Forgot your password?
typodupeerror

Security Fears Prod Firms to Limit Staff Web Use 242

Posted by Zonk
from the no-net-connection-can-feel-brain-dying dept.
Carl Bialik from WSJ writes "Companies are limiting employees' use of free Internet services, such as Skype and video downloading, to protect themselves from viruses, communications traffic jams and regulatory missteps, the Wall Street Journal reports. ABN Amro's global head of strategy and engineering tells the WSJ, 'I'm not allowing Skype because I don't know what it does.' Some colleges and departments at Cambridge University also ban Skype. The limits affect executives as well as the rank-and-file, the WSJ finds: ' "I used to think nothing of checking my Yahoo mail several times a day," says Global Crossing Chief Marketing Officer Anthony Christie. Now that he can't, his long workday makes it hard to avoid using his work email account for personal messages, he says.'"
This discussion has been archived. No new comments can be posted.

Security Fears Prod Firms to Limit Staff Web Use

Comments Filter:
  • Oh noes (Score:3, Insightful)

    by Anonymous Coward on Tuesday April 04, 2006 @11:21AM (#15058230)
    Now that he can't, his long workday makes it hard to avoid using his work email account for personal messages, he says.'"


    What's next? Complaining that you can't use company funds to go on a vacation? Complaining that you can't use company computers to play games?
    • Re:Oh noes (Score:3, Interesting)

      by toleraen (831634)
      Exactly, whatever happened to only giving people what they need to get their job done? Where I work we have several services block...I don't even bother trying most things. It's locked down, which it should be. Nobody needs AIM at work, you don't need access to bittorret, etc etc. Better to lock stuff down than get your network owned by some idiot that can't stop talking to MSN bots.
      • Re:Oh noes (Score:5, Insightful)

        by voice_of_all_reason (926702) on Tuesday April 04, 2006 @11:36AM (#15058404)
        A seriously heavy-handed comparison, but I can't resist posting this quote from Rita Hayworth and the Shawshank Redemption. Ever wonder why Andy was allowed to keep posters in his cell given how religious the Warden was?

        The prison administration knows about the black market, in case you were wondering. Sure they do. They probably know as much about my business as I do myself. They live with it because they know that a prison is like a big pressure cooker, and there have to be vents somewhere to let off steam. They make the occasional bust, and I've done time in solitary a time or three over the years, but when it's something like posters, they wink. Live and let live. And when a big Rita Hayworth went up in some fishie's cell, the assumption was that it came in the mail from a friend or a relative. Of course all the care-packages from friends and relatives are opened and the contents inventoried, but who goes back and re-checks the inventory sheets for something as harmless as a Rita Hayworth or an Ava Gardner pin-up? When you're in a pressure-cooker you learn to live and let live or somebody will carve you a brand-new mouth just above the Adam's apple. You learn to make allowances.

        Same goes here. Bad employee morale is definitely bad for business, because it's across the board. The guy who spends all day browing google video will eventually get discovered when his productivity tanks. It's not worth it to make everyone else in the company unhappy.
      • Re:Oh noes (Score:2, Insightful)

        by Volante3192 (953645)
        whatever happened to only giving people what they need to get their job done?

        Sound in theory, but what if your paid to be on call for 8 hours? Help desk type stuff. I'd go batshit insane if everything was locked down so hard that I couldn't relax a bit in the lulls between calls.

        And don't say "work on other projects" because when you have to be able to break off your thought process at the sound of a ring, it's nigh impossible to really focus on something complex.

        You start finding little things made out o
        • Re:Oh noes (Score:3, Insightful)

          by drsquare (530038)
          Sound in theory, but what if your paid to be on call for 8 hours? Help desk type stuff. I'd go batshit insane if everything was locked down so hard that I couldn't relax a bit in the lulls between calls.

          What do you think people did before computers, or today in places where there are no computers to play on? When your employer buys you a computer, it's a tool to do your job, you can't expect anything more, no more than you can expect entertainment from a screwdriver or a hole puncher.
          • Re:Oh noes (Score:2, Funny)

            by Volante3192 (953645)
            What do you think people did before computers, or today in places where there are no computers to play on?

            Well, I wouldn't know...but I do doubt that I would have been working a help desk for computer support. heh.
          • Re:Oh noes (Score:2, Funny)

            by M1FCJ (586251)
            What do you think people did before computers, or today in places where there are no computers to play on?

            Well, Einstein was working as a patent clerk when he came up with the relativity theories. Everyone does something to break the boredom. Einstein solves the mysteries of the universe, I post to slashdot. (I know, I am hopeless, I will never be able to finish my grand unified theorem which involves lots of nude ladies and milk chocolate cream).

        • > Jungle voodoo orgies...

          Are you hiring?
      • Exactly. You wouldn't allow your employees to make unaccounted for Long distance calls, or do other such things. but sometimes things go too far. Some employers have a whitelist of sites, and you can't access anything else. It's like giving someone a hammer, and saying they can only use it to take nails out. Don't severly cripple the tool just so people won't bang their thumbs.
      • Re:Oh noes (Score:4, Insightful)

        by oGMo (379) on Tuesday April 04, 2006 @12:05PM (#15058689)
        Exactly, what happened to only giving people what they need to get their job done?

        Yeah, people could be chained to their desks and allowed 3 5-minute bathroom breaks and a 15-minute lunchbreak. That's all they need, think of the productivity increase! We could use children, too!

        Oh wait, I think they have labor laws now.

        What happened to having a pleasant workplace where you enjoy what you do? Little things make a lot of difference. I'm not talking dot-com era overindulgence, but personal email access is not too much to ask.

        Most people spend at least 8 hours of their waking day, during the prime of their wakefulness, at work. It should not be too much to ask for this to be a pleasant time: people who enjoy being at work get stuff done and are more loyal than those who hate where they are, what they do, everyone around them, and the company.

      • Re:Oh noes (Score:5, Insightful)

        by Khammurabi (962376) on Tuesday April 04, 2006 @12:12PM (#15058764)
        Nobody needs AIM at work.
        Actually, the company I work for requires it. It's very intrusive and time consuming to either walk over to someone's office, or call the person up right then and there. The person could be in a meeting or busy, and your walking over or calling can be very disruptive.

        IM is just a faster form of e-mail, and (just like e-mail) it requires discipline not to fritter away the company's time "talking" on it all day. But there have been quite a few instances where my COO or a trainer shoots off an IM during a presentation with a question. IM is useful in that it is quick and discrete.
    • Re:Oh noes (Score:5, Insightful)

      by kfg (145172) on Tuesday April 04, 2006 @11:33AM (#15058376)
      What's next? Complaining that you can't use company funds to go on a vacation? Complaining that you can't use company computers to play games?

      Complaining that the shackles won't let you move more than 3 feet from your desk?

      Tell ya what, if I can't use the company phone/email to make that doctor's appointment or let my wife know I'll be home late, well, I'm leaving for the day, and you can fuck your deadline and TPS reports.

      I work because it is necessary to maintain my life. I do not work so I can maintain yours. If we cannot formulate a reasonable social contract where we both benfit our lives by pooling our resources you will have to do without me. I am neither your mommy nor your slave.

      KFG

      KFG
    • Apparently "what's next" is seeking to get that troll post to be first post. Congratulations.
  • Job Qualifications (Score:3, Insightful)

    by saihung (19097) on Tuesday April 04, 2006 @11:22AM (#15058237)
    This guy should write legal policy in Burma: ... tells the WSJ, 'I'm not allowing Skype because I don't know what it does.'

    I mean, just, wow. And here I thought that the "anything I don't understand must be bad" school of management was going out of style.
    • Block by default. (Score:5, Insightful)

      by blowdart (31458) on Tuesday April 04, 2006 @11:27AM (#15058301) Homepage

      I'm not allowing X because I don't know what it does does not necessarily equate to X is bad

      Banning an unknown service from a network is the more sensible default decision for a corporate network to take. Firewalls should block everything by default, corporate desktops should stop installations of anything not checked and cleared. Why should skype be any different?

      • I manage firewalls for some small and medium sized businesses. I used to have a default allow policy for out-going and blocked individuals hosts or ports as the need came up. But as time went on, it became clear that a default deny policy was the only maintainable way to go. Also it helped catch compromised machines on the local network that were trying to phone home.

        As for what to allow users to do, that's changed as well. Years ago the network access was a perk of the job. But that has been cut ba

    • No, its a pretty standard strategy on hardening your security. Everything is unsafe until proven safe.

      Sometimes it can be overkill, but it is definatly a smart way to approach things if your security conscious.
    • Skype is closed source, the binary is full of obfuscation, and you can't examine the network traffic. "Trust but verify" is replaced by "trust".

      You could use Filemon to make sure Skype's not reading your disk, and other tools to check whether it's keylogging, but a busy paranoid could be excused for not taking the trouble.

      I sure wouldn't want to pay a sysadmin who allowed things on the network without knowing what they did.

      (I use Skype at home but I'm not risking someone else's network by doing so).
    • He's not saying he doesn't understand what Skype claims to do (i.e. provide an internet telephony service), but that he doesn't know what it does (e.g. install malware, open up security holes or intentional backdoors by virtue of running as a server app; forward copies of your mailbox to skype.com for international corporate espionage...) With Microsoft you may not care; if it goes wrong there are deep pockets to sue. With open source you don't care, because you can verify it for yourself. With Skype/Yah
    • by Mindwarp (15738)
      His answer should have been "We're not allowing Skype because we're an investment bank, and the S.E.C. says that we're not allowed to use any form of communication that isn't logged and audited."
    • Apart from a "deny by default" firewall policy, our user policy pretty much says that users will not install any software that isn't provided by the company. We don't provide Skype, so why should we allow them to use it?
  • by garcia (6573) on Tuesday April 04, 2006 @11:23AM (#15058244) Homepage
    "I used to think nothing of checking my Yahoo mail several times a day," says Global Crossing Chief Marketing Officer Anthony Christie. Now that he can't, his long workday makes it hard to avoid using his work email account for personal messages, he says.

    Sometimes I wonder if this is exactly what companies *want*. They don't want people to use outside e-mail (especially ones running over https) because then they can't easily monitor what their staff is doing.

    If people are using their work e-mail for their personal use, the company gets to see exactly what, where, how, and when their employees are spending their own time. If the employee opts to not use their work e-mail for anything personal, the company knows that they now have the other added benefit of possible added productivity.

    I'm just glad I can use SSH and tunnel everything over that. If I can't do that, I have GPRS service on my mobile device and I *could* use that for AIM, e-mail, and browsing instead.
    • If the employee opts to not use their work e-mail for anything personal, the company knows that they now have the other added benefit of possible added productivity.

      Because we all know that treating staff as machines, and expecting them to work constantly throughout the day without taking the odd couple of minutes as a break now and then or dealing with an important personal matter, is definitely the way to increase productivity, right? :-/

    • by PFI_Optix (936301) on Tuesday April 04, 2006 @11:37AM (#15058417) Journal
      If people are using their work e-mail for their personal use, the company gets to see exactly what, where, how, and when their employees are spending their own time. If the employee opts to not use their work e-mail for anything personal, the company knows that they now have the other added benefit of possible added productivity.

      I don't think that's the case at all. Most companies could really care less what an employee does in their off time so long as it doesn't harm the company. What they do care about is things like trade secrets going out via an anonymous hotmail account or employees wasting hours talking to their significant other and circumventing the phone system monitoring by using Skype.

      I'm just glad I can use SSH and tunnel everything over that. If I can't do that, I have GPRS service on my mobile device and I *could* use that for AIM, e-mail, and browsing instead.

      I think that's where things should be headed. A cell phone doesn't have easy access to corporate documents (though cameras do facilitate that to an extent) and typing a lengthy e-mail is difficult, so trade secret theft (intentional or otherwise) by employees might be reduced significantly.
      • I think that's where things should be headed. A cell phone doesn't have easy access to corporate documents (though cameras do facilitate that to an extent) and typing a lengthy e-mail is difficult, so trade secret theft (intentional or otherwise) by employees might be reduced significantly.

        My cell phone connects to my laptop and works as a modem, via infra-red or Bluetooth. It's trivial to drag-drop a file onto the phone.

    • They don't want people to use outside e-mail (especially ones running over https) because then they can't easily monitor what their staff is doing.

      That is exactly it. Most companies don't mind their employees doing limited personal business on company time, but whereas it's legal under the ECPA to monitor personal emails sent through the company email system, it's a felony to do so for personal emails sent outside that system, even if a company computer is used to access them.

      If you make 'em use the compan
    • by hotspotbloc (767418) on Tuesday April 04, 2006 @01:24PM (#15059536) Homepage Journal
      I consult for a small company that had a problem with an employee IMing all day. The rule (with my recommendation) was "IM/IRC/browse all you want so long as it doesn't effect your work". Well, she would IM almost constantly and rarely did her job. Solution: we signed her up with AIM/gmail accounts specific to work, logged all text (we use gaim) and told her she couldn't use any other IM accounts or clients. In a month they'd review her work and decide to either: return full IM services (with logging only on the company account), keep the restricted account or kick her to the curb.

      After reviewing the logs for the month of probation we found the idea worked well for the first four days and then she added in her own IM accounts. While I could've made it tough for her to make any changes to GAIM I didn't because I refuse to treat adults like a forth grader. She was told that her IM sessions would be reviewed and not to add or remove any IM accounts, which she did, so she was fired.

      The problem highlighted a possible future issue and we decided to require all employees to use a company related IM account just for company business. If they want to conduct personal IM conversations at work then they can use whatever other client they want. If an employee's performance is a problem and personal net access is high then they are put on "restricted access" for a month. So far the restricted access use has worked well and no one else has been fired for excesive personal net usage.

      Moral of the story: Management needs to treat their employees like adults and not like children, let them use the net (IM, ssh, irc and most any web site since the only filtering we do is with prioxy) for personal tasks and work with those that don't follow the rules. So far everyone is fine with the rule because it is reasonable, allows for liberal personal net use and not draconian like most places. The only really strict rule is if you download and share any pron at work you're gone (to avoid an expensive sexual harassment suit).

      Complete "no personal Internet use" rules just pisses people off and they will almost always find a way around it. Banning personal net access for minor abuses is like banning coffee because someone left an empty pot on a hot burner or a lunch room refrigerator because some people steal other peoples' lunches.

    • Sometimes I wonder if this is exactly what companies *want*. They don't want people to use outside e-mail (especially ones running over https) because then they can't easily monitor what their staff is doing.

      They don't want you to use outside email because email is the most common vector for various viruses and other malware, phishing scams, and other shenanigans. They're not going to trust some external, unknown entity to filter that crap out. And they're not going to be too thrilled when they have to

  • by pubjames (468013) on Tuesday April 04, 2006 @11:23AM (#15058255)
    Dear employee,

    We hope you enjoy working here. Please work hard and do some great work for us!

    Thanks,

    Your employer.

    P.S. WE DON'T TRUST YOU.
  • people use freemail or free voip software, there's no way to monitor communications, either for your own devious ends, or actual goverment mandated policies (Sarbanes oxley ..or something similar, and one that's similar to HIPPA) pretty much anything that says people with access to confidential info have to protect it.

    That plus the standard, you're using company resources, blah blah.

    My point?

    Dunno, why did they write this story anyhow?
  • At my company we are getting some DSL wireless connections that are not connected to the internal network. That way, one could use their personal laptop for personal stuff. Not 100% safe, but a decent alternative.
    • It also doesn't protect their liability. Since they provided the access, if someone does something bad... they are just as liable, and since I assume they don't have all the security/audit capabilities on that environment, they are probably even more liable because they didn't put forth business reasonable efforts to limit your ability to do bad things.

  • Some companies worry the new services will overwhelm their networks with unwanted traffic. Others are primarily concerned about security or their ability to track workplace communications, especially in industries like financial services, where regular monitoring is required by regulators. Instant messages from the outside, for example, often aren't logged and archived the way email is, creating a potential backdoor for illicit communications or breaches of client privacy.

    Sounds like the heyday of Napster

  • ssh tunneling (Score:5, Informative)

    by Rinisari (521266) on Tuesday April 04, 2006 @11:30AM (#15058330) Homepage Journal
    As long as it's not against company policy, you could try using SSH tunneling to hit a proxy at home [zunta.org]. It might be a lot slower, but you can go anywhere. I've been using one written in Python [python.org] for six months and haven't had a hitch.
    • Re:ssh tunneling (Score:2, Informative)

      by gosquad (122364)
      An even easier method of doing this is using the built-in SOCKS proxy in OpenSSH. Simply add "DynamicForward 3000" to your ssh_config file (or use the -D switch of the ssh command). After you connect, a locally accessible SOCKS proxy is then available on localhost port 3000, all nicely tunneled through the server. Set Firefox/Gaim/etc to use this port (be sure to use the SOCKS proxy settings and not HTTP) and you're set.
  • I've always prevented my users from downloading *any* program from the internet. There are a multitude of reasons: spyware, bandwidth issues, etc. I just think it makes good sense to limit the crud that can be put on machines. I don't have to wonder if the problem a user is having is due to something they downloaded. Being Healthcare, I'm also bound by HIPAA. My interpretation of it is what I just mentioned above. It actually gets me in a frizzle (word?) when I see the junk my father's company allows them
  • by rbanzai (596355) on Tuesday April 04, 2006 @11:33AM (#15058361)
    I just started as IT manager for a small advertising agency. The systems were wide open before and it seems like every machine has Limewire, skype, five different IM programs... and lots and lots of problems.

    When these items cause problems that reduce productivity they have to go. It's that simple.

    Due to unrestrained (and uninformed) users I now have to go over all 50 machines with a fine-tooth comb to scrub off the bad stuff. Several of these machines are probably going to have to be wiped. This is 100% due to user loaded "personal" software.

    As I fix each machine they are getting locked down. I've been directed by management to prevent users from pirating music on company machines or using filesharing to share pirated music. I don't see anything unreasonable at all about that.

    Any app that is well-behaved and does not expose the company to liability is fine with me. Otherwise it has to go.
    • "Locking down" machines, which usually means preventing users from installing or running software that the admin hasn't "approved" is far more likely to reduce productivity than anything else. I can't tell you how many times I've been frustrated by the admins who have the idea that they know better than I do what tools I need to do my job... In fact, it's something that I ask non-manager employees when I interview: "Do you have admin privileges on your box" (working in software, I usually get a sensible res
      • As a Network Admin I have no problem with our trustworthy users getting access to tools they need. We lock down our network and desktops, and then unblock as needed. Our in-house developers all have local admin rights, and we allow them ability to download tools from the web. HOWEVER, *most* of these guys are smart enough to use Firefox, not download 'weather bug', 'Smiley Central' etc... Now, the vast majority of our users have no such access, because there is no NEED (we allow casual web surfing, but we
        • Too bad most places find it easier to have a blanket policy than something rational like you suggest. Balance is key, but it is certainly difficult to find that point between security and flexibility that makes everyone happy (or everyone equally unhappy?)

          I can see ITs side of things. I just wish more admins took the time to see things from the other point of view. I wonder how many IT guys have the same restrictions on the boxes they use on a daily basis as they place on their users?

          Anyway, thanks for the
      • by Generic Guy (678542) on Tuesday April 04, 2006 @01:06PM (#15059346)
        Listen, all you genius admins, I don't tell you what firewall software to use, you don't tell me what file conversion software I need to get the Windows line breaks out of text files, Ok? I don't what you're using for an anti-virus tool, and I don't expect you to know about my use of FrameScript to automate FrameMaker.

        Listen you selfish malcontent, letting you put whatever the hell you want on the company computers potentionally puts the company and its directors at risk. When your P2P music crap, or cracked shareware linefeed-corrector gets noticed by the suppliers it can cause huge problems and expenses for the company just to satiate your little cubicle fiefdom. IT admins and directors need to worry about far more than just your "getting the job done" easier. The reality is there is a lot of damage and liability these days which can come out of users free-reign over the office computers.

        Don't like it? Fine, resign and start your own consulting business. Then you can put whatever crap you want on your own equipment.

        • IT admins and directors need to worry about far more than just your "getting the job done" easier.

          Actually, by and large that is, indeed, the job of IT admins and directors. To allow the people who are actually creating the stuff (or marketing it, or selling it) to do their jobs in a way that optimizes the employee's time.

      • You sound like a reasonable, technically competent user. You're in the minority. And you're not the one driving these totalitarian rules.

        Don't get me wrong - I dislike this attitude too. I buck the system myself. But I also see where its coming from.

        The problem isn't you and your FrameScript. Its the guy in the neighboring office who insists on installing BonzaiBuddy, Weatherbug, runs the latest joke attachment, and otherwise executes any other flashy trojan paraded in front of his cursor. I take that
        • And as I said in response to another post, it's too bad its easier to have a blanket policy than something more rational.

          I know it's impossible, but it would be nice if there was a way to figure out what level of permissions to give a particular user... is that too much like a license to operate a computer? :-) If you score 100-90% you get admin rights. 70-90%, you get a user account. 50-70% you get a restricted account in a virtual machine. Less than 50%, an etch-a-sketch. :-)
      • by Malor (3658) on Tuesday April 04, 2006 @01:46PM (#15059779) Journal
        See, you're not the problem; you're a computer professional and, at least in theory, you should be highly expert at using a PC. The problem is Tracy in Accounting and Bob the Receptionist, who haven't a clue what's going on with their machines, and who happily install spyware if it promises something slightly better than a sharp stick in the eye.

        Think of it as the "OMG Ponies!" crowd, writ large. You just have no idea how freaking stupid these people can be.

        Even in the best and brightest companies I've worked in, there have always been a few that got hired that knew a lot less about their PCs than they thought. In particular, they do not appear to hire salespeople for raw brainpower. The clueless users, especially the ones that don't realize (and never will) that they ARE clueless, cause enormous trouble. Unless the network is internally firewalled (which is getting to be a better and better idea, these days), they're often the vectors for network-wide infection.

        The draconian policies of some admins may seem stupid, but remember that admins run on fear. They are, by and large, only noticed when things break, and then everyone is mad at them. When a single user can potentially bring a virus into the network that can stop the entire company dead in its tracks, well... it's a heck of a lot safer and easier to just lock EVERYTHING down and then install what people need, as they ask for it.

        Think of it as a default-deny firewall.
      • Presto, you have admin status now. Your machine gets borked due to unsupported software, can the company charge you for your time lost on your job, fixing the computer, which is not your job? you brought up billing for lost time ;-} He who opens the can of worms eats too!
      • The problem here is selective enforcement. Okay, so the admins allow you to run your unapproved application. What if Suzy the administrative assistant wants to run her fav screensaver app? And Jim wants to run Weatherbug so he knows when there's bad weather on his kids in the Midwest? The problem is that machines are locked down to prevent users from shooting themselves in the foot, because if you give them the loaded gun of admin access, they will. Then they start shooting other peoples' feet.

        Find out how to get the software approved and do it. Go through the proper channels.

        99.9% of corporate users should not have administrative access to their computers. There is no need to.
        • Typically, when they hand down draconian policies as to what is/isn't allowed, they also slavishly apply them to everything. When something new is needed for software, it's nigh impossible to get someone to sign off on it because of overall inertia. I've had to jump through flaming hoops to get things approved at prior employers- even though the tool was something we needed to improve productivity. Since it wasn't something that the IT people had to deal with, they just couldn't see why it was needed and
      • "This means that if something I install causes problems, I have to resolve them or have my box re-imaged. I'm fine with that."

        DEvelopers... oh im sure you are perfectly FINE with it, but its not you who has to waste his time re imaging a machine now is it>?

        We had one developer join a few months ago. The first day his machine was owned. I said ok, your a dev you have admin rights, be careful, etc.. Reimaged his machine.

        2 days later, owned again. So owned it just bluescreens on startup. I say, Ok sorry hav
    • As I fix each machine they are getting locked down. I've been directed by management to prevent users from pirating music on company machines or using filesharing to share pirated music. I don't see anything unreasonable at all about that.

      Not even the fact that it's impossible?

      Or do you also glue shut the CD drives, weld over the USB, and so on?

  • Sensible (Score:5, Insightful)

    by Bogtha (906264) on Tuesday April 04, 2006 @11:33AM (#15058364)

    If your employees only need particular websites and particular applications to do their jobs, then why would you willingly open up additional attack vectors? It's a completely unnecessary business risk.

    If you have employees complaining about needing to use personal email (what did they do before email in the workplace was common?), then simply set up a shared cheap PC in the coffee room for them to use on their lunch break. Firewall it off so that when all the inevitable crap gets onto the machine, it doesn't affect any important systems.

    • If your employees only need particular websites and particular applications to do their jobs, then why would you willingly open up additional attack vectors? It's a completely unnecessary business risk.

      How much of a business risk is the lack of innovation due to information starvation and the inability of employees to experience new tech? I can see a case for this with call center workers, whose job functions might be more akin to a piece of desktop hardware, but for employees that are expected to provide c
  • by lushman (251748) on Tuesday April 04, 2006 @11:33AM (#15058367)
    As a consultant based overseas, using my client's corporate internet for Skype actually SAVES them a fortune. They would normally pay for the POTS international phone calls we make (VERY $$$$$), but the fact that they allow Skype means that we make all of our calls Skype-Skype without it costing them (or us) anything in call costs. Bandwidth charges are negligible in comparison.

    If firms continue to be ignorant about new or alternative technologies then they will continue to be left behind. These savings can be significant over the long term, financially as well as productivity wise. Companies in the future will be split into two categories - those that embrace new technology and those that struggle under malinformed regimes run by beaurocrats who prefer the trusted path, the path of least resistance, over the newer, technologically superior one. I've seen this too many times than I'd care to remember.
  • These days anyone with $50 in their pocket can get a domain name, host it somewhere with secure webmail access, and set it up with half an hour of clicking around a user-friendly Cpanel. It won't kill most slightly-able people to not have Yahoo. Now whether you want to continue to give the IT staff at your job a good look at your personal mail, that's a whole other issue altogether.
  • by Brunellus (875635) on Tuesday April 04, 2006 @11:38AM (#15058418) Homepage

    The banning of Skype at some departments and colleges at Cambridge comes as no surprise to me.

    I was at Cambridge during the late 90's-early Noughties, and I seem to recall a number of stern warnings to students about bandwidth usage from both College and University computing authorities. One of them even included a plea to use European or British mirrors as much as possible.

    The shame is that while the Cambridge University Data Network [cam.ac.uk] had bandwidth to burn within Cambridge, it seems that the trouble was always further upstream on JANET [ja.net].

    Things got so bad that there were rumours at the time that the poorer colleges were going to start charging their students for bandwidth. I never heard anything of it, and it didn't stop the proliferation of p2p (both in the form of Napster and samba shares) in my time there.

    • A mate of mine does a little networking for Kings College [cam.ac.uk] at the moment.
      The accounting for Internet is paid by each individual College. So they pay for student excess.

      So why not block/filter these services? Skype and p2p "borrow" bandwidth. A student installs Skype for their _own_ purpose. The student has imposed an outside demand on the college network. The student will in general not have a grasp of what extra load they have imposed on the college network. How much of a load is determined solely by the

    • I work as a software developer for a department at Cambridge.

      We are part of a distributed project, with team members in other institutes within the UK and around the world.

      We use both Skype and Jabber to collaborate with each other.

  • Good plan (Score:5, Insightful)

    by TomatoMan (93630) on Tuesday April 04, 2006 @11:38AM (#15058419) Homepage Journal

    ABN Amro's global head of strategy and engineering tells the WSJ, 'I'm not allowing Skype because I don't know what it does.'

    I expect a few hundred flames of this statement, but it's a rock-solid security policy. Yes, this guy probably "should" know what Skype is in most people's opinions, but his default "deny" policy for anything he doesn't know is correct, and that attitude WILL prevent trouble. On a corporate network, especially one potentially carrying any kind of sensitive data, anything not specifically allowed should be denied. If employees can make a case about what any new service is and why they need it, it can be evaluated and perhaps allowed, but it should be denied by default.

    • Note, he is not saying that he doesn't know what Skype is he is saying that he doesn't know what it does. That's fair enough; I've read a fair number of accounts by people who have attempted to work out exactly what Skype is up to on their networks, and very few people outside of skype know exactly what Skype does.

      It uses a proprietary closed protocol, nicely encypted; is adept at getting through firewalls and most important can turn office PCs into high-traffic relays without warning and without the abili
  • Mass hysteria arises as workers realize they can no longer access the internet. Workers walk out in protest, Wall Street numbers plunge, productivity suffers huge shortfall.
    News at 11.
  • Well, I can see why they would do this, but saying "I'm banning X software because I don't know what it does" really means "I'm banning X software because I'm too stupid and lazy to find out". Usually most companies have a policy where you can at least recommend that a software be "unblocked" and provide reasons to justify it. However, in the end, it will always come down to productivity.

    At work, they block a bunch of ports. I would simply set up SSH tunnels through the HTTP proxy to my server back home, an
  • by OzPeter (195038) on Tuesday April 04, 2006 @11:42AM (#15058468)
    TFA makes it seem like GE has just started blocking IM and external email systems. But in the GE division where I have been contracting it has been like that for at least the last 5 years.

    And I can understand why. By only allowing communications through official chanels, the companies can better protect themselves by doing such things as applying corporate wide virus checking on emails. It also provides a log as to what communications occurred when. Though I do admit that flash drives and take home laptops can easily bypass any of these measures.

    One downside to this is that the corporate policies also block VPN accesses, so I can not get to my offices servers while at the GE location.

    One amusing anecdote relating to this is that where I work there is an analog phone line kept for the times when you really need to dial up a system. One lunch time I was using it to send some private email and also to chat with some friends (MSN messenger I think). When I was done I just picked my laptop up and walked back to my desk and plugged into the corporate lan without powering down. I was surprised when 20 minutes later one of my friends initiated a chat session with me. After the shock of chatting from my desk wore off, I realised that the chat program used two separate protocols/ports: 1 for logging into the chat system, and another for the actual chatting. The corporate IT people had only blocked one system and not the other, perhaps in the belief that that was all that was necessary. Combined with the chat system not timing out during the walk back to my desk, I had effectively bypassed their strong security.

    • As a contractor I find this stuff very annoying. I need to access my Emails from my hiring company and not the Corporate Email account where I may be located that day. What makes it worse a lot of companies who block the information my block one path but not an other. So I may access my Companies Exchange Server Web interface but not the official WebMail. Other Places I can't access my company at all but gmail works. It is not going to stop anything except from the people who are trying to do their work
  • This is what happens when the boss is a technological moron. He doesn't know a thing so he bans everything because of FEAR.

    Instead, he should appoint a security expert, who in turn would take measures to protect the security of the company. Just switching to an alternate internet browser would rid them of tons of viruses.
    • This is what happens when the boss is a technological moron. He doesn't know a thing so he bans everything because of FEAR.

      And you can't guarentee that the IT department will attempt to overrule the boss'es decision. The arguments for keeping the major contenders at bay are:

      - P2P: Even if "low bandwidth", they hurt the router's performance levels as it has to keep track of a hundred or so connections. If there's too many connections, it hurts the company.
      - Videos, music and other multimedia: These thing

  • by AugstWest (79042) on Tuesday April 04, 2006 @11:49AM (#15058521)
    I was stuck in a hotel all weekend and wanted to talk to my wife, so I installed it, and within 5 minutes I got a call from security saying that my machine was scanning the network. It was Skype trying to find a way out.

    When I got back to work on Monday, my Thinkpad was taken away and reformatted, and handed back to me -- without local admin privileges.

    Now I work for a University. It's a whole other world.
  • Financial companies are required by law to keep records of all communications with their clients. Webmail makes that pretty difficult to guarantee, so it is often blocked in the financial sector. VoIP would be right out as well, as is all IM.

    And for all of you people whining about your company not trusting you, they shouldn't. You shouldn't trust them either. I expect both parties to take advantage of each other to the fullest extent allowable by law. Where I come from they call that "business".

  • by zappepcs (820751) on Tuesday April 04, 2006 @11:53AM (#15058554) Journal
    Some companies see giving employees small perks as part of keeping a happy and productive work force... can anyone remember the stories of the environment at EA? Now, we have tin foil hat stories about companies that give their employees pens and paper, but warn them to only write in block letters because anything else is a waste of company resources, or could lead to dangerous events in the file cabinets.

    Ummm, perhaps its just me, but it is about fscking time that both government and businesses learn the lessons that have been sitting in front of them since about 1991... computers are here to stay, and the advantages and disadvantages of computers are here to stay too.... Its not that hard to limit outside network connections to a specific bandwidth, or monitor all packets in and out... this is not rocket science. Using draconian measures to squeeze every drop out of the company resources is not good for business... see Boycott, Company Stores et al, slavery,

    I guess my point is that anything that stifles free and unfettered flow of information and ideas is going to stifle business productivity and innovation. I don't have links, but I thought this was pretty much already scientifically proven... or at least proven in the advent of F/OSS and what it has done to the computer and software markets. Just as the *AA needs to wake up and find a new business model, most of the rest of the business world has some work to do... its just common sense. Anything else usually involves putting holes in your feed with lead ladden projectiles.
  • by rdfield (687768)
    In many places I've worked, MP3 files are blocked at the firewall, but Ogg files are let through. http://www.mvine.com/ [mvine.com] streams Ogg music direct to your desktop. And it's free.
  • What is happening (Score:3, Interesting)

    by 99BottlesOfBeerInMyF (813746) on Tuesday April 04, 2006 @12:01PM (#15058647)

    Here is my take on what is happening. As network management tools become easier to use and more widely deployed, more and more people are starting to have a real understanding of their management and business networks. It used to be that the network engineers might or might not have a good idea about what kinds of traffic were flowing where. Now, a middle manager with only the most basic idea of how networks work can log into a Web interface and see what programs are being run by what people, connecting to what sites. As a result, they are more prone to hand down policy decisions based upon this new information.

    At the same time, the workplace has become much more mercenary. Companies don't take care of their employees and employees just want to milk companies for as much as possible. No one trusts anyone. Managers want to get as much work out of their hirelings as possible and many don't care about the health, stress, happiness, etc. of those employees. In sociological terms, they are imposing physical barriers in an attempt to replace crumbling social ones. The problem for them, is they are usually way behind the technology curve. An employee who wants to play hardball can probably raid the company for all the info they want and carry it out on their cellphone or iPod. It's like moving from an honor system where captured soldiers swear they will stay until ransomed, to a military jail with as many bars as possible, except the prison is designed by a bureaucratic committee, each member of which is just trying to make as much money off of kickbacks and saved funds as possible. Time will tell which is more effective.

  • This is so overblown, I have absolutely no problems accessing Slashdot at wor[CONNECTION TERMINATED]

  • What I find fascinating is that in America these days people think that being an employee means you're a serf or slave, with your own identity/rights/privacy/humanity suspended during working hours, as though you suddenly cease to have a family or civic/religious obligations. In actual fact, if people are unable to perform at least minimal maintenance of those outside obligations during the day, then society and business break down even quicker than not. Because if you can't tell the delivery man to leave
    • Or, you could, you know, think three hours in advance and leave a note for the delivery man.

      The reason you go to work is to do work. The outside world impinging upon your work time is acceptable and often necessary, but if you are by your own choice going off and engaging in things that aren't part of your job during the time that you have agreed to work, then you need to inform your employer so that they can stop paying you. It's a simple matter of keeping your word: a contract is no less a promise tha
    • Or if you work as a city/state employee as members of my family do, you can 6 hours of productivity every day to an office staff full of people who do nothing but make travel arrangements, shop online, and send chain letters. Very few bosses have a problem with people interupting the work day to make a quick phone call or the like, it's the people that abuse these privilidges by thinking that the office computer is their property and that becasue no one is stopping them everything is ok that ruin it for eve
  • Internet access at the places I've worked has been filtered to some degree since the early 90's. It just makes sense - you're in a business, not your living room. The systems and resources are intended for business use. If you employer decides to allow a certain amount of personal use as well (and the smart employers do), they still need to manage that since it introduces risk into the environment.
  • by hahiss (696716)
    Wait, hold up. I think we really need the help of an expert---someone with 22 years of experience in computing.

    Let's get Jerry [tuttle-ok.gov] on the horn asap!

    What would Jerry do?

  • 'I'm not allowing Skype because I don't know what it does.'

    My mortgage was recently sold to ABN. Based on their website and online payment functionality, this comment doesn't surprise me.
  • It's very simple (Score:3, Insightful)

    by TheCabal (215908) on Tuesday April 04, 2006 @12:55PM (#15059209) Journal
    I'm one of the head network honchos at a Very Large Company... things like AIM, MSN Messenger, Skype, Limewire and BitTorrent are all banned and blocked. We monitor our employee web usage, block just about every outbound network port except for 80 and 443. Why? Because even though we know why Skype is, our policy forbids users from installing software that we don't provide. We certainly don't want users utilizing our 100Mbps lines for donwloading pr0n, MP3s and warez. We don't want support calls from users who have bolloxed up their machines by installing $UNAPPROVED_SOFTWARE_PACKAGE, diverting valuable resources to try to fix this. We don't want the worms, viruses, spyware and other crap that comes with some of these packages. Every employee that uses a computer reads and signs our usage agreement, so they know what we expect from them. Some of them try, and some get to see the man when they do.

    Because of all the attack vectors, we have to spend many tens of thousands of dollars on antivirus, monitoring software, desktop security agents, intrusion detection, firewalls and what have you...

    Things like SOX and HIPAA make it extremely hard for us to "just let users be". We can't allow unmanaged VoIP or instant messenging. FTP? Blocked. SSH? Blocked. Our data could easily walk out of here, which is why on top of the layer 3 blocks, we block USB access as well. Our users are given the tools they need to get their jobs done. And if data can walk out of here, there is certainly possiblity that something nasty could come in. We'd rather not have to deal with that possibility, so we make sure we don't have to.

    It's the company's network, they can dictate how its used. Don't like it? Don't use our network. Go home, do whatever you want on your equipment, but when you're in my house, it's my rules.
  • The lazy mans way to admin. Take the lockdown approach and don't let anything happen. End result a constant battle that you as the admin can NEVER win. You can't lock down the computer tight enough to make yourself happy and allow me to do work. Period. I've got to get my work done and if you are in the way of me keeping my job. Pow. You lose big time.

    I've grown especially wearing of id10T's like the one from ABN. "I don't allow Skype because I don't know what it does." Well dumbass. The blackhats

"Falling in love makes smoking pot all day look like the ultimate in restraint." -- Dave Sim, author of Cerebrus.

Working...