Restricting websites without a damn good reason is bad practice in IT, as far as I’m concerned.
If the website causes a legitimate threat of data exfiltration or getting the employer handed a lawsuit (piracy, sexual harassment, w/e), sure, block it.
But using web filters to solve managerial problems like employee productivity is demeaning to workers and unnecessary overhead on IT.
Our job in IT, at the end of the day is to improve productivity…sure…but blocking benign websites takes us away from that.
Restricting websites and whitelisting the ones you’re supposed to have access to is literally like one of the fundamental rules of it security. What are you talking about?
I don’t think this particular case was about security but pretending that block-by-default is not a good security practice is dishonest.
The idea of IT fixes for HR problems irks me. It’s overhead on IT that could and should be spent doing other more important things.
If an employee is slacking off on time-wasting sites, that’s a problem between the employee and their manager. Leave IT out of it. Treat all your employees like responsible adults and handle them individually. Blocking benign websites for everyone is collective punishment and I disagree with that.
I’ve been thinking about announcing in some of my office chatrooms that we are going to block Reddit and SO for April fools. I think a lot of people would believe it so hard.
It’s not an IT fix for HR problem. It’s literally just a best practice in IT security and has absolutely nothing to do with people. It’s a priciple of least required access. It’s not just for website filters, it applies to all aspects of security. In this case, it’s to prevent fishy websites being visited by accident - for example your finger slips and you misspell a company website address and all of a sudden it redirects you to a phishing version of Microsoft SSO login portal you always use to sign in to work. You didn’t notice it and you input credentials compromising your system.
These websites are rampant, constantly finding new ways to social engineer ways for people to accidentally visit them and can’t be added to a filter as fast as they pop up. That’s why you block by default. It’s a lot easier to make a list of websites required for your work than to exclude every potentially harmful website that’s getting generated magnitudes faster than any internal company portal.
This is a very simple example of applying the “least privilege” security principle. It’s akin to you not leaving your front door open and unlocked just in case one of your friends drops by, but instead giving the friend a set of keys and locking your door.
I should note that I don’t think that’s what musk is doing to our government but since you seemed to have misunderstood what the security principle is actually meant for I wanted to add some context.
It’s internet my man. As long as it doesn’t break AUP, we pay zScaler a lot of money to allow people to go to News sites and block phishing, known baddies, new domains, and unknown sites.
Restricting websites without a damn good reason is bad practice in IT, as far as I’m concerned.
If the website causes a legitimate threat of data exfiltration or getting the employer handed a lawsuit (piracy, sexual harassment, w/e), sure, block it.
But using web filters to solve managerial problems like employee productivity is demeaning to workers and unnecessary overhead on IT.
Our job in IT, at the end of the day is to improve productivity…sure…but blocking benign websites takes us away from that.
If they’re running a proper web filter it’s a single checkbox for the “news” category
Which could be set to “permit” or could be set to “get 1000 calls asking why we can’t get to CNN”.
If you have a proper web filter it explains to the user why they can’t get to CNN when they attempt to get to CNN
Yes, so they can call and ask for an exception.
Sooo its a nothing burger?
Restricting websites and whitelisting the ones you’re supposed to have access to is literally like one of the fundamental rules of it security. What are you talking about?
I don’t think this particular case was about security but pretending that block-by-default is not a good security practice is dishonest.
The idea of IT fixes for HR problems irks me. It’s overhead on IT that could and should be spent doing other more important things.
If an employee is slacking off on time-wasting sites, that’s a problem between the employee and their manager. Leave IT out of it. Treat all your employees like responsible adults and handle them individually. Blocking benign websites for everyone is collective punishment and I disagree with that.
I’ve been thinking about announcing in some of my office chatrooms that we are going to block Reddit and SO for April fools. I think a lot of people would believe it so hard.
It’s not an IT fix for HR problem. It’s literally just a best practice in IT security and has absolutely nothing to do with people. It’s a priciple of least required access. It’s not just for website filters, it applies to all aspects of security. In this case, it’s to prevent fishy websites being visited by accident - for example your finger slips and you misspell a company website address and all of a sudden it redirects you to a phishing version of Microsoft SSO login portal you always use to sign in to work. You didn’t notice it and you input credentials compromising your system.
These websites are rampant, constantly finding new ways to social engineer ways for people to accidentally visit them and can’t be added to a filter as fast as they pop up. That’s why you block by default. It’s a lot easier to make a list of websites required for your work than to exclude every potentially harmful website that’s getting generated magnitudes faster than any internal company portal.
This is a very simple example of applying the “least privilege” security principle. It’s akin to you not leaving your front door open and unlocked just in case one of your friends drops by, but instead giving the friend a set of keys and locking your door.
I should note that I don’t think that’s what musk is doing to our government but since you seemed to have misunderstood what the security principle is actually meant for I wanted to add some context.
But that’s what blocking newly registered domains and unknown domains are for.
Most webfilters have boxes to block those. Usually much higher up than News sites.
Wow lot of tech illiterate people in this thread. Jesus Christ what a waste of time
I kind of wonder where people work that IT doesn’t block a handful of legitimate sites.
It’s internet my man. As long as it doesn’t break AUP, we pay zScaler a lot of money to allow people to go to News sites and block phishing, known baddies, new domains, and unknown sites.