Re: Surfing at Work

From: David Q F (dfosdike_at_elders.com.n!o!s!p!a!m.AU)
Date: 10/02/04


Date: Sat, 2 Oct 2004 10:14:40 +0930

Mark,

Thanks for your comments,

"Mark Landin" <mark.landin@tdwilliamson.com> wrote in message
news:l5bol0h4a1hsmqn1h7g9mooorq0c4deddq@4ax.com...
> On Thu, 30 Sep 2004 10:38:03 +0930, "David Q F"
> <dfosdike@elders.com.n!o!s!p!a!m.AU> wrote:
>
> >"HB2" <bgreer24@comcast.net> wrote in message
> >news:Lll6d.275208$Fg5.251822@attbi_s53...
> >> Sometimes I write e-mails using a web based format (yahoo). When the
> >e-mail
> >> is of a personal issue I use megaproxy because it is SSL. Our PCs at
work
> >> have Windows 2000. Is it safe to assume that my e-mails are kept
private
> >> from my employer since they are sent using SSL? Does Winodws 2000
Server
> >> have monitoring tools built in or would our employer have to purchase
such
> >> monitoring tools seperately?
> >>
> >> Also, its my understanding that using a keyboard log program is
illegal.
> >> Is this correct?
> >>
> >> Thanks
> >>
> >>
> >
> >My $.02 worth. I am in Australia. Our corporate security policy
disallows:
> >- Web based email. Reason: The mail and its attachments do not pass
through
> >our firewall (as email) or antivirus.
>
> You don't have desktop anti-virus protection?

Yes we do.
The main problem here is organisations that have a large number of desktop
clients. A new virus entering from the Internet via email has a window of
opportunity until it's signature is deployed to everyone of them - this can
take days, even weeks. Disallowing web-based email for SMTP blocking every
executable, or anything known to carry an executable including .zips and
'whitelist' what you want to get through also helps - users soon fall into
line.

>
> >- Unauthorised encryption of email including smime and pgp. Reason:
Again
> >the difficulty is with checking content for fraud, theft or malware.
>
> Very valid.
>
> >- Unauthorised inspection of email by IT admins. Reason: Its a people
> >problem and only HR can authorise inspection.
>
> Also very valid. IT should not abuse their authorized access.
>
> >It does allow reasonable personal use of email - this discourages (but
> >doesn't cut out) abuse.
>
> Similar to the phone on your desk.
>
> >One other thought I've had is that the use of Baysean Inference for Spam
> >filtering could be extended for other purposes like automated checking
for
> >commercial espionage, fraud and other abuses without human inspection.
>
> The problem is that a legitimate business email and a illicit one have
> basically the same content. What makes one legit and one illicit is
> mainly the recipient, not what it says. That would be hard to
> automate, I would think.
>
> Likely the best one could do is say "the following emails sent this
> week referenced the Secret Omega Project" and some person would have
> the vet that whole list, checking senders and recipients against a
> known-good-list, for possible improper activity. That would be pretty
> labor-intensive.
>
>

I think you underestimate the power of Bayesean inference. Time will tell -
at present I don't have time to test it.

David