Strict Web Filtering - Good Security or Cause for Lynch Mob?
-
@coliver said:
@Dashrender said:
@coliver said:
@thanksajdotcom said:
@Dashrender said:
This is a rather hard one for me... If I was the boss/owner... what would I want?
It really boils down to the type of workers you have and the environment.
That said, some freedoms to check the personal life a bit are OK.
The only filtering we do is on violence, guns and drugs. I also kill streaming services as they have killed our 10 meg pipe many times not allowing us to use our online EHR.
Yup, and that's really the only reason to kill those. A 10Mb pipe is pretty small for an office if it has more than 5-10 people. If you've got decent bandwidth, I'd prefer just throttling personally, but I can always stream Plex from home to either my PC or my phone if I must.
So having 10Mb/s connection to a 60 person office isn't that great? Haha, just kidding it is terrible.
This is exactly what we have. We have a fiber connection for $880/month for that 10 GB. I would consider moving to normal Cable Modem services, but last year they had nearly 3 days out weekday outages (no idea on weekend outages). Now while from a money earned perspective we might have saved money (i.e. the losses from those 3 days vs the cost of the fiber for a year), but from a frustration level of the doctors I'm sure they consider it a worthwhile expense.
Going to 20 megs will be another $200.
I've asked about bringing in a cable modem for additional throughput, we could get something like 75/10 for around $150 a month, but I was denied.
$880 for 10GB/s or 10MB/s? Around here we don't have that option, we have our local ISP and TWC, TWC wants us to pay 20,000$ for the line to our office and sign a 10 year contract... so we are left with one option.
My mistake.. it's 10 Mb/s.
I corrected my post.
-
We have 10mb here for around 60 users. I think that's fairly normal in the UK. We pay pretty much exactly the same as you Dash. I don't find it terrible. I will upgrading to 50 or 100mb later this year, which will cost about double but which we will need when we transition from on premise Exchange to O365.
-
@Dashrender said:
@coliver said:
@thanksajdotcom said:
@Dashrender said:
This is a rather hard one for me... If I was the boss/owner... what would I want?
It really boils down to the type of workers you have and the environment.
That said, some freedoms to check the personal life a bit are OK.
The only filtering we do is on violence, guns and drugs. I also kill streaming services as they have killed our 10 meg pipe many times not allowing us to use our online EHR.
Yup, and that's really the only reason to kill those. A 10Mb pipe is pretty small for an office if it has more than 5-10 people. If you've got decent bandwidth, I'd prefer just throttling personally, but I can always stream Plex from home to either my PC or my phone if I must.
So having 10Mb/s connection to a 60 person office isn't that great? Haha, just kidding it is terrible.
This is exactly what we have. We have a fiber connection for $880/month for that 10 Mb. I would consider moving to normal Cable Modem services, but last year they had nearly 3 days out weekday outages (no idea on weekend outages). Now while from a money earned perspective we might have saved money (i.e. the losses from those 3 days vs the cost of the fiber for a year), but from a frustration level of the doctors I'm sure they consider it a worthwhile expense.
Going to 20 megs will be another $200.
I've asked about bringing in a cable modem for additional throughput, we could get something like 75/10 for around $150 a month, but I was denied.
It seems like having a failover line and using a dual-WAN router to increase connection speed would be advantageous to them. Even instead of going to the 2oMb/sec line. And it's cheaper!
-
@thanksajdotcom said:
Yup, and that's really the only reason to kill those. A 10Mb pipe is pretty small for an office if it has more than 5-10 people. If you've got decent bandwidth, I'd prefer just throttling personally, but I can always stream Plex from home to either my PC or my phone if I must.
You can't really compare a home connection to an office. Neither in there need for that much bandwidth nor their actual connections. Business grade connections will generally have much less latency than a home grade connection making the speed faster and the bandwidth appear to be more than it is. You also actually get what you pay for with a business connection with a home connection you just get whatever.
Without much streaming on your network 10MB can easily be fine. I have used 10MB with proper limits through content filters (both on sites and download speeds) and proper QoS for networks with over 300 users plus Guest networks were also also put up at some locations. Business generally do not need near as much bandwitdh as they think they do. Granted this 10MB fiber connection could still cost you $1,800/month +
-
@Carnival-Boy said:
We have 10mb here for around 60 users. I think that's fairly normal in the UK. We pay pretty much exactly the same as you Dash. I don't find it terrible. I will upgrading to 50 or 100mb later this year, which will cost about double but which we will need when we transition from on premise Exchange to O365.
That was common in the US until just about two years ago. 10Mb/s for sixty users isn't crazy here even now, not great, but not odd. We have a customer that was 10Mb/s for eighty five users just last year and while limiting, it was fine.
-
@thanksajdotcom said:
It seems like having a failover line and using a dual-WAN router to increase connection speed would be advantageous to them. Even instead of going to the 2oMb/sec line. And it's cheaper!
Depending on their usage that may not help. Connections can't be split across the the two networks, only new connections can balance between the two. You really have to do an analysts to see if it will even help.
-
@thecreativeone91 said:
You can't really compare a home connection to an office. Neither in there need for that much bandwidth nor their actual connections. Business grade connections will generally have much less latency than a home grade connection making the speed faster and the bandwidth appear to be more than it is. You also actually get what you pay for with a business connection with a home connection you just get whatever.
These days they are normally delivered over the same infrastructure and are very comparable. Home grade has enterprise level latency now and businesses are starting to see home speeds. I don't know any business that gets what I normally got at home in terms of up speed, down speed, reliability or latency. Business class used to often be better, but those days are over now that FioS, Google Fiber, Cablevision and others are available. Generally businesses just buy home connections now too. And the remaining business connections are often things like T lines that are pathetically anemic compared to even the worst home lines.
-
@thecreativeone91 said:
@thanksajdotcom said:
It seems like having a failover line and using a dual-WAN router to increase connection speed would be advantageous to them. Even instead of going to the 2oMb/sec line. And it's cheaper!
Depending on their usage that may not help. Connections can't be split across the the two networks, only new connections can balance between the two. You really have to do an analysts to see if it will even help.
Things like HTTP 1.1 work great over dual lines. Things like HTTPS 2, VPNs and YouTube do not.
-
@scottalanmiller said:
@thecreativeone91 said:
You can't really compare a home connection to an office. Neither in there need for that much bandwidth nor their actual connections. Business grade connections will generally have much less latency than a home grade connection making the speed faster and the bandwidth appear to be more than it is. You also actually get what you pay for with a business connection with a home connection you just get whatever.
These days they are normally delivered over the same infrastructure and are very comparable. Home grade has enterprise level latency now and businesses are starting to see home speeds. I don't know any business that gets what I normally got at home in terms of up speed, down speed, reliability or latency. Business class used to often be better, but those days are over now that FioS, Google Fiber, Cablevision and others are available. Generally businesses just buy home connections now too. And the remaining business connections are often things like T lines that are pathetically anemic compared to even the worst home lines.
We have BDSL here (Business DSL) that is not A-synchronous. It also has a much lower contention ratio at the excahnge and . From 1-to-1 up to 4-to-1. For standard ADSL, you are at the mercy of your provider.
BDSL is more expensive but as @thecreativeone91 stated, you get what you pay for. -
@scottalanmiller said:
And the remaining business connections are often things like T lines that are pathetically anemic compared to even the worst home lines.
FiOs availability nor Google fiber is that great yet. I've always ran over business grade fiber which even at a 10mb connection would kill my 40mb home connection. You also get an SLA which you don't with a home grade connection. The fiber provider has only had one unscheduled outage in the past 5 years. I can't say that for home grade connections.
-
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
-
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
I think the trend anymore is moving toward just blocking pornograpgy/adult content/nudity/sexual education. and then blocking for security reasons if needed (downloads of *.exe's *.bat, *.msi etc) rather than blocking everything. It's always been up to the department heads places I've worked so it varied by departments.
-
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
People have nasty online habits. I'd rather not have to deal with the results.
They aren't mutually exclusive. You need both HR ploicies and a proxy/web filter for any one of them to be effective. -
@nadnerB said:
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
People have nasty online habits. I'd rather not have to deal with the results.
They aren't mutually exclusive. You need both HR ploicies and a proxy/web filter for any one of them to be effective.If you are referring to blocking spyware, malware. Downloads of executable files etc. That's much different than blocking websites. That's just using your UTM/Content Filter as another security/anti-virus layer.
But, I don't think IT should have any say (outside of security) what websites users can go to.
-
@thecreativeone91 said:
But, I don't think IT should have any say (outside of security) what websites users can go to.
100% agree. If IT does any blocking, it should be a clear and concise direction given by HR and only implemented by IT so if there is any question, work around, authorization.... IT should not be involved.
-
@thecreativeone91 said:
@nadnerB said:
@scottalanmiller said:
Just jumping on the thread. Like most things, web filtering has a place and isn't appropriate everywhere. In general, I dislike web filtering and feel that it is often used poorly when something better, like good HR policies, should be used. But there are times it is needed.
People have nasty online habits. I'd rather not have to deal with the results.
They aren't mutually exclusive. You need both HR ploicies and a proxy/web filter for any one of them to be effective.If you are referring to blocking spyware, malware. Downloads of executable files etc. That's much different than blocking websites. That's just using your UTM/Content Filter as another security/anti-virus layer.
But, I don't think IT should have any say (outside of security) what websites users can go to.
Our proxy server does both content and web category blocking. We don't control to the site level unless a manager says "Employees X, Y and Z need to lose their Facebook access".
-
Thank you all for your thoughts on this, given me a bit to chew on.
I especially enjoyed the comparison to manufacturing - given me something to google later