>nothing is impossible... there are obvious costs and not so obvious
>costs... the firewalls group appears to have very open minds. im sure that
>a cost could be put on each packet based upon technical or the subjective
This method of costing would be ludicrous. Since the total cost of the
pipe is static (typically), then imagine this;
1. Month #1 there are two packets of data sent via the Internet
connection. One from Department #A and another from Department #B. Using
a packet costing method, the charge to the department = .5 total cost of
pipe. Total employee time spent on Internet = 1 second.
2. Month #2, there are 50 million packets sent via the Internet
connection. 25 million from Department #A and 25 million from Department
#B. Using a packet costing method, the charge to the department = .5
total cost of pipe (no change in cost). Total employee time spent on the
Internet = 7x24.
Obviously charging per packet meant nothing.
I would suggest that the same effort be put into monitoring Internet
activity that is put into monitoring the conversations that go on during
coffee breaks. Or the same monitoring that goes on at the bar after
work. Or the same monitoring that goes on during working hours by people
who sit beside each other.
You tell your employees that displaying a pornographic or otherwise
unacceptable image on their computer screens for any period of time is
the equivalent of pinning up a picture with the same image in their
office/cubicle. This applies to "hate" material, "pornographic"
material, material denigrating to any race, sex, or religious belief.
The law is already written covering the display of these types of images
in a workplace, its not acceptable. You do periodic scans, look in
user's cache directories, and give employees a line of communication to
report such abuse. Trying to engineer the censorship into the connection
is, IMO, impossible and a complete waste of resources.
As for "personal" packets being a huge waste of everyone's time, or it
being the precursor to the subversion of your security/general company
policies, ummm, I don't think so. If you've written your policies on the
basis that there will be NO personal use, then you have poorly written
policies. Ignoring reality in policy definition is the same thing as
saying that nobody will ever write their passwords down, and since its
in the policy that they shouldn't do that, its a non-threat. Base a
policy on that assumption and its doomed to failure.
This kind of surfing is fodder for log analysts (analysis). Its one of
the reasons why logs exist, and why we occasionally have to walk up to
an employee and ask them why they have a game installed on their
computer, or why they visited www.censored.com. One of two things
typically happen, they're so shocked and ashamed that they've been
caught that they never do it again, or, they end up getting fired as
they walk around saying how they should be allowed to do whatever they
want. We can't be so Draconian in our thinking that we cause them to
fear the technology, but an occasional unannounced audit coupled with
some log excerpts can go a long way...