Sudhakar Chandra rearranged electrons thusly:
> You know from our sparring on similar issues in the past that I am
> fundamentally in disagreement with you in this regard.
Thaths - I respect your viewpoint (but am also hampered by "corporate policy"
- which ppl seem to be very strong on) ;)
> Email can be used for file sharing too. So can FTP and HTTP. Are you
> going to close down acess to those services too? Draconian net
The scope for damage is limited in e-mail by mailbox quotas (and a decent
anti-virus firewall).
> users. Your energies are spent much moe productively if you could
> educate your users on basic online safety (don't run J. Random Cracker's
> exes. Disable macros in Office. Do not run excecutables you get in
> email etc.).
We keep pointing this sort of thing out - but with non tech people, they may
not always realize the dangers of (say) having open file shares, clicking on
attachments (or worse, run outlook which automatically executes active
scripting etc). We have tried telling them to turn off active scripting, use
a safer mail client (like eudora) etc etc. Doesn't always work out :(
> As I've indicated... mp3s can be downloaded through FTP/HTTP. People
> can chat using java clients through their browsers. The list of
That is right. We don't firewall everything under the sun, for what its
worth. However, we definitely look at the firewall logs if the network slows
to a crawl. Generally, it is some bright soul downloading MP3s (and having a
dozen messenger windows open at the same time). An ipchains rule to restrict
that guy to the LAN (where he can get his mails anyway) solves things ;)
> Get more bandwidth. People communicating with each other produce
> ideas. Trust your employees. They'll trust you.
Bandwidth, unfortunately, costs a heckuva lot here - and is perennially in
short supply. We trust our employees here to a very large extent - but still,
at least some steps do have to be taken ;)
For example, a look at the firewall logs today showed outgoing connection
attempts being made to some weird port on what appears to be a linux box on a
cablemodem. That machine had an MTX worm which had backdoored it.
Coincidentially, the guy whose machine it is practically lives on irc (we have
not firewalled port 6667 at least).
> And the return on the Rs 4 lakh investment through the employees
> improving their knowledge is priceless. How can you place a price on
> the time i spend in #debian on irc.debian.org? It is very possible that
Not everybody spends time on #debian (or #linux-india for that matter). It's
more likely to be "teen chat", "bangalore masala" or whatever.
> I might learn something during my time on #debian that might be useful
> in me doing my job tomorrow. In fact, this has happened numerous times
> in my case.
That, Thaths, is called "use". Unfortunately, there is also a lot of abuse,
which forces admins to take at least some draconian steps.
Right now, like I said, we are not firewalling IM / IRC etc (only napster
sites are firewalled for obvious reasons). However, we do monitor firewall
logs and disconnect network hogs. (it could be far worse, if I were to listen
to some suggestions coming in from the PHB's - "block freemail services" for
instance)
--
Suresh Ramasubramanian + mallet<@>efn.org
You spamma my mailbox, I nukea da ass
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
