RE: [squid-users] logging question

From: Robert Adkins <raa@dont-contact.us>
Date: Wed, 4 Sep 2002 16:05:00 -0400

Maxwell,

        That particular battle is still being fought in the courts. Depending
upon the judge overseeing such a case, that has gone both ways in the US.
I haven't any direct cases in front of me, but I have read about cases
going both ways, even with the existence of restrictive corporate
policies.

        However, if your employers are simply interested in cutting off access
to certain sites, there are many methods to do so without compromising
access to the rest of the internet.

        For instance, I am using a porn filter ACL within squid that I have had
to add a number of sites and word combinations to. This has quickly and
summarily ended improper use of the internet within this company.

        There exists a second filter that allows access to certain websites,
that while they contain some word/word groupings you would find in a porn
site, they are far from a porn site. Sites like www.essex.com, which is
"The Best Small Town in America", it just happens to have "sex" within
its name.

        Your best bet would be to simply block the sites that the upper
management deems as unnecessary for employees to access. That will save
you considerable time, potential legal hassles and should appease
everyone.

        When I started my position here, I was told that porn sites were
verbally forbidden, but still accessible. So, I technically forbade
access to those sites.

        If you, or those employees, are unable to justify a legitimate business
reason to access those forbidden web-sites, without sneaking around and
logging all activity done on those sites. You really should simply block
those sites.

        Once again, I would recommend speaking with your legal department or
lawyer as you have no idea what information you could obtain within any
log that you create or figure out how to create. The fact that you could
accidentally create a log of employee banking records (usernames and
passwords), which could potentially fall into the hands of unscrupulous
individuals simply demands that you bring that information to the
attention of the people that requested you to create such a log.

Regards,
Robert Adkins
IT Manager/Buyer
IMPEL Industries, Inc.

 -----Original Message-----
From: maxwell [mailto:maxwell@mindscrape.com]
Sent: Wednesday, September 04, 2002 2:44 PM
To: Robert Adkins
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] logging question

   

Robert,

   In the United States employees have no legal expectation of privacy
using computers and access owned by their employers. In fact, most
corporations have strict policies forbidding any sort of personal use of
these resources in order to prevent any sort of liability or criminal
activity. The reason for my question quite simply, is that we do have
the aforementioned policy, and violating it is a terminating offense. We
also have several employees who are repeatedly accessing websites
expressly forbidden by both name and ip address. As we cannot, for
business reasons, simply block access to the entire Internet, my
employers
wish to see what these employees are doing on these websites. If I
cannot
prove they have legitimate reason to be there, they will summarily
terminated, and legal action may be pursued. It may be unfair and it may
be harsh, but these are the conditions I am forced to deal with. If I
can't log the material, and demonstrate it's validity in private, then
these people will be fired.

    If I must, I will resort to packet sniffing in order to save these
people's jobs. Logging it through the proxy however, with a nicely
organized trail of accesses would, as you might imagine, save me quite a
lot of time and effort in doing so.

On Wed, 4 Sep 2002, Robert Adkins wrote:

> Maxwell,
>
> Most of those forms are encrypted and I believe that this encrypted
data
> is never cached/logged.
>
> There is another issue that you will need to go over with your legal
> department/lawyer and your Human Resources department, if you choose to
> attempt this. To do this is quite an unethical act and probably highly
> illegal.
>
> First off, this could create a listing of the proxy server users
Social
> Security Numbers (If in the US.) if they were to be applying for a loan
> during lunch. This could also create a listing of their usernames and
> passwords for accessing their personal bank accounts or any other
> web-site that they may visit.
>
> Unless I am mistaken, what you are suggesting will break quite a
number
> of privacy laws, at least within the US and could get you into serious
> trouble with the law. I believe that you could end up facing Federal
> Charges, if you are in the United States.
>
> If this is something that was suggested to you by your employer, then
> you may wish to bring this to their attention and have them discuss
this
> with their lawyer before moving forward with this unethical, immoral
> task.
>
> The last thing that you would need to consider, is what happens if you
> create this list and someone hacks your site? All of this information
> could end up in the hands of other highly unethical people and that
> information could then be used to seriously damage the financial
> livelihood of the people that you "innocently" collected information
> from.
>
> Regards,
> Robert Adkins
> IT Manager/Buyer
> IMPEL Industries, Inc.
> Office: 586-254-5800
>
> -----Original Message-----
> From: maxwell [mailto:maxwell@mindscrape.com]
> Sent: Wednesday, September 04, 2002 12:11 PM
> To: mailinglistsquid-users@squid-cache.org;
squid-users@squid-cache.org;
> Robert Adkins
> Subject: [squid-users] logging question
>
>
>
>
> Is it possible to configure squid to log the full contents of all
> form
> submissions a user makes? I.E. all get/post/etc requests?
>
>
>
Received on Wed Sep 04 2002 - 14:08:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:05 MST