IT Employment

General discussion


The Email Nazi ? Big Brother?

By ricky at netbilt dot com ·
We use a quarantine server to stop any incoming emails with attachments, for review by our IT staff, mainly for the prevention of viruses (detected and undetected). Our company?s Email Usage Policy states that email should be used for business purposes only, but there has been a silent double-standard created, letting certain personal emails to come through such as pictures of Grandchildren or quick messages from home (in other words, recipient specific content). There is a bit of labor involved in physically going through quarantines throughout the day ? but seems like a sure way to protect the network. I hear of company?s that have nothing protecting what comes in and out of their email server and I wonder how they keep operating. This prompts me to ask several questions:

Is email filtering just not a big deal to some?
Are chain letters considered acceptable usage in your business policies?

Is it just easier to take care of viruses after an outbreak occurs (reactive vs. proactive)?

Is it common practice in the IT world to filter chain letters coming to internal users?

These answers bring me to my primary questions:
Just how close is IT coming to Invasion of Privacy when physically approving or rejecting emails?

To those who use quarantine servers, do you experience the same issues?
If so, do you deal with them in the same way?
If not, how are you ensuring that harmful emails do not enter the network?

Thank you in advance for your thoughts, recommendations, and comments.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Using responsible filtering

by LordInfidel In reply to The Email Nazi ? Big Brot ...

While I will wholeheartedly agree that filtering/quarranting every attachment that comes into the network, will greatly, if not almost eliminate viruses from entering.

(I say almost because e-mail is not the only way malicious files can enter thenetwk)

In any event, having the IT staff go thru every quarrantined attachment makes for wasted time and energy.

That is why I advocate the extension based filtering approach. By filtering based on file extension, you can effectively enforce a strict attachment policy. Without the overhead of having to go thru each file.

I go on the premise that a jpg is generally ok, but there is no need for an end user to be receiving a bat file.

I made a list of the more common extenstions thatshould be blocked at the mail gateway. These extensions typically should never be sent via e-mail nor does the end user have any valid need for them.

The list can be found at

Collapse -

Policy and Need

by Oldefar In reply to The Email Nazi ? Big Brot ...

Privacy begins with an expectation. If there is no expectation of privacy, there can be no invasion of privacy. This is where an email policy that restricts use of company email to company business and asserts company ownership of email comes intoplay. No one needs a corporate account in order to send or receive personal emails today.

A more important question is whether email would be the solution if you were looking at the business objectives and requirements that justify having individual corporate email accounts. I recommend a periodic review of company objectives and requirements to insure the current solutions are still appropriate. Alternative methods of moving files, requesting information, providing information, and keeping in touch with customers exist and provide better solutions to security and integrity. Is it time to kill or at least redefine your corporate email?

Our company uses a business model with each individual office a unique business entity. Centralized IT is focused only on those applications and services necessary as shared resources. This changes the cost distribution paradigm for IT, and the profit and loss impact and perspective. Business objectives and requirements are defined before acentral solution is even considered. Our corporate email passes through with a virus scan function. It is filtered, processed, and stored locally.

Collapse -

Why do you do that -

by JimHM In reply to The Email Nazi ? Big Brot ...

Why do you do that when Norton and other protection programs have an Email scanner already done. And you should have something already running on each workstation.

The cost of an Antivirus for each workstation has to be less than - what it costsfor someone to scan all those in bound attachments then release them -

Strict policies like that are becomeing old school anyway - Business only - no personal mail - like trying to enforce no personal phone calls.

You know everyone is going to make a personal phone call - its the abusive ones that you have to control..

Drop the heavy handed policy - install the local email scanners - you'll save money - resources and time.. Your companies email policy is very outdated...

Collapse -

Local scanners may not be enough

by generalist In reply to Why do you do that -

In an ideal world, having a local antivirus program on each workstation would be enough to handle all but the latest virus. Unfortunately, people sometimes do things that make the antivirus program ineffective. Clicking on an attachment that disables the antivirus program is one example. 'Temporarily' disabling the daily scan that occurs while you are busy is another example.

The amount of time spent cleaning up after them may offset the amount of time spent checking things in quarantine.

Now it might be possible to automate some of the quarantine work. If the same people in the company receive JPG images from the same people outside the company, this could be set up in pass through mode. Ditto basic document and text attachments.

Collapse -

VScan Rules and Policies

A lot of that already happens. Our VirusScan is distributed to our mail gateway, file and application servers, and approx 150 workstations. Workstations update hourly via local repositories, and policies on workstation installations are enforced every 5 minutes. So if someone does disable vscan, it is enabled within the next 5 minutes automatically. The only thing that worries me about depending on this system, can a substantial outbreak occur during that hour the new DAT's haven't updated. By doing quarantines manually, I've seen suspicious emails come through that I've let sit, then shortly afterward getting an alert about a new virus described as that exact email I let sit.

Thanks for your comments!

Collapse -

It's not outdated

by LordInfidel In reply to Why do you do that -

Just handled ineffectilvely.

Relying on virus software to scan and catch every virus is like playing russion roulette with a fully loaded gun. Your going to shoot yourself.

While I don't discredit the need for virus scanners. But I am not going to rely on them for the security of my network, since they are making decisions on a fallable database of information.

Blocking by file extensions is a much more reasonable course of action, when used in conjuction with the virus software.

Collapse -

Workstation dependant?

by ricky at netbilt dot com In reply to Why do you do that -

So any email with an attachment that comes in...let the workstation decide if its a good email or not, as long as it doesn't have a virus, its OK?

Collapse -

First Risk = Cost = Benefits

by JimHM In reply to Workstation dependant?

First do some risk analysis - how often did the scan team find a virus on email from a business? How often did the scan team find a virus on other attachments?

OK - you set down policies - you educate your end-users to the policy and viruses andhow they get through on attachments - You establish Virus scanners on your desktop and servers - (if your smart you lock those down - so that end-user can't shut it down or disable it). You install - BlackList with exception lists to reduce spam mailings -

Now - with a small investment you have reduced your risk by I would estimate 87% - lets say in the risk analysis - you found 1 virus in every 2500 attachments. Now with a 87% reduction - you are very close to 1 in 5000 attachments.

Look - it is a matter of Risk = Costs = Benefits.

For a small investment - Policies, Education, Scanners, Blacklist - you can save resources and increase productivity - by getting rid of the Have handed - Nazi - Big Brother - style of management. Wehave been running this way for over 8 years - Virus infections ZERO - An Educated User with the right Tools - is your best defense - and by permitting them some freedom to send emails to friends increase their productivity ...

RISK = COST = Benefits - Do the Math -

Collapse -

IT may not be in control

by TheChas In reply to Why do you do that -

I worked for a company that had similar policies on phone, e-mail and internet ussage.

The policy came from top management.

If the owner had his way, NO ONE at the firm would have a PC, let alone an internet connection.

He only allows computers, e-mail, and internet access as it is a business necessity for an electronics firm that conveys itself as being "high-tech"

If upper management has dictated such a policy, IT has little choice but to implement it as efficiently as possible.
When you look at the time lost to spam, chain letters, and random web surfing, it is easy to build a business case for restricting the use of company resources.


Collapse -

You need policies and communication

by TomSal In reply to The Email Nazi ? Big Brot ...

...before a technology enforcement will be effective.

I think any IT manager will agree that two banes of their existence is the enforcement of such policies like email use and personal phone calls. Its very hard to enforce something that is whatI call "human nature". Its human nature, I don't care how "elite" you think your staff/company is, that someone at some time will make a personal phone call. Just like if anyone who thinks their fellow associates aren't sending personal emails either to other co-workers or outside the organization - then they are very gullible.

This is how I approach these problems...

First and foremost our company is very fortunate to have an excellent HR manager who possesses very strong communication skills. All employees, during departmental meetings for existing personnel and as part of the hire process for new employees, are given a short "speal" on how the company needs to be concerned about the abuse of its resources for non-business use bothfrom a security and production stand point. All employees are then given the policy in hardcopy form and must sign it on the spot.

Next, on all workstations, servers and at the gateway level I have installed anti-virus software that has the auto e-mail scanner included. Each email item, including attachments, are scanned at all three levels (Gateway, Server and Client).

Finally, I don't like (nor do I have the time to even if I did) being an "Email/Phone Dictator". I have tools to monitor the traffic, soon wil our new VoIP I have similar tools to monitor phone calls. I don't care, and btw the execs in the company agree with my approach, if someone needs to call their spouse/bf/gf,etc. for 5 minutes once in a while or if someone wants to send a funny email every so often. We are humans.

Related Discussions

Related Forums