> We have a new problem, and I'm looking to find out what other folks have
> done about it.
> With Internet access, there are some people who have discovered binary
> pictures (subject of pictures doesn't really apply here), and are down-
> loading them at a rapid clip. Rapid enough to cause performance problems
> here on the network. The initial reaction of management was:
> How do we keep this ******* off the net?
> I would prefer to tackle the broader issue of abuse of company resources
> to the point where it hinders other peoples ability to get work done. I'm
> trying to keep my personal opinions out of this, and would like to hear from
> anyone who has successfully (or unsuccessfully) dealt with the problem of
> personal use of the Internet on company time and computers.
> I welcome all solutions, political, technological, managerial, hardware,
> software whatever. What I'm trying to do here is offer as many options as
> possible to management.
> No flames about this please, I'm trying to solve a problem in a reasonable
> manner and flames don't solve anything.
1. Get a bigger pipe for your Internet connection. Then your users
can download the pictures faster and there will be more productive. :-)
Seriously, if a few users doing FTP of some pictures are killing your
connection, you probably need a bigger pipe.
2. Tell the users not to do this. Really. Are there policies in
place regarding use of corporate resources? Have these policies been
communicated? If not, then how will the users know better?
3. Track down the users how are doing the downloads and discipline then.
Most good firewalls allow you to do this easily. If not, get a firewall
that does. Periodically going through logs and questioning users will
keep them aware of your standards regarding this behavior. Maybe not
the best use of your time, but definitely an option.
4. Turn off access to the more obvious porn. If you are using a proxy
server for WWW access, you typically can turn off access to URLs
(www.playboy.com and www.penthouse.com are obvious choices). This
really doesn't solve the problem as users will always find new archives
to tap. But sometimes this can be enough to get management to stop
5. Have managers manage. If users are spending all of the their time
downloading pictures and not getting their work done, this should be
handled by their managers, not you. The managers are responsible for
monitoring performance. If their direct reports are not doing their jobs,
it's not the Internet's fault and it's not your fault - it's the
managers responsibility. Make sure that management doesn't assign to you
The implications for firewalls (this is the firewalls list) depend
on what you do. If you try #1, your firewall needs to handle the
increased bandwidth. #2 (writing policies and communicating them),
should be done in any case, and it is not firewall dependent. #3
means that what you do for a firewall should have logging at the
file transfer level. #4 means that the firewall should be able to
"censor" Internet resources from inside and organization. #5
should also be done in any case.
Note that you can do a combination of the above. Doing #2 and #5 are
the best choices, IMHO.