Webfiltering - what do you use - assuming you do.
-
@johnhooks said:
This reminds me of workarounds like portable apps also. I didn't have admin access to the computer at the one place I worked, and I was there till 11 at night and really had no work to do past about 8. So I just used portable apps on a flash drive so I could do my business stuff and also play games.
Similarly when I worked for a large bank they blocked a ton by technology but not by policy. They wanted IT to solve problems without HR being involved. So, since working around the technology wasn't against policy, everyone implemented SSL VPNs (the agentless kind) and threw remote desktops from home back to themselves at the office. It was slow, bandwidth heavy and super inefficient and gave us all access to drastically more than if we had just read our email or whatever. It was the path of least resistance.
-
@johnhooks said:
Also brings up another question, why do places hire many lazy people vs few who work hard. In reference to the job offer I was recently given, I know based on what I was offered that the other "Systems Admins" make over $50K a year. I strongly believe based on what I've seen and heard that I could replace both of them and do the work myself. If the company is willing to spend upwards of $250K (including taxes, insurance, etc) for 3 people to do this work when 1 could do it by themselves, why would they even second guess giving me or someone else who can do it $150K a year to manage it? They wouldn't dream of paying one person that much, but do think it's ok to pay 3 not good employees that much?
My anecdote on this: I use this one a lot. I used to manage a BK in the mall (sad but true.) At one point we employed nearly forty people (not all full time.) At one point we figured out that the fastest, best staffing combination (that is the fastest times to make food, cleanest store, best food quality, happiest customers... it won all metrics that we had) was Chris in the kitchen, Leanne and Darryn (not sure that name is right) on the cash register with Darryn grabbing the kitchen when needed, and Mark doing the back stuff (cleaning dishes, opening boxes, freezer duty ... all the stuff that isn't the kitchen and cash register) and me managing but acting like a team member, not a manager so filling in wherever someone directed me and only stepping into a manager role for necessary functions like customer complaints, locking up, doing the paperwork, etc.
We figured out that all they had to do was be willing to pay us overtime and we could drop 35 people from our employment, run the store faster, safer, with the least food waste and the happiest customers while keeping the existing staff happy with good, guaranteed hours (the mall aspect limited the open hours so this wasn't as crazy as it sounded.) We would have reduced the cost to run labor by something like 70% while increasing quality and lowering other operational costs (insurance, food waste, etc.)
They refused to let us even try it. The results? Everyone took higher paying jobs elsewhere, none of us made more the $1/hr over other staff, most not even that. We would have been happy with more hours and knowing we only worked with each other (we were a happy team.) Instead of saving 70% and having the best team around, they were so determined to managed regionally based on outside factors that they lost the good staff and had to staff up, rather than down, running more than ten people per shift and delivering lower quality. The store dropped from the top performer in the region to closing up and going under.
Why? Who knows. One thing that I know came up several times (but how do you reprimand the top performers) was they hated that I was a working manager (I was a lead really, just a senior flex position, none of them needed to be managed) and not a thinking manager. But when you have no managing to do, what else can you do to be useful than to reduce the need to hire other people? It's not like by "thinking" better we would grow and get a bigger store with more staff to manage, doesn't work that way. But they couldn't stand it because other managers, especially the regional, wanted managers to stay locked in the office, never get dirty and never mix with the "staff".
-
Which is extra silly when you consider that me as a manager made $.75/hr more than my cashier. It's not like we were in different tax brackets.
-
@scottalanmiller said:
was they hated that I was a working manager (I was a lead really, just a senior flex position, none of them needed to be managed) and not a thinking manager
Except you were a thinking manager, because you thought of a better and more reliable way to do it?
-
@johnhooks said:
Except you were a thinking manager, because you thought of a better and more reliable way to do it?
I thought... hey, I'm useless if I'm not working... lol.
-
@scottalanmiller said:
@johnhooks said:
Except you were a thinking manager, because you thought of a better and more reliable way to do it?
I thought... hey, I'm useless if I'm not working... lol.
It seems to big an issue with fast food and retail. They don't hire people who don't have "retail" or "food service" experience, but the people that do are usually not very reliable. Plus, like it's that hard to be able to do those tasks....
-
@johnhooks said:
@scottalanmiller said:
@johnhooks said:
Except you were a thinking manager, because you thought of a better and more reliable way to do it?
I thought... hey, I'm useless if I'm not working... lol.
It seems to big an issue with fast food and retail. They don't hire people who don't have "retail" or "food service" experience, but the people that do are usually not very reliable. Plus, like it's that hard to be able to do those tasks....
BK was good about that. Fourteen and fifteen year olds with zero experience were hired regularly. I was the one and only person that they hired with experience and I had a year of Pizza Hut crew chief, they promoted me from "part time cashier" to "regional bulldog manager" at the end of my first day. Regional Bulldog is an impressive title for "regional manager's circuit bitch". I was the shift manager sent to failing stores to turn them around as a final effort before being shut down. If I showed up in your store, the end was near. The regional manager used me to be their arm to try to turn stores around. Which made me never a popular person to be showing up.
-
OMG - we have a 100 Mb connection - Barracuda wants $16K for a 100-200 Mb webfiler. with $6400 yearly renewable maintenance/support/updates. Can we say highway robbery!
The 50-100 Mb connection level is a mere $6K, with a renewal yearly at $2K. DAMN!
-
@Dashrender said:
OMG - we have a 100 Mb connection - Barracuda wants $16K for a 100-200 Mb webfiler. with $6400 yearly renewable maintenance/support/updates. Can we say highway robbery!
Bahahahaha, who the crap would pay that?
-
@Dashrender said:
OMG - we have a 100 Mb connection - Barracuda wants $16K for a 100-200 Mb webfiler.
"Webfilter". We like to call it an "access node".
-
OK I was given another reason why they didn't want Facebook, at least on our office computers.
you know.. the reasoning seems so off the wall, I just can't even write it.
lol -
@johnhooks said:
Bahahahaha, who the crap would pay that?
I wonder how many companies actually look to see if tools like this can save money. That is a lot of productivity that they have to improve to justify cost like that. Sure they often lower risk (not backdoored ones, but in general) so there is savings there as well, but cost of acquisition, configuring the environment to use it, cost of lost access to needed resources (they always block something that you need), cost to run and power, labour, etc. It adds up. You have to pretty much generate the value of one or two whole new employees from that thing to justify buying one!
-
That's basically $50K over a five year contract. And the chances that it will be fast enough to use five years from now will be maybe 50%. Plus whatever it cost to power, maintain, etc. That adds up quickly.
-
@scottalanmiller said:
@johnhooks said:
Bahahahaha, who the crap would pay that?
I wonder how many companies actually look to see if tools like this can save money. That is a lot of productivity that they have to improve to justify cost like that. Sure they often lower risk (not backdoored ones, but in general) so there is savings there as well, but cost of acquisition, configuring the environment to use it, cost of lost access to needed resources (they always block something that you need), cost to run and power, labour, etc. It adds up. You have to pretty much generate the value of one or two whole new employees from that thing to justify buying one!
I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of.
-
@scottalanmiller said:
That's basically $50K over a five year contract. And the chances that it will be fast enough to use five years from now will be maybe 50%. Plus whatever it cost to power, maintain, etc. That adds up quickly.
On that note, Barracuda will give you a new one after you renew the "instant replacement" for the 4th time, so beginning of year 4, you could get a new unit for free.
-
@Dashrender said:
OK I was given another reason why they didn't want Facebook, at least on our office computers.
you know.. the reasoning seems so off the wall, I just can't even write it.
lolYou can't do that and not tell us haha.
-
@johnhooks said:
I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of.
We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours.
Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter.
In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list.
-
@Dashrender said:
@johnhooks said:
I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of.
We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours.
Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter.
In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list.
One of our big pains was CrashPlan, the backup servers were all blocked by default and we had to add them one at a time as they came up. The other giant pain was getting certs set up and not having Chrome complain about them. It was a big mess.
-
@johnhooks said:
@Dashrender said:
@johnhooks said:
I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of.
We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours.
Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter.
In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list.
One of our big pains was CrashPlan, the backup servers were all blocked by default and we had to add them one at a time as they came up. The other giant pain was getting certs set up and not having Chrome complain about them. It was a big mess.
How did you handle doing a MITM on all of your users and not have chrome refuse to work for places like Google services?
-
I used Watchguard XTM devices and loved them.