I know that we have these arguments here a few times a year. But, if
you happen to look at the information below, notice a few things.
[EMAIL PROTECTED] writes:
<---snip--->
> However, there are three points that I continue to make although I generally
> feel like a voice in the wilderness:
>
> a) as was said below, the general user community feels they are making
> private conversations that no one will overhear, and hence say embarassing,
> incriminating and confidential and potentially legally litigatable things
> over IM. I have seen on more than one occasion someone send a password
> through MSN Chat thinking it would be "OK."
Here, it sounds as if your users need some 'training'. A brief
security class, email, required online-class, etc. is usually
sufficient to quell this problem. In fact you security policy should
have something about 'never, ever, ever, never, tell anyone your
password)
Point two, if you simply block the protocol without training the
users, what makes you think they won't simply find another
communications protocol? Java chat on a webpage perhaps? Equally as
bad, harder to find.
> b) The general user community tends to feel that access to a system requires
> use of that system. Hence, they try to connect to their family members, long
> lost girl/boy friends, childhood companions. (and their managers query me,
> 'what happened to productivity?')
Tell the managers to deal with users who lose productivity, that's
their job. If they think it's a problem, they need to talk to Human
Resources. Again, blocking this won't boost productivity, they'll
simply find another route. HR knocking a few heads together 'will'
improve productivity.
> c) As a complementary feature to b), they now hold an EXPECTATION that the
> services (which I do not control) must be available for them or it is a
> minor disaster! ("I can't do my job!").
Again, this isn't a reason 'to' block. It's a concequence of
blocking. If an employee is treated like a moron, and not told 'why'
something is good or bad, then of course they're gonna be upset. Being
open with employees, teaching employees simple security stuff, and
letting management/HR do their job, makes for happy employees, and
less headaches for you.
> These are the reasons I am willing to block and forbid access to these
> services and ammend usage/security policies to match the reality of life.
BTW- Your electronic policies should only be electronic copies of your
'physical world' policies. So unless you have a policy that all phone
calls are blocked, unless they are for business, then you're setting a
double standard. Very yuchhy.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: Blocking AOL Messenger
\"D. Clyde Williamson\" <D Clyde Williamson Thu, 25 Jan 2001 07:56:19 -0800
- Re: Bloc... Ron DuFresne
- Re: Bloc... Jose Nazario
- Re: ... Paul D. Robertson
- RE: Blocking AOL ... Matthew Reams
- Re: Blocking... Daniel Harrison
- RE: Blocking AOL ... Dan McGinn-Combs
- RE: Blocking... Ron DuFresne
- RE: Blocking... Ken Hardy
- RE: Blocking AOL ... Armas, Samuel
- RE: Blocking AOL ... Dan . McGinn-Combs
- Re: Blocking... \"D. Clyde Williamson\" <D Clyde Williamson
- Re: Bloc... Martin
- RE: Blocking AOL ... ROTTENBERG,HAL \(HP-USA,ex1\)
