Hey all,
Just a bit of background info..
I work as an IT contractor but I essentially work full time on a client site managing their entire IT (~80 users, 8 servers etc). This company has a very "open" policy regarding Internet access, ie they don't block anything and trust people not to abuse it.
I've only been in this job a few months and I'm relatively inexperienced (22 years old, finished uni at 21).
I was working over the Christmas period and thought I would check the firewall logs for usage, found out someone was using bittorrent and downloading bleach episodes. Gave him a bit of a slap on the wrist and let him go.
However, I checked the firewall logs today and noticed that the most popular website being checked by the entire company is a porn site. 33000 hits in 24 hours (I understand that this isn't direct hits on the site, probably individual http requests). But still, very alarming. We have a very basic firewall package, it will log what sites are accessed and how many hits it receives, but will not tell me who accessed them.
I simply wanted to send an e-mail to all the employees where I'm at to keep their Internet traffic relevant and legitimate, the company director disagreed.
Instead, he's asked me to put in place software that can provide traceability and retrospectively log everyones usage, so that there is evidence to prove peoples abuse of the Internet connection, mentioning that people will get fired if there's proof of this kind of activity.
The funny thing is, I was in a very similar situation when I was on my placement year, I viewed someones internet explorer history and found it full of porn sites (I was on the computer removing malware because of it.) The empoyee in question got fired, and I felt really guilty about it.
But I'm just sitting here pondering, if I didn't report anything:
I'm pretty sure I've done the right thing here, but if someone else gets fired because of their net abuse I think I would feel really guilty again...
What are your views on this?
Thanks,
Just a bit of background info..
I work as an IT contractor but I essentially work full time on a client site managing their entire IT (~80 users, 8 servers etc). This company has a very "open" policy regarding Internet access, ie they don't block anything and trust people not to abuse it.
I've only been in this job a few months and I'm relatively inexperienced (22 years old, finished uni at 21).
I was working over the Christmas period and thought I would check the firewall logs for usage, found out someone was using bittorrent and downloading bleach episodes. Gave him a bit of a slap on the wrist and let him go.
However, I checked the firewall logs today and noticed that the most popular website being checked by the entire company is a porn site. 33000 hits in 24 hours (I understand that this isn't direct hits on the site, probably individual http requests). But still, very alarming. We have a very basic firewall package, it will log what sites are accessed and how many hits it receives, but will not tell me who accessed them.
I simply wanted to send an e-mail to all the employees where I'm at to keep their Internet traffic relevant and legitimate, the company director disagreed.
Instead, he's asked me to put in place software that can provide traceability and retrospectively log everyones usage, so that there is evidence to prove peoples abuse of the Internet connection, mentioning that people will get fired if there's proof of this kind of activity.
The funny thing is, I was in a very similar situation when I was on my placement year, I viewed someones internet explorer history and found it full of porn sites (I was on the computer removing malware because of it.) The empoyee in question got fired, and I felt really guilty about it.
But I'm just sitting here pondering, if I didn't report anything:
- Users will continue to view porn sites and download movies, games etc
- Malware would spread through the network (the company operates 24/7)
- We could get into a lot of trouble with the ISP
- If someone else found ouy that people were browsing porn sites and downloading but knew I did nothing about it, it would look very bad on me
I'm pretty sure I've done the right thing here, but if someone else gets fired because of their net abuse I think I would feel really guilty again...
What are your views on this?
Thanks,
Last edited: