Kaseya Community

Dealing With an Irresponsible Internet Know-It-Alls

  • I'm in a corporate environment. We have a user that, with our administrations' apparent blessing, looks at just about every blog, tweet, and other seemingly non-business related websites. Her defense is that she takes what she does and uses it to train employees (yeah right). Her training seminars have included "How to shop online for Christmas" and "Tweeting in the workplace".

    Yesterday our intrepid Training Coordinator just happened to catch a virus that ended up spreading to 16 other workstations before I got it under control. Administration has determined that the best course of action would be for her to run 2 pcs; one on our network and the other in a DMZ because she needs blogspot for training ideas...

    Admin has ruled she has to have full internet access. Other than our standard security (IPS, Firewall, Antivirus, and anti-malware) what would my fellow Kaseya brethren suggest?

    I'm currently pulling her internet history daily and trying to convince admin that Foxnews, Twitter, and BlogSpot are not training references, but no such luck.

    Thank you,
    Billy Merfeld
    1st Community FCU

    Legacy Forum Name: Dealing With an Irresponsible Internet Know-It-Alls,
    Legacy Posted By Username: bmerfeld
  • i think my wife puts it best....

    suck it up princess.....Big Smile

    Excuse my jockularity.

    If administration say she is to have full access, she must have full access.

    If you have explained to admin the dangers of such sites, and the possible outcomes of malware and viruses, identity theft etc, and they still think she needs full access, then what more can you do?

    So i would be explaining to them the issues:

    * Viruses
    * Malware
    * Identity Theft
    * Security issues
    * Data security
    * Cost to them should any of the above occurr.

    If they still want her to have full access, get sign off on such, and then charge them through the nose when this particular person eventually trips up.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: Commander
  • I would suggest that they use an anti-virus or firewall uses a web/url reputation service, which should automatically block access to sites that are high risk or known for malicious activity.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: eddy@dgs.com.au
  • Does she have local administrator privileges? Move her to the user group. She doesn't need to be installing applications for her training, does she?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: nevesis
  • Anyone here has probably seen one or more of non-admin post or rants. However, you hopefully have positioned yourself as the computer "expert". If the client refuses to listen to your "expert" advice. Then they should understand your MSP pricing is based on your preferred configuration. If they refuse to follow it point out every little problem caused by this individual and charge for every incident. Then return again in 3-6 months with the told you so speech. Remind them of the configuration and how great it works for everyone else. Hopefully by that time they will fold and let you lock the system down. Remind them threats change faster then most people can be taught to avoid them. An ounce of prevention is truly worth a pound of cure.

    Matt

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: connectex
  • bmerfeld
    I'm in a corporate environment. We have a user that, with our administrations' apparent blessing, looks at just about every blog, tweet, and other seemingly non-business related websites. Her defense is that she takes what she does and uses it to train employees (yeah right). Her training seminars have included "How to shop online for Christmas" and "Tweeting in the workplace".

    Yesterday our intrepid Training Coordinator just happened to catch a virus that ended up spreading to 16 other workstations before I got it under control. Administration has determined that the best course of action would be for her to run 2 pcs; one on our network and the other in a DMZ because she needs blogspot for training ideas...

    Admin has ruled she has to have full internet access. Other than our standard security (IPS, Firewall, Antivirus, and anti-malware) what would my fellow Kaseya brethren suggest?

    I'm currently pulling her internet history daily and trying to convince admin that Foxnews, Twitter, and BlogSpot are not training references, but no such luck.

    Thank you,
    Billy Merfeld
    1st Community FCU


    This is probably the most common issue that anyone and everyone working in a corporate IT environment has. There really is no answer to this. My suggestion would be to make sure you have proof that you explained the dangers of this person (or anyone) having unrestricted access to the internet (or local admin permissions) to your boss. An email (print it out!) works but a signed paper from your boss is best.

    Once you have that proof in hand...do whatever it is your boss/admin tells you too. I know that sounds harsh...but that's really all you can do.

    Make sure to document EVERYTHING that results in that employees use of whatever it is she thinks she "needs". If you are absolutely sure that her machine caught a virus which spread on the network (pretty rare these days to be honest with you...) make sure you can prove it AND document it.

    This way when she messes up the network you have proof that you not only warned everyone of this (and they said do it anyway) BUT you can prove it is her/their fault.

    Aside from that...maybe ask your boss/admin if you can have her remote control into her computer at home and browse through RDP/LogMeIn/whatever.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: CeruleanBlue
  • We have started using SonicWall firewall because of the work they do on a packet level to detect virus's ect. it has a subscription service to for content filtering and outlay is about £600 I think. Just an idea.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: Dean Osborne
  • As a Credit Union your auditors and your security policy may be your friends here. I have a T&M bank customer whose IT department had their patching and security under control. Conficker shutdown their network for 3 business days(including a weekend), as they tried to stop it, and then we wiped it off their systems branch by branch. Blue Screen crashed a couple of their servers and their backups were not pretty. They trusted that their software vendor was taking care of that. Management is taking security a little more serious now. I did not get invited to the board meeting after the event, but I bet it was fun. You might want to bring up that scenario and figure if the value of her searching the net is worth the potential losses.

    I do understand your pain. We had a similar situation in another Credit Union, but the IT department stood their ground. There were ugly internal politics, but the IT manager required her boss to give a written memo requiring her to open security for the user to give to the auditor to protect her position since it was against her best practices for security. VP would not do that so the security stayed in place. The user (marketing VP) then went out and started using anonymous proxies so she could get her presentation materials off myspace and youtube. One Cymphonix box later that has stopped.

    Vernon Southmayd
    Creative Computing

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: vernon@midmich.net
  • Sounds like you are fighting an uphill battle on a muddy hill and not getting any traction. Try this....

    A common solution is to present to administration that other users on the network may be abusing the internet, but, you have a solution, which, you can use to your advantage.

    Take a serious look at WebSense. http://www.websense.com

    It will provide some scary info on user activity on the network. 2 lines of code hooks it into a Cicso Pix. It provides internet access controls, filters and some awesome reports.

    Hope this helps.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: shickey
  • bmerfeld
    I'm in a corporate environment. We have a user that, with our administrations' apparent blessing, looks at just about every blog, tweet, and other seemingly non-business related websites. Her defense is that she takes what she does and uses it to train employees (yeah right). Her training seminars have included "How to shop online for Christmas" and "Tweeting in the workplace".

    Yesterday our intrepid Training Coordinator just happened to catch a virus that ended up spreading to 16 other workstations before I got it under control. Administration has determined that the best course of action would be for her to run 2 pcs; one on our network and the other in a DMZ because she needs blogspot for training ideas...

    Admin has ruled she has to have full internet access. Other than our standard security (IPS, Firewall, Antivirus, and anti-malware) what would my fellow Kaseya brethren suggest?

    I'm currently pulling her internet history daily and trying to convince admin that Foxnews, Twitter, and BlogSpot are not training references, but no such luck.

    Thank you,
    Billy Merfeld
    1st Community FCU


    If she just needs surfing, have her do it on a separate Linux box or VM. You could also change her IE shortcut so that it launches via Sandboxie.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: topdogpc
  • I would recommend a BartPE or UBCD4WIN environment in the DMZ for the training coordinator.

    This way, the coordinator cannot install applications, get permanently infected with a virus or malware and can have a significantly less-troubling, more bulletproof environment for universal (but not unmonitored) Internet access.

    Another alternative is to have a primary boot partition, similar to OEMs, that contains a standard Windows workstation image and image placement tool such that every time the computer is power cycled, the Windows partition is wiped and a known-good image loaded onto the Windows partition.

    The PE is the easiest and least expensive.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: DPorter
  • We use Internet content filters such as SonicWall gateway anti-virus/anti spyware or Untangle. Either one does a nice job of keeping the spyware/malware/viruses at bay. It has made a noticeable difference in the amount of malware/viruses, etc.. we have to deal with. It is a must for us to have something like this at all managed sites. Protection at the host level and at the gateway level is the only way to go these days.

    -michaelr

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: michaelr
  • Use a virtual machine and Keep the existing internet rules in place. Have the vmmachine go through a seperate network to the internet or internet cafe pc's or if she has a laptop get that to come in over a isolated wireless link or a live ubuntu cd if she can be bothered.

    "How to shop online for Christmas" and "Tweeting in the workplace" are not related to work activities, remind the bosses ppl are there to work on projects etc whatever you do, not have someone teach useless stuff that is a waste of time.

    Do you guys have any "Internet Cafe PC's". At a previous company its what we used to give access to sites that werent related to work such as news, sports etc and they could use that and print off stuff etc. Lock it down with a nice gpo and that can help prevent spread of viruses. Dont allow programs to be installed, hightened security levels etc.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: steven.moore
  • Same issue we had at a call center with a bunch of 18-25 year olds. To resolve, business PCs were locked down, full filters using untangle and warned.

    To relieve the issue we setup a separate PC on the DMZ which they could feel free to use on their breaks. Still tracked what they did but had less filters.

    This kept the business network safe, gave freedom for users on their free time, but more importantly supervisors were able to visibly see who was at their desk or at the "play/break" area and kept us from having to worry about productivity.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: doug.jenkins@ispire.ca
  • Another thing you could try is a program like Deep Freeze. It creates an Image of the machine and everytime the machine is rebooted it restores it to what it was. We have it installed at several clients where there is a high risk of the machine getting infected or something deleted.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: Comsyco