In any case, I guess it's much harder to do anything about that sort of thing these days, what with so many people on their own connections w##king from home.
How to stop a content filter becoming a career-shortening network component
"Be careful what you wish for." Words that might strike a chord with the IT boss in today's edition of Who, Me? "Lee", for that is not his name, told us of his time as an IT consultant in the Far East, working for a family-owned bank. The bank was extremely wary of this new-fangled internet thing and allowed a favoured few …
COMMENTS
-
-
Friday 3rd September 2021 10:15 GMT diguz
never heard of "security endpoint"? I'm a sysadmin in a medium company (500-ish people) and we have been WFH'ing for the past year... Filtering content on company laptopts whatever network they connect to? Piece of cake: new security endpoint with tamper protection and cloud management...
I've seen many things scrolling through the logs, from torrent traffic to people installing steam (i don't even know why - company laptops only have the iGPU)...
-
-
-
Tuesday 31st August 2021 08:54 GMT This is not a drill
Not an IT issue.
"if the content scanner was turned on then the IT department would have firm evidence and have to confront him."
Why? It's not IT's role to police what people do/see, Information Security/IT's use of a content filter is to ensure that users cannot access/download any malicious or dangerous links/files, cannot leak data, or impact the performance of the internet link.
It's a purely HR issue as to what undesirable content is permitted or not, and they also have to deal with offenders.
-
-
Tuesday 31st August 2021 11:52 GMT Anonymous Coward
Re: Not an IT issue.
"How much experience have you, even in this country, with small family businesses?"
And also businesses run in slave mode, with passports of expats now local confiscated, and the CFO being the local "sponsor" (aka, real owner) of said business.
Can't really mess this up, and put all feelings under the carpet. This or find another job in another country ...
Anon, who only spent a couple of years in said countries.
-
Tuesday 31st August 2021 23:00 GMT Anonymous Coward
Re: Not an IT issue.
These things do just happen "over there", they don't just happen in small family businesses.
I remember a case in London back in the 90s at a major partnership where one of the partners was not following the guidelines they themselves had voted for.
When confronted they replied it was "their company and anyone who didn't like it could f*** off".
As in this story the answer was to provide an isolated system and network connection.
-
-
Tuesday 31st August 2021 10:48 GMT J.G.Harston
Re: Not an IT issue.
Agree: IT's job is to look without seeing. You observe only what is needed to ensure functionality, without actually seeing the content. Exactly the same in my job in NHS IT. I have to "look at" patient records in order to ensure the system is working, but I never "see" them.
-
Wednesday 1st September 2021 08:44 GMT Anonymous Coward
Re: Not an IT issue.
"Agree: IT's job is to look without seeing. You observe only what is needed to ensure functionality, without actually seeing the content. Exactly the same in my job in NHS IT. I have to "look at" patient records in order to ensure the system is working, but I never "see" them."
Which is also perfectly explained in the role of "processor" in GDPR, see https://advisera.com/eugdpracademy/knowledgebase/key-roles-defined-in-eu-gdpr/
-
-
Tuesday 31st August 2021 21:22 GMT anothercynic
Re: Not an IT issue.
Oh dear. Someone's only had experience with the West... *tsk*
The Middle and Far East are *very* different animals where this kind of thing is concerned. Hence the "it's... errr... not convenient". The regions have their ways to mean no whilst actually saying yes, and have their problems when dealing with organisations that are rife with nepotism.
-
-
Tuesday 31st August 2021 09:04 GMT Evil Auditor
Audits of branch offices also included compliance with local regulations. Given that some countries in the Middle East had (and probably still have) some rather strict anti-prawn laws, I had the "joy" of searching for such content on any local storage. And then delivering lists of files that better be deleted to their owners...
-
-
Tuesday 31st August 2021 16:53 GMT Irony Deficient
Leviticus 11:9–12 is relevant to both Judaism and Islam …
… unless the Quran overrides it, e.g. chapter 5, verse 96.
Note that it’s only the Halafi school of Sunni jurisprudence that considers prawns to be makruh (disapproved), but not haram (forbidden); the other Sunni schools, all of the Shia schools, and the Ibadi school regard prawns as halal (permissible). These are in contrast to Leviticus 11:9–12, where prawns are forbidden.
-
-
Tuesday 31st August 2021 19:22 GMT Irony Deficient
Re: Leviticus 11:9–12 is relevant to both Judaism and Islam …
No — neither text exactly describes a “prawn”. The Leviticus text states that “whatsoever hath fins and scales in the waters, in the seas, and in the rivers” is permissible to eat, and whatever lacks fins and scales there is forbidden to eat. The Quranic text states that “Lawful to you is the game of the sea and its food”. Finer distinctions can be drawn by the dietary laws of each religion; perhaps the Torah and the Quran could be thought of as constitutions, under which Jewish and Islamic dietary laws act as legislation for their respective constitutions.
-
-
-
-
Tuesday 31st August 2021 09:29 GMT Ikoth
In the early 2000's, I was working for a large manufacturing company and helped with their roll-out of internet for everyone – up until then it had only been available for us in the IT ivory tower.
We ran a big information campaign – email, posters, training courses on browser use, acceptable use policy, yadda yadda yadda. One of the things we stressed was that all access was logged by IT, with full details of sites, addresses, user ID, etc.
One of my tasks was to setup and manage a proxy server and produce weekly usage reports for the IT manager to peruse. Not long after we went live, a certain username and dodgy looking URL kept appearing in the reports. Being a conscientious sort, I followed the link and landed on a hardcore BDSM site.
I showed my boss the site and the username of the frequenter. He decided, as it was still early days, to send out an email to all staff, reminding them that IT were logging ALL their online activity. No change, the same name and site kept coming up in the reports. The boss sent an email directly to the culprit, warning of consequences if the activity continued. It did.
In a final attempt to fix the problem, before getting HR involved, my boss arranged a face-to-face meeting with the user. He never disclosed the full details of their conversation, but when he returned from the meeting, me and the rest of the team were genuinely concerned for his health – his face was bright red and he was covered in sweat.
Apparently, the drop-dead-gorgeous, part time model, marketing assistant wasn’t phased in the slightest about her browsing habits being subject to scrutiny, and in fact complained that it wasn’t fair for her “stress relieving” internet activity to be restricted.
Shortly afterwards I was tasked with finding a more sophisticated proxy solution that could actually block sites, based on content.
-
Tuesday 31st August 2021 12:28 GMT Admiral Grace Hopper
It helps if management are on board
It wouldn't have helped here, but if the Chair of the organisation is on board with the message it can help when trying to stop This Sort Of Thing
-
Tuesday 31st August 2021 12:48 GMT Anonymous Coward
exceptions policy.
back in the day my company implemented a content monitoring and blocking solution.
this lead to the below notable events
1. the head of IT writing up a list of search terms he wanted blocked on his white board i.e. foot fetish ,BDSM , etc (he was clearly an expert at such things) then afterwards taking a meeting with a customer. with the list still there queue a lot of swearing and apologises.
2. when it went live during the week between christmas and new year we needed to "test the system" queue IT spent the week playing Flash games and doing quizes and googling the soon to be blocked search teams to give us results to test when we turned blocking on.
3. when post new year came head of IT returned from holiday and wanted to review the stats decided on an some adjustments and to delay the blocking phase a week. and give a presentation to the c-level about all the wasted time we would get back be blocking porn , online shopping, games, etc. but seems he hadn't told the C-level in advance of the presentation we were doing this work. day of the presentation we pulled up the biggest users of blocked sites.(minus IT's "Testing")
all the c-level were in the list plus some of the PA's everything from porn browsing to configuring there new cars , they were by far the worst offenders.
surprisingly the system went in still but with an exceptions policy for those who weren't to be reported on.
-
Tuesday 31st August 2021 22:17 GMT Anonymous Coward
Keyword filtering
I used to build the damn things, and I can say unless you hate yourself, don't keyword filter.
I have stood in front of so many managers in front of so many white boards over the years and had to dismantle their illusions with just a few words. "Brass" was usually a good one.
If you think you need keyword blocking, buy an appliance with a better categorization library instead. That's what you are really paying for anyway. The rest of the stuff might as well be open source(or literally is).
Keyword lists are both too easy to bypass, and virtually guaranteed to randomly break the traffic of mission critical systems without painfully exhaustive whitelisting. You also have to be be able to break into the traffic, which can get you in even more hot water. (I could tell you a tale about a customer who's networking team got themselves in a heap of trouble when the "banned searches" we helped them track down were found to be coming from the companies lactation room and going to the HMOs "Wellness portal", and on a related note never crack ssl till you check where it's going first, or you may be talking to a lawyer or HR)
-
Wednesday 1st September 2021 20:17 GMT A____B
Re: Keyword filtering
Agree.
At a previous employer, we had an internal collaboration system which had some filtering applied for banned words.
It would let you type something but then remove offending words and send a report to management.
Sadly it was a little zealous...
"Push down hard on cover plate and turn locking screw clockwise"
would end up as
"Push down ** cover plate and turn locking ** clockwise. THIS POSTING HAS BEEN REPORTED FOR FAILING TO MEET GUIDELINES"
There was quite a fad for excessively wordy circumlocutions in communications with some folks e.g. "tapering connector with externally raised helical binding" and the obvious descent into acronyms for others. Of course, adding in an extra space would defeat it anyway (though the spellchecker may object)
-
Thursday 2nd September 2021 20:54 GMT Terry 6
Re: Keyword filtering
I may well have told this previously, but what teh hell, if I had it's still worth it.
When I did jury service years ago the attempted murder case we were on had to be delayed. The defendant's statement was being sent electronically from the nearby nick*. But it was blocked by the software because said defendant's words included several that were banned. We had to wait while it was rewritten.
*And no, I have no idea why they couldn't have just brought a paper version in. This was never explained to us
-
-