<snip>
>What you need to do is this:
>
>Draft up a 'charter' for the use of the Internet within the company.
>
>Make sure that this charter contains clauses such as "All Internet
>resources are to be used for Company businss only", "The Company
>reserves the right to monitor any and all Internet traffic to and from
>the Company's site", "All e-mails to or from the Company's network are
>the property of the Company", and "Failure to adhere to these clauses
>may result in disciplinary action - serious breaches may result in the
>employee's dismissal".
>
>Issue a copy of this charter to any employees who may use the system,
>and have them sign and return it to you.
>
>You may wish to make this charter part of the employee's contract of
>employment - many companies do in the UK.
This is exactly what I had in mind. As I've already made clear, I have a
much bigger problem with companies that don't clarify things in this way,
allowing the company to gather data on their (admittedly naive) employees. I
will make sure that everyone understands the situation - as you say, most
will understand once things are explained.
>Although some people talk of posting such logs on Company Intranet
>sites, etc., this can sometimes be more trouble than it is worth. Say
>for example, an employee logs into a child pornography site - do you
>really want that appearing to all your employees at your site, or would
>you rather just quietly gather the information/evidence that you need in
>order to assist the police in prosecution? Also, by publishing the
>logs, people can not only see what you are logging, but more
>importantly, they can see what you are NOT logging.
>
Good point, I'll have to think about this.
>Another aspect to consider is this. I did not have time to check all
>the logs, all the time. I was often working over ninety hours a week as
>it was - I was responsible for a WAN that covered sites up to 200 miles
>away, and was on call 24/7. So, I set up a random schedule of checking
>a particular set of logs for a week or so, then changing to a different
>set, etc. I also allowed rumors to spread that I was logging/monitoring
>more than I really was...
One problem: I have tried to set the network up to run as autonomously as
possible. The logging has to be accessible to the Director, rather than
myself, and possibly maintained by the information officer, so I do need a
script to publish to the intranet or email the logs in some form. Perhaps a
collation utility as well, to view monthly stats. I see your point when it
comes to staff being able to find holes in the logging system, but without
me being around to remind them that 'I can see you', they may forget.
Everyone being able to see everyone will ensure that *no-one* forgets.
Anyway, the original post was more a question as to how to set this up
inside the computer, rather than office protocol. I'm interested in scripts
to monitor the traffic across a PPP connection, perhaps collate them and
display them on the web.
Any ideas?
Thanks,
Tom
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
