Martin writes:
> \"D. Clyde Williamson\"
>
> > Point two, if you simply block the protocol without training the
> > users, what makes you think they won't simply find another
> > communications protocol? Java chat on a webpage perhaps? Equally as
> > bad, harder to find.
>
> I know this is an awfully elitist view, but users are usually not that
> bright. The average user will say "Oh, I can't use MSN, I guess I'm
> hosed" without ever considering IRC, for example. (Which is what I use,
> but never mind that.) So you WILL stop 99% of the people from using a
> chat by blocking MSNM and AIM.
I think that you'll find the average user is not that 'out of it'
because, likely, you have several MSN people, several Yahoo people and
several etc. people. If you stop one group, then they will learn from
the others. It will happen.
> > > b) The general user community tends to feel that access to a system requires
> > > use of that system. Hence, they try to connect to their family members, long
> > > lost girl/boy friends, childhood companions. (and their managers query me,
> > > 'what happened to productivity?')
> >
> > Tell the managers to deal with users who lose productivity, that's
> > their job. If they think it's a problem, they need to talk to Human
> > Resources. Again, blocking this won't boost productivity, they'll
> > simply find another route. HR knocking a few heads together 'will'
> > improve productivity.
>
> Sure, for a while, but they'll go back to it eventually. Blocking it may
> still be a good idea. I do not, however, advocate blocking it without at
> least issuing a memo explaining why.
Again, 'for awhile' isn't your job... its HR's let HR deal with
it... are they gonna have you check the employees briefcases everyday,
for non-productive stuff? Will you listen to every call from their
phone, to make sure its 'productive'?
> > > c) As a complementary feature to b), they now hold an EXPECTATION that the
> > > services (which I do not control) must be available for them or it is a
> > > minor disaster! ("I can't do my job!").
> >
> > Again, this isn't a reason 'to' block. It's a concequence of
> > blocking. If an employee is treated like a moron, and not told 'why'
> > something is good or bad, then of course they're gonna be upset. Being
> > open with employees, teaching employees simple security stuff, and
> > letting management/HR do their job, makes for happy employees, and
> > less headaches for you.
>
> Some employees refuse to learn; We have that problem here, and we don't
> even have all that many employees. Also, this is closely akin to the web
> filtering [root cause] issue; Parents feel helpless because they don't
> have any way to stop their children without seeing "nasty" things on the
> web, which is what a filter is all about. This is similar, except we're
> filtering packets rather than URLs. Whether either of those things are
> doomed to fail is outside the scope of this email.
No, that's actually a very good point. There isn't a filter program
out there, which cannot be easily bypassed. None. You may think users
are too dumb to get around them... but a few chain mails telling
people how to get by them renders them useless. This is not security,
its babysitting, and that is HR's job. (If employees won't
learn... that's HR's problem as well.)
> > > These are the reasons I am willing to block and forbid access to these
> > > services and ammend usage/security policies to match the reality of life.
> >
> > BTW- Your electronic policies should only be electronic copies of your
> > 'physical world' policies. So unless you have a policy that all phone
> > calls are blocked, unless they are for business, then you're setting a
> > double standard. Very yuchhy.
>
> In most company handbooks there is a rule saying that the phones are for
> business or emergency calls only. This is rarely enforced, however;
> Still, it's there predominantly for liability purposes. So most
> companies do in fact have such a policy. The difference is that there is
> no way to determine programmatically [yet] which calls are
> business-related and which are not; Making that determination requires a
> human.
True, but if that is not enforced, why try to enforce one about the
internet? If people are considered smart enough to use the phone,
train them and trust them to use the net. One company I've worked with
simply makes it known that phone calls are logged, that keeps the
workers on their toes. When abuse (as determined by HR) happens, the
employee is fired. They adopted this same policy for Internet
use... and their logging shows much less garbage than many that
activly filter/block programs, protocols or pages.
In the end IT expends resources in an 'arms race' with the users. Is
that wise? I guess thats up to the IT Management of each company.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: Blocking AOL Messenger
\"D. Clyde Williamson\" <D Clyde Williamson Thu, 25 Jan 2001 16:57:46 -0800
- Re: ... Paul D. Robertson
- RE: Blocking AOL ... Matthew Reams
- Re: Blocking... Daniel Harrison
- RE: Blocking AOL ... Dan McGinn-Combs
- RE: Blocking... Ron DuFresne
- RE: Blocking... Ken Hardy
- RE: Blocking AOL ... Armas, Samuel
- RE: Blocking AOL ... Dan . McGinn-Combs
- RE: Blocking... \"D. Clyde Williamson\" <D Clyde Williamson
- Re: Bloc... Martin
- RE: Blocking AOL ... ROTTENBERG,HAL \(HP-USA,ex1\)
