Internet policies?

[disciple]

I work for a large autobody shop where we have grown very quickly from 1985 two stalls to 2001 28000ft body shop six downdrafts and two tow companies, and autoglass mobile and in house these are in a separate building which we connect to our network through fiber optic cable. Our workstation amount has grown as has our server size and users of workstations. We don't have a true sysadmin except the owner and I. We recently added a always on 500 up 500 down internet connection which is on fiber. What I would like to know is what kind of policies do you have in place as to downloading programs and installing them to the workstation that are not business related. Some employee's feel the need to do this and have caused me to have go and spend valuable time fixing there computer after these progs mucked them up. How harsh are some of the policies? What are the problems network wide that can come from this virus, worms and such could come in this way true? any replies would be appreciated. Russ

When I have worked for a smaller company with an internet connection we had the connection at our desks, BUT.. No one, NO ONE was allowed to install anything that was not first approved by Admin. (Which wasn't much) I got a couple progys ok'd but they enhanced my work perfomance, and finally my P-mail program. But that was it. It was taken as a serious infraction, if someone did not ask before they installed or did it after being told no.

Invest in some entry-level administration software, perferably with remote admin capabilities. Lock every resource except for what is essential for operations! This way if someone wants to install something, then they will definitely have to go through you to do it.

I am not paranoid, but open rights with full system access is an invitation for trouble, atleast this has been my experience. You are in business, so time is money. Personally, I definitely would not want to waste my time fixing un-necessary problems that could have been avoided in the first place.

My $0.02,
Robert Richmond

[Graham]

The company I work for (>100,000 employees) has a ploicy that states, no porn, nothing to bring the company into disrepute, no unregisterd (stolen) software, and they block pages that they consider unsuitable (often innocent).
I dont recall seeing anywhere a statement that programs should not be D/L, although I am sure they would find one if anything happened.
Those of us with laptops treat them very much as our own (I guess that is not company policy either), but with many people needing lots of different progs to do their jobs, there must be a lot of leeway, the company "build" does not include things like winzip, an essential nowadays.

I wonder if your employees need internet access at all, most dont I am sure, you could set up an "intranet" and control their access through that, or block it entirely.


G

[JacobM5727]

my mom works for Qwest:
when my she worked downtown she had a pretty easy going setup
now though she is in a different place (same company)
and she is behind a firewall, she cannot go to most websites, and cannot download practically anything

[DVNT1]

here's a few samples...

http://www.surfcontrol.com/resources...icy/index.html

http://directory.google.com/Top/Comp...mple_Policies/

http://spam.abuse.net/aup.html


I couldn't find the one I started with but some of these should make a good starting point for you.


I have software by ElronSoftware.com that filters email and monitors WWW access. I also use Novell's proxy software which allows me to prevent ANY downloads I choose by file name and/or by site. I actually block all *.mp3, *.avi, *.exe, *.com, *.dll, *.pif, *.scr, *.bat, and some others I can't recall at the momment, from both email and Internet downloads. I also block outgoing email with the same attachments. Oh yea, I also block all *.htm/*.html from incoming/outgoing email too (virus prevention).

It has been very valuable in preventing trojan/virus files from entering the network.


Do worms/virus really enter via Internet? Of course! I couldn't begin to tell you how often local businesses in my community have been hit. A local bank took nearly a week just to clear itself of the Nimda problem.

Have you ever checked into the fines for unlicensed (illegal) software? Very expensive. See http://www.bsa.org/ for more info.

Grrr BSA.
Microsoft's Gestapo.

My Opinion of the BSA

[osprey4]

We are not allowed to download and/or install anything. Needless to say, this is not well policed, an almost impossible job. However, should you have any problems, the IT guy comes by with a ghost image of your original hard disk and installs it right over your drive. They never bother to fix anything.

Jn

[prttybean]

Our policy reminds the users that the PC is company property. No porn, no unathorized software, etc. It also states that we have the right to monitor all communictions from the PC and that those communications are also company property. Now, with that being said I occasionally have issues with a branch offices inappropriate usage. Exp. Downloading Bonzai Buddy, MSN and Yahoo Messenger services, internet porn. Sometimes it works if I pull the person aside and remind them of the policies in person. They generally turn red and never do it again. This branch though is a little different. I sent another copy of the use policies and the division manger sent out a memo telling them to knock it off. We'll see if it helps.

[TonTo]

I work for an ISP,
our only rule is,
"nothin that will offend the customer..."

if you do somthin to your computer... and it messes your computer you fix it.... cuz you can't break down and let other geeks know that you messed up... hehe