PDA

View Full Version : IT folks - internet usage at work


baileygrrrl
11-17-2005, 02:14 PM
It's no secret that a lot of us are using the internet A LOT while at work. How is it that we are not being caught? I understand that internet usage and e-mail can be monitored at work but it seems that for the most part, companies are either looking the other way or IT departments are just too busy to monitor such things.

Anyone?

Tevildo
11-17-2005, 02:21 PM
Well, our company policy is fairly simple:

1. No visiting porn sites
2. No on-line games
3. No sending private e-mails from our company addresses
4. Avoid spending time on "entertainment" sites if you have work to do.

Apart from that, we're allowed to use our computers for this sort of thing. Other places may have other policies, of course.

arrosen
11-17-2005, 02:40 PM
Although most companies do monitor your email and internet usage, unless you give them a reason to look at it, they don't. If you don't break the rules and do your work, they likely won't look at your specific usage patterns.

Shagnasty
11-17-2005, 02:44 PM
The technology exists to analyze employee internet use anyway you could possibly want and it isn't expensive or hard to implement. It can be done by time, clicks, sites, subjects etc. The answer to your question is that some companies care more about that stuff than others. Some workplaces generally believe that professionals can do what they want as long as they get their work done. Others bosses see their role more as a high school football referee and nail people on all kinds of rulebook infractions.

One factor is that managers don't want to take on the hall monitor role and analyze every little detail of every employee's internet use. It makes them feel like a goober if they call an employee in about a visit to regular website and it turns out it was work related. That type of thing gets old for everyone real fast.

I work in IT and I was had the IT Director tell me that he had all this web useage data stored but no one wanted to look at it. Most companies just scan for things like porn and other objectionable sites. Other flags may be raised for time spent on the web.

CookingWithGas
11-17-2005, 03:34 PM
When I worked at <large ecommerce company> around 1999-2000 we got an email from the CEO that too much bandwidth was being sucked up by people using Napster. Plus the company frowned on the theft of intellectual property. So that email was a warning that anybody caught doing that from that point on was subject to termination. Never heard of a case where anyone was caught.

Another company I worked for had a web site with a pie chart of what sites employees were visiting, just to let us know that they knew. (The #1 site at one point was Dilbert.)

Little Bird
11-17-2005, 04:03 PM
How is it that we are not being caught?
I was. :( My computer caught something online and when the computer guys dug around to fix it they noticed I was playing around online quite a bit. My boss let me know that didn't look good, especially since the college is over budget and they are just looking for people to cut. Now they're monitoring me so closely they can see if I'm playing solitare or writing a non-work-related document. I'm going crazy with nothing to do, while everyone else is buzzing around online and playing games.

633squadron
11-17-2005, 04:47 PM
It's no secret that a lot of us are using the internet A LOT while at work.

Depends on where you are and who you work for. I work for a computer company in the Silicon Valley. A very few no. of SV companies monitor Internet use. Most don't care. In a big company, mebbe a few people have enough time in the day to do lots of personal/inappropriate stuff. In my little startup, I don't have the time for that.

I think that this varies by economic/professional status:

Execs don't have the time/have broadband at home
Professionals (SW/HW engineers, tech writers, etc.) don't have the time, mebbe have *better* access at home
junior pros, non-tech employees, mfg supervisors, etc mebbe the "worst" offenders
techs, interns, college students, etc. too crafty to get caught


My company, like most, doesn't much care about bandwidth. Nothing out there is gonna eat up the bandwidth that a typical SW company has once it's gotten bigger then mebbe 10 people. Or, it's gonna eat up so much bandwidth that they get a separate line and router to handle production traffic.

As for appropriateness, my company figures that we're all pretty reasonable, trustworthy people. If I was caught doing pr0n or warez or something, they'd mebbe tell me not to do it again. Otherwise, use judgment. Your job is not guaranteed!

The bottom line is that I got all the stuff at home, anyway. Why screw around at work when I can do anything I want in the privacy of my own bedroom (which is where my computer currently resides)? :rolleyes:

ryobserver
11-17-2005, 06:11 PM
For companies that really care (like mine, which relies on revenue from online databases) there is software that can block employees from (some) objectionable sites. It doesn't work very well (I well remember being blocked from the "Annals of Internal Medicine"'s web site because the software thought it was a sex site--and before you ask, yes, I did spell "Annals" correctly). But it's better than nothing, and installing it is one way to curb your straying employees without taking up too much IT time.

The blocking page at my workplace was recently equipped with a pass-through for some categories of sites (not gambling, porn, or music or video download sites) allowing them to be looked at for work-related purposes. Otherwise, it's get back to work (or wait for lunch hour, or before 9 or after 5:30, when access to shopping sites and such is relaxed).

Southessex
11-18-2005, 12:07 AM
Most IT people are lazy; at most every company I worked for port 3389 was open, so I'd just RDP to my home computer and do whatever from there.

Squee
11-18-2005, 02:25 AM
Part of one of my former jobs in Silicon Valley was to surf websites to track banners. Yes, that means *all* websites that our panel surfed. Basically 40% of my job was surfing porn and getting paid for it.

In that company, IT never popped people for inappropriate usage, since it was our job to research the internet. The only times flags were thrown were when P2P programs would make the network monitors alarm. Ironically, the biggest offender was one of the IT guys downloading movies all day long.

Seven
11-18-2005, 02:35 AM
I'm the IT guy for our company. The unwritten rule at our office is use but don't abuse.

The one guy who would rather surf the web and gab on a forum rather than do his work that was backing up was warned twice, then fired. We didn't have to run any background software as he never bothered to hide the fact he'd rather surf than work.

Now he can surf the web all he wants. Everyones happy.

But for the record, I know what my users are up to. :D

Shagnasty
11-18-2005, 06:04 AM
Most IT people are lazy; at most every company I worked for port 3389 was open, so I'd just RDP to my home computer and do whatever from there.

You have learned well young Jedi. I thought I was the only one that did that.

David Simmons
11-18-2005, 06:19 AM
I've long been out of work and not up on the latest but maybe most companies realize that spending a lot of resources policing this sort of thing is foolish. As other have said, as long as the work expected of you gets done properly what's the difference? A reasonably contented work force is quite an asset.

An analogy would the the Tuborg brewery in Copenhagen. We were told on our vist that emplyees are allowed to drink as much beer as they want so long as they don't get drunk enough to be a hazard and continue to do their work properly.

yoyodyne
11-18-2005, 08:13 AM
Most IT people are lazy; at most every company I worked for port 3389 was open, so I'd just RDP to my home computer and do whatever from there.What does laziness have to do with it?

butler1850
11-18-2005, 08:38 AM
What does laziness have to do with it?

There are potential security risks... but often you want to balance that with other needs.

When I was the "King of my Domain" (I love that phrase btw), much of my troubleshooting tool set was on my home PC, which I would go right out that port to access it.

This gave me an independant "Outside of my network, looking inwards" test machine. Great for working on things like VPN, Web Site, "Questionable slacking off techniques" and network issues. How your network performs, how applications respond, and web pages look can often depend on where your PC is located with reference to your corporate network's firewall, routers, etc...

But... since RDP (Remote Desktop) has the ability to bring over mapped drives, if your home PC is an infected POS because you're internet habits are horrible, you can potentially open the company network to infection through a semi-trusted source. This is not a good thing.

That said, the monitoring is mostly used in an active sense for heading off trouble. If you see someone doing something clearly wrong, it's an action item... but having that data can certainly make "personel decisions" much easier.

It'll probably never be used, but if someone is looking for an excuse to dump you, it's a whole bag of information.

-Butler

don't ask
11-18-2005, 08:55 AM
I work for a government department and used to include among my duties security administration. We monitor all net traffic and send a report of the heaviest users to management each month. Basicalkly our monitoring software prevents access to porn/gambling/undesirable sites and access attempts are investigated. The odd person has been booted for inappropriate use, from memory all have been contractors.

I spend lots of time online but never seem to make the heavy user report. Because I am banging out SQL queries all day I often have several things running in the background and I just amuse myself on the net while waiting for results. I also do lots of research on the net and am often asked by people to assist them in finding things. Even directors will often ask for help with kid's homework or how to perform certain repairs or holiday advice.

When I was security administrator I used to point out that it was more efficient to allow intelligent staff to do things online than make them do it offline. Netbanking is quicker than phone banking or going to the bank, so are checking results or making bookings.

Ethilrist
11-18-2005, 09:26 AM
Most of the larger companies use something like WebSense, which filters websites according how they idenfity themselves. I've gotten a bunch of blocked pages linked to in threads here because they qualify as "tasteless."

Hampshire
11-18-2005, 11:28 AM
Does it help at all to go in monthly or even weekly on your computers internet tools and delete history, cookies, and files?

Ethilrist
11-18-2005, 11:41 AM
Does it help at all to go in monthly or even weekly on your computers internet tools and delete history, cookies, and files?
Nope. Every single thing that shows up on your computer passes through the company server first, and they usually keep a log of everything. If they don't keep that log, they certainly keep a log of the number of hits to forbidden sites (most of those hits are collateral damage; you go to Yahoo!, and even if you don't log in to My Yahoo! it still wants to try to log you into Yahoo Mail, which is usually not allowed, so that would count as a hit to a forbidden site).

Southessex
11-18-2005, 11:52 AM
Does it help at all to go in monthly or even weekly on your computers internet tools and delete history, cookies, and files?

This is exactly how many small (OK, tiny) Mom & Pop companies monitor their employee's surfing habits. Of course, if The Boss walked up to your computer and found everything empty, bells will start ringing in his or her brain, and the next time you step away for a second or forget to dump the info at the end of the day... you're busted.

If, however, the company is big enough to have an "HR department" (i.e. one or more people that do HR issues 100% of the time), they'll alomost ALWAYS have ISA Server, WebSense, Net Nanny or something else in place to deny access.

Quartz
11-18-2005, 12:51 PM
It's no secret that a lot of us are using the internet A LOT while at work. How is it that we are not being caught? I understand that internet usage and e-mail can be monitored at work but it seems that for the most part, companies are either looking the other way or IT departments are just too busy to monitor such things.
As long as you're doing your job well, don't abuse it, and you're not doing anything illegal, it's just a motivational factor. Spending 5 minutes looking at the BBC or CNN while you're waiting for your print job to come through is fine; spending 15 minutes looking at a porn site isn't.

But people do get caught and fired. I've been involved in a number of such cases - obviously I can't give details.

rfgdxm
11-18-2005, 12:59 PM
Depends on the company. The truth is any half-way savvy computer person can 100% get around any technology the IT department sets up. AND improved company security. If the IT folks can find this out, this proves a major security hole in these IT folks just know TOO MUCH and would be dangerous if a competitor was able to pay them to act as spies. Paying spies is usally FAR more effective hacking.

I'd suggest to the big boss they fire the current batch of IT folks who didn't try to teach other employees good security practices. For example, if the IT folks could get this information, then *I* could get it by figuring out how to hack auth as an IT person. The company could be sitting ducks if I could somehow get an IT level password. FAR better if I had no way to get access to enough secure data to be able to sell it to the competition.