I stated that I agree with an internet usage policy or AUP policy.
Eh, I am really confused... What is the point of your reply ?
-Marcus
Amos Jeffries wrote:
On Wed, 04 Nov 2009 09:59:43 -0200, Marcus Kool
<marcus.kool@xxxxxxxxxxxxxxx> wrote:
Everybody is entitled to have its own opinion and I respect them.
I agree that a company should have a internet usage policy and
communicate this clearly with all staff.
Nevertheless, there are many persons who simply do not obey such
policy and tracking those persons consumes too much time from
a network department. Therefore many companies have implemented
URL filters to block unauthorized access to proxies, adult, sport,
entertainment or whatever is unauthorized.
Most URL filters also block SSH tunnels, VPNs to a home computer
and so forth. These types of tunnels are a security nightmare.
A URL filter is definitely a good option and a doomed success.
Regards
Marcus
Hi Marcus,
I think you are misunderstanding Henrik and the others comments a little.
They are not arguing opinions. They are simply stating the requirements.
Yours is the first posting to contain personal opinion on the subject.
An AUP policy is not a personal opinion or joke. It is a serious legal
requirement to have some form of service agreement publicly available and
in writing before going down the blocking track. Blocking and filtering
access to _anything_ otherwise public is controversial and can lead into
difficult situations technically, legally and commercially. When you reach
the point of kicking people off your network for evading the blocks and
filters you need grounds to do so. It _will_ happen.
Amos
Henrik Nordstrom wrote:
tis 2009-11-03 klockan 07:43 -0800 skrev espoire20:
I have my Server proxy under Squid work very well but in the last time
the
users start to use anonymous proxy that allow users to connect to the
Internet via an external site and bypass restrictions , so if you know
some
blocking tools under squid or linux to stop this big problem
The first and primary tool you need is an agreed and enforceable terms
of use which clearly states that the users are not allowed to try to
bypass the access restrictions.
Then set up a blacklist of known proxy sites, responding with a clear
message in the line of "Terms of use / Policy violation. Your
unauthorized access have been reported to management".
Then if users continue to intentionally ignore the rules then suitable
action needs to be taken administratively. When this has been done once
or twice the rest usually learns not to do the same..
Trying to fight this purely technical is a doomed failure. If the users
want to bypass the rules and know it's entirely safe to do so then they
will continue and all you end up with is a technical war between you as
technical maintainer of the restrictions and your users trying to find
ways to bypass whatever technical means you set up to implement the
restrictions.
Regards
Henrik
