Re: [lopsa-tech] Internet cop

Thu, 13 Oct 2011 11:53:17 -0700 

On 10/13/2011 08:09 AM, Ian Gorrie wrote:

On 10/13/2011 6:35 AM, Jeremy Charles wrote:



I've been directed to figure out how to decrease the amount of 
Internet capacity that is being used by employees to do things that 
are not work-related.  The examples I've been given are Netflix and 
other streaming media.





Well there's the enterprise way, the ghettohacker way, and the 
HR-fires-you way.



First option: content filtering appliances for whatever bandwidth 
capacities you need.  This will be expensive.  You will have to pay.  
People generally go with whatever existing vendor cuts them the best 
deal and they're all about the same.



Second option: do selective blacklisting of sites using conventional 
cheap proxy tech.  Block outbound internet traffic except from 
privileged VLANS/subnets and make your users proxy/socks out.  You 
won't be able to block protocols super well, but if you add in 
something like packetfence with snort into your proxy deployment, you 
can likely cover all your bases for cheap and have reporting for 
possible third option.

http://www.packetfence.org/about/overview.html


Third option: threaten horrible consequences.  Get HR involved (as 
they like to get reports from option #1 anyway, they'll be involved 
eventually), update your acceptable use policies, and get rid of 
people who can't follow it.

--
Ian Gorrie<[email protected]>  Technology Advisor
CISSP-ISSAP CISA CISM CEHhttp://gorrie.org
PGP Key: 0x88C367CDhttp://www.linkedin.com/in/gorrie


On the Ghettohack way:  Provide custom entries for domains in your 
resolver that resolve certain domains, e.g. netflix.com, to an internal 
web server with a basic block message up.  No expensive software, 
relatively simple to set up and maintain.



On the enterprise route I've only experience with Websense, but it was 
very easy to install and simple to use with a web interface I was 
relatively happy allowing non-technical senior staff access to (on the 
basis that I didn't really give a damn what browsing people were doing, 
and if management accidentally stopped filtering, well 'yah boo shucks')


Paul

_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
 http://lopsa.org/






















					Reply via email to