwidth.
We do not always block sites at first but if we notice employees doing more score watching than work we will block the site(s) from their PC first off then take it from there in the future.
There is a difference between popping on a site to check a score and streaming a live event using the companies bandwidth.
We do not always block sites at first but if we notice employees doing more score watching than work we will block the site(s) from their PC first off then take it from there in the future.
In a real world Windows based environment ...
right...
Someone needs to wake up and smell the roses...
right...
Someone needs to wake up and smell the roses...
We've solved our Internet (ab)use problem by blocking all UDP traffic that attempts traverse our firewall. Our firewall forwards DNS requests/responses to/from our ISP's DNS servers. So far, no enmployee has come up with a valid reason for needing UDP for work-related Internet access. If they want to surf, we let them. It will be obvious if they're wasting working hours on the Internet by the amount of work that gets done. Those that waste too many working hours, lose Internet entirely.
There is a company called eTelemetry that makes an appliance that can monitor your internet gateway and report on how much time your employees are spending doing what and at which sites, but also allows you to prioritize bandwidth usage by the person... That timewaster can get internet access but only at 56k and only to approved sites while the CEO gets full speed and can see anything he/she wants.
http://www.etelemetry.com/products/metron.aspx
http://www.etelemetry.com/products/metron.aspx
I have not seen any CIO brave enough to tackle this issue head-on. While most of them are happy policing their own staff in IT Depts, most CIOs develop cold feet when it comes to imposing restrictions on end-users. CIOs only provide lip-service to their carefully drafted corporate Internet Usage Policy, but rarely resort to imposing the sanctions mentioned therein. If a corporate has well-defined Internet access & usage policy, there is no reason why lower-level staff should grapple with such back-room manoeuvres.
I have a different situation to most network admins. When I took over the network where I'm working, I got strict instructions from a few of the Directors that should any employee not be able to get onto facebook or youtube I would have to find myself other work.
It sounds great, but here in South Africa where we have limits on our bandwidth usage. It gets kind of tricky trying to explain to the bosses that the more they watch youtube and other online videos, the more bandwidth they use and the more it will cost. The other thing is trying to get them to understand that if everyone is on youtube then the connection is going to be a lot slower than they want it to be.
Oh well, just thought I would throw that in.
It sounds great, but here in South Africa where we have limits on our bandwidth usage. It gets kind of tricky trying to explain to the bosses that the more they watch youtube and other online videos, the more bandwidth they use and the more it will cost. The other thing is trying to get them to understand that if everyone is on youtube then the connection is going to be a lot slower than they want it to be.
Oh well, just thought I would throw that in.
I wonder how much longer your company will be in business. Personally, I do not find the need to monitor and hand hold employees. Open the floodgates with two exceptions:
1. Traffic is effected by end users high bandwidth useage.
2. End users cause network disruption/attacks due to their internet useage habbits.
Other than that. I agree with the above posts. It is up to management to monitor their employee and provide sufficient work for them to do. If an employee has time to surf then it is the manager who has failed to set goals and objectives or the company just doesn't have the workload - if this continues long term then I would question the longevity of the company or business unit.
If someone has copious amounts of time to web surf they shouold look into finding another job.
Some people enjoy not having work...they are called lazy workers.
Seriously, the amount of resources and money used to MONITOR and TRACK from IT is stupid and a waste. Management needs to own up and start doing their job.
Employees need to be their own agents, if they want to surf let them surf safely. Some days we all need a little break. Honestly, I get bored web surfing after a few minutes...sad I know. I think it is information overload. Too many sites to go to.
1. Traffic is effected by end users high bandwidth useage.
2. End users cause network disruption/attacks due to their internet useage habbits.
Other than that. I agree with the above posts. It is up to management to monitor their employee and provide sufficient work for them to do. If an employee has time to surf then it is the manager who has failed to set goals and objectives or the company just doesn't have the workload - if this continues long term then I would question the longevity of the company or business unit.
If someone has copious amounts of time to web surf they shouold look into finding another job.
Some people enjoy not having work...they are called lazy workers.
Seriously, the amount of resources and money used to MONITOR and TRACK from IT is stupid and a waste. Management needs to own up and start doing their job.
Employees need to be their own agents, if they want to surf let them surf safely. Some days we all need a little break. Honestly, I get bored web surfing after a few minutes...sad I know. I think it is information overload. Too many sites to go to.
Checking Scores for March Madness might be bad, but..
One of the most addicting events I have found on the internet is the Tour de France. The coverage of it at LeTour.fr is very good. I am not a bike race fan. At all. But I have to tip my hat to these guys, they make the internet work for them. I'll go out on a limb and say that what tv is for football, the internet COULD (note the qualifier please) be for bicycle racing.
One of the most addicting events I have found on the internet is the Tour de France. The coverage of it at LeTour.fr is very good. I am not a bike race fan. At all. But I have to tip my hat to these guys, they make the internet work for them. I'll go out on a limb and say that what tv is for football, the internet COULD (note the qualifier please) be for bicycle racing.
A while back we had an "issue" with one employee's accessing the internet. After a little Googling, I found, and downloaded the open source IP Cop, and a few of the add-ins. I built an additional "router" which I configured to work behind our outbound router / firewall.
The analogy here is basically that of a railroad siding. I simply modified the users machine's DHCP reservation so that his machine's gateway was the IP Cop box.
Voila! Worked like a charm.
Now, using DHCP from our Active Directory I can route the traffic of any given machine I want through the "filtering" aforded by IP Cop - all for virtually no cost.
It does not interefere with "trusted" users, it does not affect the attack surface privided by our hardware firewall, it was a snap to install and set up, and is totally flexible!
I really am warming up to linux / open source these days! (fed up with pouring money into the black hole of ongoing license fees!).
The analogy here is basically that of a railroad siding. I simply modified the users machine's DHCP reservation so that his machine's gateway was the IP Cop box.
Voila! Worked like a charm.
Now, using DHCP from our Active Directory I can route the traffic of any given machine I want through the "filtering" aforded by IP Cop - all for virtually no cost.
It does not interefere with "trusted" users, it does not affect the attack surface privided by our hardware firewall, it was a snap to install and set up, and is totally flexible!
I really am warming up to linux / open source these days! (fed up with pouring money into the black hole of ongoing license fees!).
I've setup IPCop and have it working fine but have yet figured out the monitoring addins.
I tried:
Banish- but it only seems to block IP's, not domains as a whole (how do I block something like sirius radio which has several IP's? many time I don't want to block a whole range as there might be other site hosted in that space.)
Who Is Online- no clue
Extra Graphs- no clue
Any suggestions?
I tried:
Banish- but it only seems to block IP's, not domains as a whole (how do I block something like sirius radio which has several IP's? many time I don't want to block a whole range as there might be other site hosted in that space.)
Who Is Online- no clue
Extra Graphs- no clue
Any suggestions?
Well, I let my users use the net, it's all open for them, But they can only download stuff and surf, they are restricted to Upload any kind of attachments, weather it's via their email, upload sharing sites or AIM.
I also have restricted download to a max size of 2mb and all extensions like .exe/.rar/.zip are on the blacklist.
Aj.
I also have restricted download to a max size of 2mb and all extensions like .exe/.rar/.zip are on the blacklist.
Aj.
to say older employees will accept control of browsing more than younger employees. I am approaching 60 and I find restrictive Internet access VERY interferential and a most unnecessary restrictive regime.
PLEASE avoid further AGIST comments.
PLEASE avoid further AGIST comments.
here's the router config. page,
http://i832.photobucket.com/albums/zz249/WhatNameShoudIUse/Blocked.png?t=1295136220
http://i832.photobucket.com/albums/zz249/WhatNameShoudIUse/Blocked.png?t=1295136220
BrowseControl has been very effective for managing Internet access at our workplace. Easy to install, then define the Allowed List (White List). Can also block chat or other applications.
Also use BrowseReporter for monitoring Internet browsing on users systems.
Also use BrowseReporter for monitoring Internet browsing on users systems.
I heard ActyMac DutyWatch ( www.actymac.com ) is a good monitoring software, anybody used it?
For monitoring your employees activity use AtcyMac DutyWatch. Monitors internet, programm and keyboard activity.
http://www.actymac.com/dutywatch_remote/
http://www.actymac.com/dutywatch_remote/
To monitor employees' Internet access, you may have a try on this Amac Keylogger(http://www.amackeylogger.com), it applies to employee monitoring.
I was reading through the thread and I could somehow relate with the fact that I also want to monitor my employees who are working from home. That is because the tendency to become more unproductive is high since they are working at their own time and pace.
Maybe you also need something like this one mentioned in this review:
http://reorg.co/timedoctor-review-2012-04/
I think that was designed for this setup. I think I would also start using it for my remote employees.
Maybe you also need something like this one mentioned in this review:
http://reorg.co/timedoctor-review-2012-04/
I think that was designed for this setup. I think I would also start using it for my remote employees.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
