On Tue, 19 Sep 2000, mouss wrote:
> - privacy: who is allowed to see the log reports? the admin is ok, but why
> the managers? the FW is here for security not for "spying" the employees.
The managers MUST be able to see the reports for their employees- that's
where the judgement call of acceptable use should be made. Your manager
may have you investigating online shopping things in antcipation of the
company opening its own Web store- the firewall admin probably wouldn't
know that and shouldn't have to weigh the business' benifit of having you
reading engine modification tips for an hour for your car versus working
on a project that's ahead of schedule. Besides, the admin shouldn't be
the punishment authority, so the manager or HR are the only choices, and
HR won't be as forgiving or know the workflow/hours/productivity as well
as the manager should.
Work in a company with thousands of reporters, and you'll even have
legitimate visits to Victoria's Secret, Playboy, etc. The editor in
charge of those people will know what stories they're working on, the
firewall admin won't and shouldn't [protecting sources and logfile
seperation are different issues entirely.]
> - managers may jump to bad conclusions. While the admin can understand
> much things about networking, this is not necessarily the case of managers.
> indeed, for a manager, the "lost tme" is the total time the user doesn't spend
> on working. but this is not exactly the same as the one in the logs (just
> imagine
> automatic downloads and the like. one can work while his machine is surfing!).
> also, if you receive messages from a mailing list, you'll be in the
> top-mail-recipients,
> even if you don't read them. ...
The admin should be able to help the manager understand the logs, but that
doesn't mean the admin should be performing personnel actions. I've
explained many log files to managers, including the possibility that some
things could be difficult to judge. In almost negative every case, the
manager has known there was a productivity drain, something
funny going on, or had a host of other issues with the employee but needed
something to tip the scales. In the positive cases, we just made sure
that the manager had made his VP aware of the issues and that a company
officer had made the call that the activity was ok for that particular
employee. Faced with a lawsuit, the company has the choice of defending
the action or hanging the officer in question out to dry. We generally
made sure our VP was aware as well, just to seed the pot for "definitely
an approved activity."
> The only reason I see for limiting access is for legal or reputation problems.
> but that's a long long story. After all, I'm not a lawyer :)
There also may be overriding social, political, moral, technical or
economic reasons. All of those are as valid as legal or reputation
issues.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
