SEKCobra posted:Also, circumvent by using https, oldest trick in the book. (If they were to find this out they'd probably disable https. We don't even have FTP...) Well, this fun bit just happened - Engineering: "Okay, you're off. Please set up this proxy in your Internet Options so you are still routing traffic through the new Websense appliance." >Set it up >Traffic is blocked >Removes proxy setup >Traffic isn't blocked Me: "OK, thanks, I'm set up on the proxy and it appears to be working." Scary stuff, though, during the last IT department meeting, the CTO made mention about "some other exciting Websense products, which apparently let us read https packets - so we'll be able to know more or less everything and anything that goes on, even on personal accounts in case people are looking for jobs during the day." I'm rusty on my crypto but doesn't the nature of https more or less absolutely stop this from happening by design, period, shut the chain, close the door, no question?
|
|
# ? Oct 16, 2013 16:53 |
|
|
# ? May 16, 2024 17:23 |
|
MJP posted:Scary stuff, though, during the last IT department meeting, the CTO made mention about "some other exciting Websense products, which apparently let us read https packets - so we'll be able to know more or less everything and anything that goes on, even on personal accounts in case people are looking for jobs during the day." If the computer you're using is on the company domain, they can set their own CA to be trusted by the web browser, which eliminates any man-in-the-middle warnings that your browser would pop up. If you don't control your endpoint completely, and have some trusted way of verifying the certificate of the machine on the other end, SSL is surprisingly easy to circumvent.
|
# ? Oct 16, 2013 16:58 |
|
MJP posted:I'm rusty on my crypto but doesn't the nature of https more or less absolutely stop this from happening by design, period, shut the chain, close the door, no question? We supply devices that can inspect HTTPS traffic, but it does it by replacing the website certificate with one the device knows about. It's illegal in the UK to do this as far as I know. We accidentally left this on and figured it out when people mentioned legit sites suddenly started giving certificate warnings... the firewall replaced the website certificates with an un-trusted one.
|
# ? Oct 16, 2013 16:59 |
|
MJP posted:Well, this fun bit just happened - They do it in fun ways. Here's how Untangle's HTTPS Inspector plugin does it: "HTTPS Inspector works by presenting a false certificate signed by a root Certificate Authority that must be installed on each host if HTTPS decryption is to take place without a browser warning. After presenting the certificate, it will endpoint the SSL connection, send the unencrypted HTTP traffic through all the applications, then create a new SSL connection on the other side." From the posts above, this sounds like the popular method.
|
# ? Oct 16, 2013 16:59 |
|
It's already highly illegal to inspect any plain text content data, decrypting would make the case even easier. Hell, technically it's illegal to inspect any meta data as well, unless absolutely necessary to provide service (AKA looking at the headers in ur routas and sweetches). I'm just hoping they try to do anything about me watching a youtube video on the side while coding or similar things. I'm not settling that case . Also there's been a complaint from SOME anonymous party that already mentioned this glaring illegality and no one did anything about it which opens up so much more liability. tl;dr: You wanna illegally look at my traffic? Come at me bro.
|
# ? Oct 16, 2013 17:09 |
|
MJP posted:Scary stuff, though, during the last IT department meeting, the CTO made mention about "some other exciting Websense products, which apparently let us read https packets - so we'll be able to know more or less everything and anything that goes on, even on personal accounts in case people are looking for jobs during the day." Honestly, if you are using work time and work computer to look for a new job, you're really loving dumb. We had some people here browsing Monster.com and the like so much on the clock that we had to start blocking anything job-search related. I have no idea if their supervisors found out about this but since someone asked us to put in the block, I would assume so. I'm posting this at work so I'm obviously fine with people doing some personal internet stuff on their work computers if it's slow or you need a break or w/e but don't job search at your job ffs.
|
# ? Oct 16, 2013 17:10 |
|
Sirotan posted:Honestly, if you are using work time and work computer to look for a new job, you're really loving dumb. We had some people here browsing Monster.com and the like so much on the clock that we had to start blocking anything job-search related. I have no idea if their supervisors found out about this but since someone asked us to put in the block, I would assume so. Why is going to monster.com any different to any other site if time allows it?
|
# ? Oct 16, 2013 17:11 |
|
SEKCobra posted:Why is going to monster.com any different to any other site if time allows it? In terms of preventing employees from doing so, it's not. In terms of whether an employee should, I think it's pretty obvious how it's different.
|
# ? Oct 16, 2013 17:17 |
|
the littlest prince posted:In terms of preventing employees from doing so, it's not. In terms of whether an employee should, I think it's pretty obvious how it's different. It's no ones business which sites an employee goes to, even if he's sucking up bandwidth you simply block the site and don't go checking on who is doing it. At least that's my ethics, and the law in my country. A lot of IT don't follow it because HR wants a report on something and they don't have the balls to say "No. That is illegal.". I don't know if you guys have any sort of law like this, but we do.
|
# ? Oct 16, 2013 17:20 |
|
SEKCobra posted:It's no ones business which sites an employee goes to, even if he's sucking up bandwidth you simply block the site and don't go checking on who is doing it. At least that's my ethics, and the law in my country. A lot of IT don't follow it because HR wants a report on something and they don't have the balls to say "No. That is illegal.". I don't know if you guys have any sort of law like this, but we do. By that logic is it ok for people to look at porn on company time and on a company computer? What about gambling? Or using company resources (time, computers) for personal projects? I can think of plenty examples that are probably legal, and highly inappropriate. Much like looking for a new job on company time. As far as I know there are no laws governing this in the US. My company's policy is that personal computer/internet use should only be done on personal time (ie, breaks). I would guess 100% of the time that policy is not followed, nor is it really enforced on our end. We did block streaming media recently due, but that was more due to the considerable chunk of bandwidth it was taking up than how appropriate it was for our users to be accessing it on company time.
|
# ? Oct 16, 2013 17:27 |
|
Filtering should only be done for a) things that will break the network, or b) open the company to unnecessary liability. Porn falls under the latter category, malware/phishing under the former. Job search sites, news, and discussion forums don't really fit either category. Why don't the managers making these Orwellian edicts realize that employee morale and productivity is inversely proportional to how far up their asses the company goes? It'd be better to spend the resources devising more effective ways to measure employee performance so that management can be sure that the job's getting done well. Then they wouldn't have to care what else an employee does with their time.
|
# ? Oct 16, 2013 17:47 |
|
We had to block Netflix because managers would rather we block sites than manage their god drat employees properly. Also, we have dumbasses who watch Netflix at work.
|
# ? Oct 16, 2013 17:49 |
|
We have a Trend IWSVA that does https decryption. I don't have that functionality enabled because I don't give a poo poo who goes to facebook. http://docs.trendmicro.com/all/ent/iwsva/v5.5/en-us/iwsva_5.5_olh/about_https_decryption.htm We have a few managers who keep trying to get us to block all sorts of random sites when they see an underling use them, but the answer for anything that doesn't degrade network performance/risk damaging us/etc is "stop reading harry potter slashfiction at work you idiots", not to find a technological solution to a human problem.
|
# ? Oct 16, 2013 17:52 |
|
nexxai posted:Why is the group that encompasses all employees configured to accept email from anyone but specific people authorized to address the entire company? Good question. But I've been there less than 3 months and it's not my arena, so I get to kick back and laugh about it.
|
# ? Oct 16, 2013 17:57 |
|
Comradephate posted:You have to call for some things. I'm pretty sure they do. We have the 2412's here and they all have one. It's not in the old spot, behind the monitor hidden behind the mess of cables. It's now a small plastic piece that slides out, similar to some of the PowerEdge servers. It should be located right next to the USB ports on the side.
|
# ? Oct 16, 2013 18:02 |
|
If you don't like restrictions on how you spend your company time on company equipment then go elsewhere Basically you should assume at all times what you are doing is going to be watched by another.
|
# ? Oct 16, 2013 18:22 |
|
So far I've been in charge of this and the only sites I block are the ones flagged by Trend Micro as serving up malware. I'm getting us a backup circuit and I'll be routing wifi and streaming media over it so people can still have their beloved YouTube without impacting speed on the primary. I really don't care what anyone here does as long as it doesn't gently caress with my equipment or our speed. Let the managers do their drat job.
|
# ? Oct 16, 2013 18:36 |
|
SEKCobra posted:It's no ones business which sites an employee goes to, even if he's sucking up bandwidth you simply block the site and don't go checking on who is doing it. At least that's my ethics, and the law in my country. A lot of IT don't follow it because HR wants a report on something and they don't have the balls to say "No. That is illegal.". I don't know if you guys have any sort of law like this, but we do. I'm curious what sort of place you are in where investigating traffic is somehow against the law. Especially traffic on a machine you don't own crossing a network you don't own.
|
# ? Oct 16, 2013 18:53 |
|
SEKCobra posted:It's no ones business which sites an employee goes to, even if he's sucking up bandwidth you simply block the site and don't go checking on who is doing it. At least that's my ethics, and the law in my country. A lot of IT don't follow it because HR wants a report on something and they don't have the balls to say "No. That is illegal.". I don't know if you guys have any sort of law like this, but we do. what country is that? Only one I can think of is the where internet is a "human right", but even then you are utilizing private property.
|
# ? Oct 16, 2013 19:03 |
As much as I'm all for not blocking stuff at work, it's all a matter of corporate management psychology IMO. "Why would we let people do this? They're supposed to be working." Yeah, the bare minimum is blocking anything that opens up the company to liability or consists a security risk, but I never took a job expecting to them being OK with their people having unrestricted web access. Then again, my last job - an MSP - didn't really care so long as work got done. During downtimes we'd stream Netflix and when the lesbian scene from Black Swan got leaked, everyone not only watched it during company time but called in the boss so he could see it too.
|
|
# ? Oct 16, 2013 19:49 |
|
Porn on a clients computer is always I've seen some things man... I've seen some things
|
# ? Oct 16, 2013 20:00 |
|
QuiteEasilyDone posted:Porn on a clients computer is always Our corporate AV automatically scans any external USB drives that are plugged in. This has certainly lead to some...interesting situations.
|
# ? Oct 16, 2013 20:03 |
|
YOTJ !!!! IT manager at an engineering firm, options, bonuses, flexible PTO policy. 105 week job search is oooover.
|
# ? Oct 16, 2013 20:04 |
|
QuiteEasilyDone posted:Porn on a clients computer is always Years ago I worked at Circuit City's version of the geek squad. There were more than one instances where we did our tape to dvd service and discovered homemade porn. In most of these instances, it was the (usually attractive) woman who brought the tape in
|
# ? Oct 16, 2013 20:20 |
|
mllaneza posted:YOTJ !!!! Congrats! I remember when you posted about losing your old job, and it seemed quite ridiculous and unjustified. Knowing that you're in the Bay Area, or used to be, and that one of our real pain-in-the-rear end clients just started looking for an IT manager, I'm really hoping that you didn't get stuck there. The company name's not an 8 letter word beginning with M, is it?
|
# ? Oct 16, 2013 20:33 |
|
Dilbert As gently caress posted:what country is that? Only one I can think of is the where internet is a "human right", but even then you are utilizing private property. CitizenKain posted:I'm curious what sort of place you are in where investigating traffic is somehow against the law. Especially traffic on a machine you don't own crossing a network you don't own. I believe he's in the UK, though this is the first I've heard of such laws and would be interested to learn more.
|
# ? Oct 16, 2013 20:43 |
|
mllaneza posted:YOTJ !!!! Well done!
|
# ? Oct 16, 2013 20:44 |
|
GreenNight posted:We had to block Netflix because managers would rather we block sites than manage their god drat employees properly.
|
# ? Oct 16, 2013 20:49 |
|
Potato Alley posted:Congrats! I remember when you posted about losing your old job, and it seemed quite ridiculous and unjustified. Nope. Starts with a V, and big datacenters use their products. And thanks, getting laid off a week after the CEO of the acquiring firm says "no management changes" was a real kick in the head. So was spending 3 weeks doing a total documentation package for the PITA contractors who took over for me. Still, a good documentation exercise is always worth doing. mllaneza fucked around with this message at 21:01 on Oct 16, 2013 |
# ? Oct 16, 2013 20:59 |
|
CitizenKain posted:I'm curious what sort of place you are in where investigating traffic is somehow against the law. Especially traffic on a machine you don't own crossing a network you don't own.
|
# ? Oct 16, 2013 21:02 |
|
mllaneza posted:YOTJ !!!!
|
# ? Oct 16, 2013 21:13 |
|
A ticket came in: Hey dilbert we have some free tickets to a party at an aquarium, it's open bar and food buffet. gently caress yes! It just about makes up for the BS with a customer playing dumb on an issue after trying to fix(and failing) their systems.
|
# ? Oct 16, 2013 21:18 |
|
demonachizer posted:Seems really lovely to not allow you two days off in a row. That would be a huge problem for me. I worked out with my group to have Sunday Monday off and work a truncated Saturday shift. Yeah, this is a complete deal breaker for me, if we're talking about a permanent schedule. 2 consecutive days is a bare minimum amount of decompression time.
|
# ? Oct 16, 2013 21:30 |
|
MJP posted:I have no clue what that is http://adventuretime.wikia.com/wiki/Tiffany No ticket posts to make today as I had zero motivation for anything and achieved gently caress-all. Hope this sale of my division stops being dragged out (was originally supposed to be end of May) so I can find out if we're all going to get screwed or not.
|
# ? Oct 16, 2013 22:03 |
|
Lum posted:Hope this sale of my division stops being dragged out (was originally supposed to be end of May) so I can find out if we're all going to get screwed or not. You will get screwed. Plan on this and if you don't then you won't be out on a limb.
|
# ? Oct 16, 2013 22:14 |
|
mllaneza posted:YOTJ !!!! Holy poo poo man! Congrats!!!
|
# ? Oct 16, 2013 22:40 |
|
Agrikk posted:You will get screwed. Well supposedly the new buyer doesn't have an equivalent division, which is why ours is being packaged up into a separate company first, and then bought. They tell us that the new company will continue to run as is with the same management structure and everything. The fuse in my bullshit alarm just blew. Since there's like only two women in the entire division, one of whom is me, then short of a mass layoff they might be afraid to get rid of me, especially since no-one else knows how to do my stuff and it brings in money.
|
# ? Oct 16, 2013 22:46 |
|
Lum posted:Well supposedly the new buyer doesn't have an equivalent division, which is why ours is being packaged up into a separate company first, and then bought. They tell us that the new company will continue to run as is with the same management structure and everything. While it sounds like you are safe, that line of thinking could easily get your guard down when the blow comes. Just be careful, update your CV and save some cash. Just in case.
|
# ? Oct 16, 2013 22:52 |
|
Agrikk posted:While it sounds like you are safe, that line of thinking could easily get your guard down when the blow comes. Just be careful, update your CV and save some cash. Just in case. As I recall though, in the UK and since she has a fair bit of seniority, she can't just be walked out the door like in the US (when being laid off, that is - that's only for egregious offenses like failing to oppress Indians on a daily basis or something). They have to give her a lot of notice / time, like 2-4 weeks. This may be all stuff I made up in a fevered dream about a magical land where workers have rights, but I think some of it is accurate.
|
# ? Oct 16, 2013 23:39 |
|
|
# ? May 16, 2024 17:23 |
|
mllaneza posted:YOTJ !!!! Congrats! A fresh batch of computer illiterate nimrods submitting idiotic tickets and undereducated subordinates escalating them to you! (all of which you are contractually obligated to regurgitate here)
|
# ? Oct 17, 2013 01:17 |