Hmmm - you are probably better off in the long run to check the company network usage policy ( you do have one that upper management has signed off - right?) to see if it contains any "holes" in the definitions of the proper use of the network by employees.... If they are abusing the policy politely point out the abuse and remove the software from the workstations (and also point out that it could be construed as "music piracy" as well - not sure on the current state of this but there are pending lawsuits against most of the "music sharing" sites by the music industry)...
Of course if the company you work for does not have an employee network usage policy in place then I am not sure you have a legal leg to stand on (I am not a lawyer but I have heard of cases where an employee was doing something on the companies network - got "punished" then turned around and sued the company as there was nothing in the employee policies stating they could not do things such as was done)... A little rational objectivity will go a long way to keep harmony with the employees you work with... of course if they are adamant about the whole thing and the policy has a clause for the type of punishment for network abuse then exercise the punishment clause (report the abuse to upper management along with the impacts to the network if left unchecked).... This could be a good time to look at your firewall policy as it relates to your network security policy (you do have one of those as well - right?) to see if the firewall is a little "too" open allowing the abuse to occur... Just my thoughts... gm... > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 11, 2002 10:04 AM > To: [EMAIL PROTECTED] > Subject: Re: Stopping File Sharing Programs... > > > I assume that either you do not have a corporate policy that explicitly > forbids use of p2p filesharing software, or you do have a policy but > just don't properly enforce it with appropriate punishment. > > a strictly enforced corporate policy is the best way to stop p2p > filesharing use. make an example out of somebody. > > Regards, > ken > > Ken Williams ; Technical Lead ; [EMAIL PROTECTED] > eSecurityOnline - an eSecurity Venture of Ernst & Young > [EMAIL PROTECTED] ; www.esecurityonline.com ; 1-877-eSecurity > > > > > dhar@dexponet > .com To: > [EMAIL PROTECTED] > cc: > 03/08/2002 Subject: Stopping > File Sharing > Programs... > 10:45 AM > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Hello Everyone, > > Our connection to the Internet these days is getting bogged down as > quite a few users are using P2P progs to share/download files. Initially > the problem was just one: Kazaa. We were able to stop user access to > Kazaa by blocking the port 1214. Users currently use a whole set of > filesharing programs.. Morpheus, Kazaa, Gnutella, Bearshare etc. etc. > Yes, it is possible to keep track of the programs being used, block each > one individually etc. > > Would there be some kind of a generic way to block such P2P progs? > > Regards > Dhar > > - -- > Smith & Wesson: The original point and click interface. > > pub 1024D/7AB2D05A 2002-02-24 Sumit Dhar (Sumit Dhar, SLMSoft.com) > <[EMAIL PROTECTED]> > Key fingerprint = 4A18 D20D 3D15 6C5B CD2F 8E45 B903 0C29 7AB2 D05A > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE8iOrFuQMMKXqy0FoRAgpfAKDjc+1pS5WZzzPXVYvV3zGJ7A+e/gCgn9sb > 7xlaUITEO6mrErzFb8nxbGs= > =vwcP > -----END PGP SIGNATURE----- > > > > > > > > > ______________________________________________________________________ > The information contained in this message may be privileged and > confidential and protected from disclosure. If the reader of this message > is not the intended recipient, or an employee or agent responsible for > delivering this message to the intended recipient, you are hereby notified > that any dissemination, distribution or copying of this communication is > strictly prohibited. If you have received this communication in error, > please notify us immediately by replying to the message and deleting it > from your computer. Thank you. Ernst & Young LLP >
