Thursday, July 26, 2007

Chances are, if a person accesses the internet through a corporate network, their traffic is monitored in some way.
The very lowest tech way is for some kind of hall monitor person to stroll through and glance at screens. They may not officially know pr0n, but they would know it if they see it. Maybe this seems arbitrary to some companies so they just block the whole internet and leave users the ability to access things on the internal network only.
While that thought promises to keep me awake late into the night worrying over all the little data packets which will never live up to their full potential, the other extreme just plain freaks me out.
We had a meeting yesterday with the vendor for the solution we use for web content filtering and talked about their newest product line.
Currently, the system works as a proxy. Requests sent to the internet are routed to that server first, checked against a policy list, and then either approved or denied according to a complex list of designations.
Gaming site? That's out.
News? Okay, but we are timing you.
MySpace? Don't be silly.
Technical support for products we own? Sure. And have a good time.
Pr0n? You know better, and your request has been forwarded to HR for consideration.
Latest article about Lindsay Lohan? Categorized under "contraband substances"
That's fine. I hate censorship, but this has got to be done in today's litigious environment.
The new version does much more than this, though.
For instance, management can "fingerprint" various critical and proprietary documents. After that any time these documents try to leave the company through the internet this software blocks it.
Also, it can block them from specific destinations like competitors and the press, but allow documents like press releases right through -- But only if someone in the marketing department sends it.
Further, when a user is on our network we have no issue controlling their access to the interwebs, but up until now when they went home or to any public access point they were totally on their own, able to visit lottery sites, shop for Russian brides, or download gigs and gigs of pornography, and then carry whatever they picked up back to our unsuspecting network.
The new system actually insinuates itself between the internet and a user at their remote location, enforcing the same policies no matter where they choose to connect on their work-issued laptop.
But wait! What if a user wants to use a secure connection to commit "data leakage" (which sounds more disgusting and yet less expensive than it is)? This software can open up encrypted sessions and look inside. It can see where you bank, how much you own, and where you shop.
It can read your emails.
It can block applications that are installed from even running on your machine no matter where you are.
It knows your passwords to everything, even if you've long forgotten them.
It watches you shower.
It tracks the break room microwave and provides detailed reports to management about the poor nutritional choices you make.
I don't want this functionality. Not only is it a violation of implied privacy, I personally don't want to know that much about the users.
The technology is out there, though.
If you aren't at least a little bit frightened, the technology can even determine what hormone imbalance causes your misguided bravery.

No comments: