[LINK] Work PCs

Alastair Rankine arsptr at internode.on.net
Wed Apr 4 21:16:26 AEST 2007 

On 02/04/2007, at 9:15 PM, Howard Lowndes wrote:

> I seriously think organisations are tackling this the wrong way  
> around.  They are trying to blacklist sites when they should be  
> using a border proxy and whitelist ACLs.  Sure, they are going to  
> get a lot of screams about "I just have to have access to  
> porn.com", but if management was serious about addressing this  
> problem then they would require that any request to add a site to  
> the whitelist should be fed up through the management channels so  
> that it can be correctly reviewed.  In most organisations there  
> just is no need for almost any employee to visit non-work related  
> sites.

Very nice theory. Have you tried to put it into practice? Oh, so  
those screams you hear *are* from putting the theory into practice?  
Maybe some of those screams you're hearing are actually legitimate?  
How would you know in either case?

Just because [corporate IT guy] can't think of a legitimate reason  
why [peon] should not access site X, doesn't mean that there isn't  
one. More likely it means that [corporate IT guy] has *no idea* what  
[peon] actually does on a day-to-day basis, and what information the  
latter needs to do their job.

The following is *not* a hypothetical:

Marketing comes up with a great idea: post the video collateral on  
YouTube. Fantastic, pats on the back all round. Includes in the  
company newsletter how clever they are at opening the kimono and  
leveraging synergies with web 2.0 and the buzzword economy.  
Unfortunately such a great announcement comes with a disclaimer:  
employees wishing to view the new footage must use their own internet  
connections because YouTube is blocked by the great firewall.

I can give many, many more examples but I choose not to.

Speaking for myself, I have no idea what information I am going to  
need to research on the internet on a day to day basis. It could be  
some research paper, open source library, vendor documentation, user  
forum, news site, ... and yes even YouTube from time to time. So if  
*I* have no idea how to construct a whitelist for myself, how on  
earth are corporate IT going to do it?

If your employees are accessing inappropriate material at work you  
have a *management problem*, not a technology problem.

More information about the Link mailing list