Security

We filter all our web traffic both for security and content. Our content filters cover porn, hate sites, gambling, online gaming, file sharing software and a few others.
Our main goals are 1. Protect the network and 2.Create a none hostile environment for all employees.

Everyone is filtered. Excluded are all sites that are clearly not work related--gaming sites, most forums, Ebay, etc. Heck, everyone posting 'tinyur' leaves me out of the loop until I get home. Also on the filter are public email accounts--hotmail, yahoo, etc. Apparently some study revealed that most network infections were the result of someone checking web based email accounts.

Yes we filter all users.

We filter all users but some are filtered differently. The people who can get me fired are protected locally using hosts files and IE secure zones. Normal staff go through a proxy filter to block spyware, external email sites and a lot of other crap in addition to the other protections.

Users are granted web access on an as-needed basis and must log throught the firewall for access. After that, certain functions or sites are blocked, although there seems to be no rhyme or reason. For example, FTP capability is only available only to certain corporate employees; contractors (me!) are blocked. I have to leave the store to find a wireless hot spot so I can download the files to support the store. :^0

Isn't life wonderful?

This is a protocol in progress. Generally I feel that staff should be able to do as they wish. Visiting dodgy websites should be covered under a Code of Conduct instead of prevented by me. I explain to people why they shouldn't install software without clearing it with me, and why dodgy websites (generally 'free' music or software cracks etc.) are a problem for the network. I do feel that there is a freedom issue here, however, and I also feel strongly that it is a good thing if staff can have access to a high quality network with good machines for personal use for a little of their time in the office (then they don't need a home computer - yipee, resource use reduced). However there are obvious problems, and I have had some extra work because of having to rebuild horrendously infected machines. Clearly a balance is required here. I can't claim to have found it, but if I can run the network without any blocking then I feel I will have done my job. The time may come one day when I need to make my job easier and apply some restrictions but, make no mistake, that would be for my benefit and not for the benefit of the organisation as a whole (unless it becomes impossible to run the network in this fashion).