Strict Web Filtering - Good Security or Cause for Lynch Mob?
-
@Carnival-Boy said:
We have 10mb here for around 60 users. I think that's fairly normal in the UK. We pay pretty much exactly the same as you Dash. I don't find it terrible. I will upgrading to 50 or 100mb later this year, which will cost about double but which we will need when we transition from on premise Exchange to O365.
That was common in the US until just about two years ago. 10Mb/s for sixty users isn't crazy here even now, not great, but not odd. We have a customer that was 10Mb/s for eighty five users just last year and while limiting, it was fine.
-
@thanksajdotcom said:
It seems like having a failover line and using a dual-WAN router to increase connection speed would be advantageous to them. Even instead of going to the 2oMb/sec line. And it's cheaper!
Depending on their usage that may not help. Connections can't be split across the the two networks, only new connections can balance between the two. You really have to do an analysts to see if it will even help.
-
@thecreativeone91 said:
You can't really compare a home connection to an office. Neither in there need for that much bandwidth nor their actual connections. Business grade connections will generally have much less latency than a home grade connection making the speed faster and the bandwidth appear to be more than it is. You also actually get what you pay for with a business connection with a home connection you just get whatever.
These days they are normally delivered over the same infrastructure and are very comparable. Home grade has enterprise level latency now and businesses are starting to see home speeds. I don't know any business that gets what I normally got at home in terms of up speed, down speed, reliability or latency. Business class used to often be better, but those days are over now that FioS, Google Fiber, Cablevision and others are available. Generally businesses just buy home connections now too. And the remaining business connections are often things like T lines that are pathetically anemic compared to even the worst home lines.
-
@thecreativeone91 said:
@thanksajdotcom said:
It seems like having a failover line and using a dual-WAN router to increase connection speed would be advantageous to them. Even instead of going to the 2oMb/sec line. And it's cheaper!
Depending on their usage that may not help. Connections can't be split across the the two networks, only new connections can balance between the two. You really have to do an analysts to see if it will even help.
Things like HTTP 1.1 work great over dual lines. Things like HTTPS 2, VPNs and YouTube do not.
-
@scottalanmiller said:
@thecreativeone91 said:
You can't really compare a home connection to an office. Neither in there need for that much bandwidth nor their actual connections. Business grade connections will generally have much less latency than a home grade connection making the speed faster and the bandwidth appear to be more than it is. You also actually get what you pay for with a business connection with a home connection you just get whatever.
These days they are normally delivered over the same infrastructure and are very comparable. Home grade has enterprise level latency now and businesses are starting to see home speeds. I don't know any business that gets what I normally got at home in terms of up speed, down speed, reliability or latency. Business class used to often be better, but those days are over now that FioS, Google Fiber, Cablevision and others are available. Generally businesses just buy home connections now too. And the remaining business connections are often things like T lines that are pathetically anemic compared to even the worst home lines.
We have BDSL here (Business DSL) that is not A-synchronous. It also has a much lower contention ratio at the excahnge and . From 1-to-1 up to 4-to-1. For standard ADSL, you are at the mercy of your provider.
BDSL is more expensive but as @thecreativeone91 stated, you get what you pay for. -
@scottalanmiller said:
And the remaining business connections are often things like T lines that are pathetically anemic compared to even the worst home lines.
FiOs availability nor Google fiber is that great yet. I've always ran over business grade fiber which even at a 10mb connection would kill my 40mb home connection. You also get an SLA which you don't with a home grade connection. The fiber provider has only had one unscheduled outage in the past 5 years. I can't say that for home grade connections.
-
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
-
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
I think the trend anymore is moving toward just blocking pornograpgy/adult content/nudity/sexual education. and then blocking for security reasons if needed (downloads of *.exe's *.bat, *.msi etc) rather than blocking everything. It's always been up to the department heads places I've worked so it varied by departments.
-
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
People have nasty online habits. I'd rather not have to deal with the results.
They aren't mutually exclusive. You need both HR ploicies and a proxy/web filter for any one of them to be effective. -
@nadnerB said:
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
People have nasty online habits. I'd rather not have to deal with the results.
They aren't mutually exclusive. You need both HR ploicies and a proxy/web filter for any one of them to be effective.If you are referring to blocking spyware, malware. Downloads of executable files etc. That's much different than blocking websites. That's just using your UTM/Content Filter as another security/anti-virus layer.
But, I don't think IT should have any say (outside of security) what websites users can go to.
-
@thecreativeone91 said:
But, I don't think IT should have any say (outside of security) what websites users can go to.
100% agree. If IT does any blocking, it should be a clear and concise direction given by HR and only implemented by IT so if there is any question, work around, authorization.... IT should not be involved.
-
@thecreativeone91 said:
@nadnerB said:
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
People have nasty online habits. I'd rather not have to deal with the results.
They aren't mutually exclusive. You need both HR ploicies and a proxy/web filter for any one of them to be effective.If you are referring to blocking spyware, malware. Downloads of executable files etc. That's much different than blocking websites. That's just using your UTM/Content Filter as another security/anti-virus layer.
But, I don't think IT should have any say (outside of security) what websites users can go to.
Our proxy server does both content and web category blocking. We don't control to the site level unless a manager says "Employees X, Y and Z need to lose their Facebook access".
-
Thank you all for your thoughts on this, given me a bit to chew on.
I especially enjoyed the comparison to manufacturing - given me something to google later