When Internet usage gets in the way of work.

I have a user who is ranked 2nd under the email server for bandwidth used. 3rd, 4th, 5th places are all held by servers. I heard some people complaining today about his lack of productivity. His usage came to my attention when I was sniffing the network for issues related to a virus that was sending out spam.

What would you guys do?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

jamesp1983

RobertKaucher wrote: »

I have a user who is ranked 2nd under the email server for bandwidth used. 3rd, 4th, 5th places are all held by servers. I heard some people complaining today about his lack of productivity. His usage came to my attention when I was sniffing the network for issues related to a virus that was sending out spam.

What would you guys do?

Is he a manager? If not, maybe bring this up to your mgr and see what he thinks.

RobertKaucher

I am fairly certain this will get him fired. This is another thing I should throw in to the conversation.

jamesp1983

RobertKaucher wrote: »

I am fairly certain this will get him fired. This is another thing I should throw in to the conversation.

Well, I guess it all hinges on whether or not you believe in karma

If you're thinking in a purely business mindset, report him.

jamesp1983

Also keep in mind that if something bad comes out of his browsing (file comes over the network and spreads, boss gets angry that no one said anything about the extent of this guys slacking off, etc), it could come back at you.

rsutton

I would probably give him a friendly warning. If it was still a "problem" then I would notify the necessary people so they could deal with it.

networker050184

rsutton wrote: »

I would probably give him a friendly warning. If it was still a "problem" then I would notify the necessary people so they could deal with it.

I would do the same. I'm all about solving things at the lowest level possible. Let him know that people are catching on and that his usage is raising eyebrows. If that doesn't stop him, cover your a$$ and give your boss a heads up.

Claymoore

Do you have an internet usage policy? If you have one, then approach your manager or HR as dictated by the policy. If you don't have one, now is the time to create one. At a previous job the users would sometimes get out of control and we would ask our HR director to send out a reminder email about the acceptable use policy. That usually cleared it up without anybody getting into trouble.

The worst case was a time when I was checking something on one of our firewalls and noticed an extremly large amount of SMTP traffic. I actually thought I was on the wrong firewall since our mail server used a different firewall, but the traffic was coming from a workstation. I brought the issue up with my manager because I believed we had some malware, but that wasn't exactly the case. Fortunately I brought the issue up with my manager before I began the investigation because some of the stuff I uncovered took about a week and several high-level meetings to be resolved. I suggest you speak to your manager first just to cover yourself.

laidbackfreak

If your going to have a word on your own make sure your covered. Does your place have an AU policy in place ? are they aware usage is monitored? etc.

I'm all for giving people a break but dont jeapordise your own position in the process.

dynamik

Yes, go by policy or escalate it to your superiors.

stephens316

I loved doing this in my job of course I had authority to just not cut their internet off but totally disable their domain account which means that person reports directly to me then we get to have a chat about whats going on.

The person was checking their person email on their computer and was outlined in the AU/Security Policy direct violation, I had to power to keep them off the network for as long as I wanted but I put a fix in their hosts file to redirect them to the company website and time they type that url I thought I was clever, I did not have access to block at switch or router level or I would have done that problem solved.

You could also put them in their own vlan and put them down to 10 mbs for the fun of it. Not even have to talk to them til they complain their net is slow and then work around it lol. I am sure there are other things you can do too.

Also from security stand point check for malware/torrents!

RobertKaucher

dynamik wrote: »

Yes, go by policy or escalate it to your superiors.

Well, our usage policy does not require that anyone report issues unless they are in violation of the anti-discrimination/anti-harassment policies.

Our AU policy is a joke. Just three very short paragrphs and it lacks any real details. I'll be making my mind up on this today. We'll see.

Thanks for the input!

Paul Boz

Do not directly contact that employee. That will be over-stepping your boundaries. You should alert your boss to the higher than normal email usage and have him take care of it. Your job is to report issues with the network, and when a user is using more email than the servers which are alive 24/7 that's probably an issue.

RobertKaucher

He's not using more email. It's bandwidth. He's surfing the Internet and playing FaceBook games. But point taken!

Sepiraph

stephens316 wrote: »

The person was checking their person email on their computer and was outlined in the AU/Security Policy direct violation, I had to power to keep them off the network for as long as I wanted but I put a fix in their hosts file to redirect them to the company website and time they type that url I thought I was clever, I did not have access to block at switch or router level or I would have done that problem solved.

Your workplace doesn't allow employee to check personal emails? Are you running a prison or something (esp. since I see the Minor in Criminology in your sig.)

Then again I guess it depends on company policy but personally I'd never work for a company with that type of policy.

stephens316

Sepiraph wrote: »

Your workplace doesn't allow employee to check personal emails? Are you running a prison or something (esp. since I see the Minor in Criminology in your sig.)

Then again I guess it depends on company policy but personally I'd never work for a company with that type of policy.

Youth Boot Camp but its part of the National Guard and the network is DoD. But I would have this in place where ever I work no matter what the last thing I need is for you to download a virus , then watch it get in the network and then get your social security number from the HR system. This just happen to me and about 9,000 other, but there was nothing I could to prevent it , because it happened at the University I attended. but hope this gives you a bigger picture, so the next time you check your mail at work you think of more than just that joke.

As for the problem the fix is to block facebook.com on the DNS / Switch/ Router. Just because you have three lil paragraphs doesn't mean it can't be implied lol.

Claymoore

Sepiraph wrote: »

Your workplace doesn't allow employee to check personal emails? Are you running a prison or something (esp. since I see the Minor in Criminology in your sig.)

Then again I guess it depends on company policy but personally I'd never work for a company with that type of policy.

We blocked everything but RoadRunner so we could test external email when necessary. Personal mail was not subject to the same kind of security and compliance rules that corporate email was required to use so it was a risk for us. When you work in an industry that requires strict compliance for HIPAA or SOX, you can't afford a lawsuit or fine because of personal email.

Most of our high bandwidth users were streaming music from somewhere. We had tons of bandwidth, but the burstable pricing structure had the execs nervous. Not nervous enough to buy a real product like websense, but nervous enough that I had to block some IPs at the firewall.

pwjohnston

If he's not being productive that is his managers responsibility not other employees or yours.

If the proper management of the bandwidth is your responsibility than this is what I would do. I would go to your superior and state that you are having some issues with bandwidth some users are using an excessive amount and it could possibly affect the servers. Then I would ask them if they would like you to investigate the matter further and make a report. I'd be as objective as possible.

Let the managers handle it from there. That is their responsibility.

Then if they don't do anything about it and it actually is an issue that is effecting the network (personally I'm not a fan of restricting user access), than I would **** his speeds down.

RobertKaucher

The issue that brought me to this point was due to a PC where users were allowed to check their private email being infected with a very serious virus, actually it got rooted. I have worked at several other places where you were not allowed to check personal email from company PCs. It's not an uncommon policy.

Sepiraph

stephens316 wrote: »

Youth Boot Camp but its part of the National Guard and the network is DoD. But I would have this in place where ever I work no matter what the last thing I need is for you to download a virus , then watch it get in the network and then get your social security number from the HR system. This just happen to me and about 9,000 other, but there was nothing I could to prevent it , because it happened at the University I attended. but hope this gives you a bigger picture, so the next time you check your mail at work you think of more than just that joke.

As for the problem the fix is to block facebook.com on the DNS / Switch/ Router. Just because you have three lil paragraphs doesn't mean it can't be implied lol.

Actually I was far from joking, if a company is worried about virus/worm there are plenty of ways to prevent it without disabling checking personal email.

p.s. I don't work in the USA so neither HIPAA or SOX applies here.

GT-Rob

If this were me, I would probably send him an email. The problem with "cutting him off", is that unless you policy specifically states it, you could be doing more harm. Perhaps in the few minutes he actually DOES work, its very important work for the company, and cutting him off could get you in more trouble than he could ever be in.

Sure you could also just report him, but thats up to you. It depends on what your work's culture is like. We can't assume that would be out of line. At my last job, I NEVER talked to end users, to the point it was almost not allowed. Here, its fairly interactive with them (although 9/10 they are from IT), and I would have no problem giving them a heads up/warning.

wd40

Sepiraph wrote: »

Your workplace doesn't allow employee to check personal emails? Are you running a prison or something (esp. since I see the Minor in Criminology in your sig.)

Then again I guess it depends on company policy but personally I'd never work for a company with that type of policy.

Our company blocks all free mail providers, and we are big, around 10,000 branches in more than 80 countries.

This is a good thing from IT point of view, if users has access to free e-mail accounts they can download stuff you do not need on your network, more importantly they can take data out of your network and you will not be able to trace it.

apena7

Block all personal email, streaming music & video, and social networking sites and then you'll see your bandwidth usage drop like a rock! I thought that would be standard at most companies.

Super99

the economy is tuff. dont get him busted. maybe pull him aside and tell him to cool it down. maybe that karma will return to you.

ilcram19-2

this type of issue is the network admin fall, the network admin should be able to manage the bandwith as he see fits using QOS, shaping and policing

apena7

Super99 wrote: »

the economy is tuff. dont get his busted. maybe pull him aside and tell him to cool it down. maybe that karma will return to you.

True -- the economy is tough, but that's precisely why that employee should be fired. If that employee cared about his job, he wouldn't be wasting company time and resources to play Internet games. I'd say his job should go to someone who needs it (and who will actually do some work).

RobertKaucher

I did not turn him in. I did a little more digging and found out the bandwidth was due to Pandora. The previous admin granted access through the content filter to visitors via their IP address (in the dynamic range) and forgetting to revoke it after they left. Evidently he ended up with one of the open IPs and was listening to music.

JoJoCal19

RobertKaucher wrote: »

I did not turn him in. I did a little more digging and found out the bandwidth was due to Pandora. The previous admin granted access through the content filter to visitors via their IP address (in the dynamic range) and forgetting to revoke it after they left. Evidently he ended up with one of the open IPs and was listening to music.

Well atleast you didnt have to turn him in. I work for one of the worlds largest banks/wealth mgmt firms and they are pretty lenient with letting us stream Pandora and other internet radio. Of course social networking sites are blocked.

To the posters who posted about personal email being blocked, if you are outside of the U.S. then I understand you not liking this as companies outside of the U.S. are generally not as strict but for any companies that have secur information like banks, investment firms, health care companies, it is almost uniform that personal mail is blocked.

Turgon

RobertKaucher wrote: »

I have a user who is ranked 2nd under the email server for bandwidth used. 3rd, 4th, 5th places are all held by servers. I heard some people complaining today about his lack of productivity. His usage came to my attention when I was sniffing the network for issues related to a virus that was sending out spam.

What would you guys do?

Most likely personal browsing habits have crept into the workplace. Generally when at work stay off the web unless necessary, it's all logged somewhere. Suggest you do what policy dictates. If you are unsure about this talk to your line manager.

Turgon

RobertKaucher wrote: »

I did not turn him in. I did a little more digging and found out the bandwidth was due to Pandora. The previous admin granted access through the content filter to visitors via their IP address (in the dynamic range) and forgetting to revoke it after they left. Evidently he ended up with one of the open IPs and was listening to music.

There we are then. Sounds innocuous. These things can get people into a lot of trouble. Lucky for him you took time out of your busy day there!

dave0212

JoJoCal19 wrote: »

To the posters who posted about personal email being blocked, if you are outside of the U.S. then I understand you not liking this as companies outside of the U.S. are generally not as strict but for any companies that have secur information like banks, investment firms, health care companies, it is almost uniform that personal mail is blocked.

I thought this was standard across all companies as a basic security practice. Every company I have worked for enforces this, they are a little more lenient during lunch hours but no external mail is allowed at any time.