[ILUG] Controlling Internet Access

Dermot Beirne Dermot.Beirne at exel.com
Fri Nov 16 17:56:23 GMT 2001 

John,
I feel compelled to explain my position on this, even though it is not
quite as sinister as you make it out to be.

I need this solution for the following reasons:

1. Grant access to the net using domain username + password, because we are
currently using IP address to do so, and wish to change to DHCP.
2. Restrict what sites can be visited, because we have a large portion of
PC's on warehouse floors, where giving unrestricted 'net access when only
one or two sites are required is asking for all sorts of trouble.
3. Be able to view visited sites, trace 'net use, for legal reasons.  As
another site member mentioned, the company providing the 'net connection is
responsible (at least in part) for whatever it is used for.  This has
recently become a serious issue for a fellow sys admin in another company
after defamatory material was posted on bulletin boards and traced back his
company's network.  Not being able to even remotely trace this activity
back to at least the site in question, is also, asking for trouble.
4. Use a web cache, so that we can speed up the net connection and release
some bandwidth.

I am sure that you can tell me of a dozen other ways to do this, but don't
bother, unless it's extremely difficult to either implement or administer a
Linux based solution for the above, then this is what we have chosen to do.
I suppose you'll have to take my word for it when I tell you that neither
I, nor my team, have the time or intention to watch the daily activity of
our companies 'net users.
Furthermore, I believe it is standard company policy in most places,
including here, that all users are given a copy of the Internet Usage
policy which informs them clearly that such monitoring is possible if
necessary, so they would have to be very foolish to carry out such activity
in the first place.

I hope I've justified my covert activities, I understood that the list was
also here to serve the benefits of anyone attempting to increase the use of
Linux in general.

Dermot.

________________________________________
No users where killed in the writing of this email

>>
From: ilug-admin at linux.ie [mailto:ilug-admin at linux.ie]On Behalf Of John
A. Kinsella
Sent: Friday, November 16, 2001 3:18 PM
To: Chris Higgins
Cc: John A. Kinsella; Irish Linux Users Group
Subject: Re: [ILUG] Controlling Internet Access


My main point is/was that the "monitoring" mindset is inconsistent in my
opinion with what I perceive to be the culture of this group.

(Anonymous monitoring is fine - I am referring to tracking people's
web access by name of employee.)

This is of course a matter of opinion (mine) and I would fight to the
death (blah, blah) for the right of others to hold other positions and
post messages exhibiting them.

IMHO, such monitoring is pointless (as Chris implicitly concedes below).
It may be legal but would irritate me almost as much as microphones in
office to monitor conversations. (After all, my employer pays for the
office, electricity, heating etc. so why not?).

John

Today Chris Higgins spoke, saying:

CH> > Has it occurred to anyone (including originator of this thread) that
what
CH> > he is planning is an egregious invasion of (sombodies) privacy? (Even
if
CH>
CH> How come ?  You assume that the users are unaware of the intent  / or
that
CH> they disagree with it - or that they have no choice ...
CH>
CH> The question is a valid question, regardless of your beliefs into it's
CH> privacy impact...
CH>
CH> *Every* company that I've ever worked for has kept the proxy logs,
CH> and the administrators have run reports (identities not published)
CH> of the type of usage which has been the greatest waste of bandwidth.
CH>
CH> This is perfectly valid under the DPA, and I can't see why any employee
CH> would have any objections (the information is anonymous)....
CH>
CH> Now - abuse of that information is something else, the use of it to
CH> track an employees activities is a whole different story - and I can
CH> see why you could raise an objection..
CH>
CH> But it's dead easy to mess with the administrators head - simply cron
your
CH> linux box to wget slashdot at odd hours of the days - it'll jump all
over
CH> the place - especially interesting when it happens at two in the
morning
:)
CH> All that overtime - and never appreciated :)
CH>
CH> As to restricting access by user - what's wrong by that - it's not
CH> very nice if you expect full and free internet access as a perk
CH> of your job - but if it's not a perk of your job - what rights do
CH> you have to claim it ?
CH>
CH>
CH> > he has been asked to do it by an employer.) IMHO it seems rather
CH> > inconsistent with the general culture of this user group.
CH>
CH> To provide cool ways to get linux into every organisation ?
CH> We'll stop at nothing ! :0)
CH> >
CH> > Or maybe it is a wind-up.... :-/
CH> >
CH> > John
CH> >
CH> > John A. Kinsella        Ph:  +353-61-202148            (Direct)
CH> >                         +353-61-333644 x 2148     (Switch)
CH> > Mathematics Dept.       e-mail: John.Kinsella at ul.ie
CH> > University of Limerick       FAX:       +353-61-334927
CH> > IRELAND                 Web:    http://jkcray.maths.ul.ie



______________________________________________________________________
Important Email Information

More information about the ILUG mailing list