Okay.

I just had dinner & chat with my parents. My mom has an issue at work with an employee - she is supposed to apply some discipline to this employee (a suspension) because of certain 'material' found on this person's PC. This person had asked the IT dept. to look into a problem with numerous pop-ups and when they examined the HD contents they found 'materials' on the disk that are , obviously, against policy. I do not know the nature of the material or whether IT dept. have additional traffic based evidence. According to my mom, this employee is outstanding in other respects, and is due to be promoted.

(so I assume it's some kind of porn - my Mom, bless her wont tell)...

I have the following questions & I hope there's someone out there with real xperience with this field...

1. Should this person be confronted on the evidence found on the disk alone, warned, and suspended..?

2. Should this person NOT be warned, but be 'watched'; Change thier ip address and examin traffic to determine what they are doing on the net, and thereby that the material was indeed theirs?

3. Should they be warned AND watched?

4. Assuming this person isn'tt doing anything strictly illegal, and is an outstanding employee in other respects, should NOTHING be done?

I counseled my Mom that any proper IT department would have the capability to look at a given workstation (ip or mac address) and intercept all of the traffic to determine, absolutely what they are doing, looking at, etc.; and thereby build irrefutable evidence. Is this right? How would it be done - ie. would a network proxy have this capability..?

Also, I understand that someones computer could be hacked and zombied, and that a 3rd party could be using that particular computer to do bad things. Could this scenario be detected?? Do hacker's typically do this type of thing?

Last questions: Some of you are network admins.

What types of things do you do to enforce corporate policies regarding internet usage?

What kind of software can be used to track individual users..?

What would you do if this person were your friend?

What if they were your boss?

For any of you with LOTS of experience: What does a typical medium/large corporation put in place for these purposes in this day and age..?


Any input appreciated..!
Thx.
Danimalz

Since the corporate policy is already in place, it should be implemeted. If the policy is sound, i'm sure there will be heirachical diciplinary action.

re: monitoring the network traffic of individual users, that will be dubious and costly. However, should this be implmented, the company should also explicitly inform all its employees that they are being monitored. This should be done to due to privacy issues.

In the IT point of view... its easier to block/limit user activities, rather than provide them easy access to various services and then reprimand/discipline them afterwards.

Re the disciplinary action of the said employee, the severity of the offense will largely be discretionary to the management. Depending on the company's mission. Some gives values to moral responsibility others gives weight to productivity loss/gain in terms of money. But again a sound policy would only give reprimand on first offenders especially for non-serious offence.

re internet usage: the most popular would access control and filtering.

Thanks, that's helpful..!