Takeaway: Letting employees access social networking and streaming media Web sites doesn't just put a drain on your bandwidth-it can also open up your company to a host of risks. Mike Mullins tells you how to become the most unpopular person in your company by shutting down access. This might be an unpopular statement, so I'll go ahead and get it out of the way: Your company might be a bank or it might be a travel agency, but whatever it is doesn't change the purpose of your network-it's still there for work. If you ask any company officers whether the corporate network is for employee recreation or work, odds are really good that they'll tell you its purpose is to support the business objectives of the company. If that's the case, why do you allow users to swallow up resources for the sake of their amusement? Social networks and Web sites that host streaming media are a drain on your computing environment and staff. Their continued availability to employees can leave the company vulnerable to a host of problems. Here are some examples: If these are the pros of allowing employees to access social networks and streaming media, then you should probably do something about it. And while you're at it, pdupdate your usage policy to clarify what is and isn't acceptable behavior in the organization. Craft your own internet usage policy with this sample Takeaway: a general guideline for Internet and intranet usage and encourages you to start the new year with an emphasis on user education. The Internet is an important resource for your customers and employees. It is imperative that you inform your users about the purpose and use of the company Intranet and Internet. By educating your users and setting out a clear policy, you'll gain a valuable ally in protecting company assets when users are on the network. The guidelines I present here are generic and should be modified to fit your business model. Standard Internet guideline These guidelines will help you find appropriate uses of the Internet for YOURCOMPANY business purposes. Overview This guideline does not contain all of the do's and don'ts of Internet usage. While this guideline will list examples of improper usage, your good judgment and common sense are essential to guiding you on the appropriate uses of the Internet and will help protect YOURCOMPANY resources. Contractors can use the Internet for YOURCOMPANY business purposes in order to fulfill their contracted assignment. Their usage must adhere to the guidelines within this policy. General principles Your first obligation as a user is to protect YOURCOMPANY information assets. The assets that comprise the YOURCOMPANY network are business assets and should not be considered personal assets. Here are the general principles for Internet use for YOURCOMPANY business purposes: - Material that would be considered inappropriate, offensive or disrespectful to others will not be accessed or stored
- Any software downloaded or installed on YOURCOMPANY assets must comply with applicable licensing agreements and copyrights
- Use only network services you have authorization to access
- Do not send material classified for internal use only via the Internet
Specifically, the Internet should not be used: - For personal gain or profit
- To represent yourself as someone else
- To provide information about employees to persons or businesses not authorized to possess that information
- When it interferes with your job or the jobs of other employees
- When it interferes with the operation of the Internet for other users
Consult with your manager if in doubt about any use of the Internet. Data classification Personnel records and financial information that is stored on the network is considered information for internal use only. This information, along with other proprietary information will not be sent via the Internet. Managers can make exceptions for sending YOURCOMPANY internal-use-only material when appropriate encryption is used. External communication Electronic mail or e-mail is the most commonly used form of communication on the Internet. When communicating outside YOURCOMPANY, remember: - No form of chain letter will be sent using YOURCOMPANY assets
- Do not send e-mail so that it appears to have come from someone else
- Do not automatically forward your e-mail to a non-YOURCOMPANY e-mail address
- Telnet: or trying to remotely access a system you are not authorized to use is not permitted. Unless you have prior authorization, do not run port or vulnerability discovery programs or try to get into open ports.
- When downloading software, you must comply with YOURCOMPANY procedures for the importation of software, even if it's "public domain." As a courtesy to others, try to do large file transfers during off hours.
If you have any questions regarding Internet usage, contact your manager. Final thoughts The guideline I've given you may not cover all the aspects of your network, yet it will give you a good starting point if you don't have a policy in place already. Enlist your user population in your security effort by putting out some simple do's and don'ts on Internet usage. Controlling Internet usage is not a difficult task. It involves putting together some guidelines and distributing those guidelines to the users, then educating your users. Once your users are informed on what they can and can't do on the network, enforce your guidelines. Don't forget to modify your guidelines as your business and network grow.
(Close panel) |
Bl Bocking entertainment is difficult-and not just because it's not going to win you any popularity contests. There's a wide variety of Web sites out there, and new ones pop up on a regular basis. For social networking, check Wikipedia for a list of social networking sites. I recommend dividing up your efforts among the different types of culprits-mainly, social networking, photo sharing, and streaming media. To help you get started, here are a few suggestions of networks to block at your outer security boundary. Social networking - 66.28.245.26 (hi5.com)
- 66.28.245.111 (hi5.com)
- 67.134.143.0/24 (MySpace.com)
- 204.11.105.26 (hi5.com)
- 204.13.51.241 (hi5.com)
- 204.16.32.0/22 (MySpace.com)
- 216.178.32.0/20 (MySpace.com)
Photo sharing - 69.17.46.120/29 (Photobucket.com)
- 66.11.48.0/20 (Photobucket.com)
Streaming media - 216.235.80.0/20 (Live365.com)
- 72.32.103.177 (Metacafe.com)
- 212.150.86.226 (Metacafe.com)
- 209.85.106.24 (Metacafe.com)
- 69.20.95.4 (Metacafe.com)
- 208.65.152.0/22 (YouTube.com)
- 64.62.253.88 (1.FM)
- 66.151.149.64/27 (Pandora.com)
- 65.61.188.4 (Metacafe.com)
- 204.74.64.0/18 (MTV.com, ifilm.com)
- 206.220.40.0/22 (MTV.com, ifilm.com)
- 64.93.76.0/24 (StupidVideos.com)
- 64.202.189.170 (FileCabi.com)
Now that you've become the most unpopular person in your company, make sure you stay updated. Revise your list as you uncover new networks, and block them once you've identified them as nonproductive. In addition, after you start restricting traffic like this from your network, you need to keep an eye out for users trying to go around your rules to get their entertainment fix. Start looking for anonymizing applications, network traffic through anonymous proxies, or terminal service connections going to home networks. Final thoughts Before you begin blocking anything that's going to upset your user population, you need to have an established policy that people are aware of that forbids or restricts such activity. All of your security efforts should follow these four steps: - Policy
- Action
- Monitor
- Enforce
|