«

No..if inbound 80 is forwarded to a users pc...

Outbound is ok...when using nat, the request has to originate from the
internal network. In this case a user can access the web, but anything
originating from an external source (internet) that tries to connect
via port 80 will fail unless port 80 is forwarded to the users pc...

psg

John Dalberg <2> wrote in
news:760qtd5rw9k8$.19hhvv2pnsb83$.:

> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
>
>> John Dalberg <2> wrote in
>> news:1trrqc7x9r7v5.1mcd6ap9biy36$.:
>>
>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
>>>
>>>> John Dalberg <2> wrote in
>>>> news::
>>>>
>>>>>
>>>>>
>>>>> Are there software for remote control of another computer which
>>>>> work over port 80 because of a firewall?
>>>>>
>>>>
>>>> Yeah, there are Remote Desktop appliactions that will work over
>>>> HTTP. But if you think a FW Admin will not spot that traffic over
>>>> HTTP and know something is up if you're trying to do this from work
>>>> to home, you would be wrong.
>>>
>>> Even if the admin spots the traffic, what will be the issue?
>>>
>>>
>>
>> You are compromising the company's network making contact with your
>> home network that has not been approved and is most likely a non
>> secure situation. That's the issue. The issue is that you don't have
>> the authority to do it or they would have given you that authority to
>> make that contact.
>>
>> What's so important that you would risk the company's security like
>> that and possibly put your job in jeopardy?
>>
>> I have seen employees' severely reprimanded or terminated for such
>> security breaches. As a matter of fact, I have seen people be
>> terminated for a far less security breach on the network than what
>> you want to do.
>>
>> Any FW or Network Security Admin worth his or her beans will spot
>> your traffic as that is their job with you using a company machine
>> and DHCP IP linked to the machine on the company's LAN. They know the
>> LAN IP and the remote WAN IP traffic is going to and coming from by
>> looking at the logs. And they do review those logs on a routine
>> basis.
>
> I don't believe what you're saying is true technically. When you allow
> http traffic on port 80 that's pretty safe under a browser control.
> You're talking as if we are opening a direct link between two
> computers and bad stuff is going to pass freely from the outside to
> the inside, which is not the case. I work for a bank and we allow
> webex sessions from the outside to troubleshoot issues. It's pretty
> safe. You have to go through a third party gateway.
>
> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
> network because it's pure http traffic inside a browser with no
> ActiveX or Java or anything installed in the client. Just mappged
> images that you click on to do stuff on the remote server.
> Technically, in my opinion it's a clever way of doing it with total
> security.
>
>

If it's so safe what you're trying to do, then run it by the FW and
Network Admins and let them give you their opinions instead of you
snaking around and trying doing it.

You are there to work and you're on company time. You are not there to do
what you're trying to do.

You are making contact and it has NOT been approved for you to make this
contact. You are there to work.

At one place I worked, there was this Finance Controller who was making
contact with porn sites on the company machine during lunch hour. They
spotted that traffic and the guy was terminated for it.

Network security install backdoors on company computers and they sit
there and watch workers at those workstations watching every move the
employee makes and I have seen this. Many companies are aware of the mis-
use of the company machine on company time and they are watching.

You have not been given the authorization to do it and they will spot you
and you can count on it.

So, you go right ahead and make that unauthorized contact with your home
network.

You may regret that you did it.

I got rolled on the carpet for doing it and thank God they did terminate
me at the time.

Duane

John,

Nothing is "safe" from a remote source. I also work for a bank and
inbound
traffic is restricted. If we need remote support from a software
manufacturer we use a program that can initate the request. Such as
pcanywhere. We initiate the connection via a dialup host. Any other
time
the modem is switched off.

I would not let this happen in my environment unless it was via a
secure
channel..pix to pix vpn for example. I think FFIEC auditors would say
the
same...

totalrc.net states that they do not use encryption for the
connection...I
wouldnt say it's impossible to cause harm.

John Dalberg <2> wrote in
news:760qtd5rw9k8$.19hhvv2pnsb83$.:

> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
>
>> John Dalberg <2> wrote in
>> news:1trrqc7x9r7v5.1mcd6ap9biy36$.:
>>
>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
>>>
>>>> John Dalberg <2> wrote in
>>>> news::
>>>>
>>>>>
>>>>>
>>>>> Are there software for remote control of another computer which
>>>>> work over port 80 because of a firewall?
>>>>>
>>>>
>>>> Yeah, there are Remote Desktop appliactions that will work over
>>>> HTTP. But if you think a FW Admin will not spot that traffic over
>>>> HTTP and know something is up if you're trying to do this from work
>>>> to home, you would be wrong.
>>>
>>> Even if the admin spots the traffic, what will be the issue?
>>>
>>>
>>
>> You are compromising the company's network making contact with your
>> home network that has not been approved and is most likely a non
>> secure situation. That's the issue. The issue is that you don't have
>> the authority to do it or they would have given you that authority to
>> make that contact.
>>
>> What's so important that you would risk the company's security like
>> that and possibly put your job in jeopardy?
>>
>> I have seen employees' severely reprimanded or terminated for such
>> security breaches. As a matter of fact, I have seen people be
>> terminated for a far less security breach on the network than what
>> you want to do.
>>
>> Any FW or Network Security Admin worth his or her beans will spot
>> your traffic as that is their job with you using a company machine
>> and DHCP IP linked to the machine on the company's LAN. They know the
>> LAN IP and the remote WAN IP traffic is going to and coming from by
>> looking at the logs. And they do review those logs on a routine
>> basis.
>
> I don't believe what you're saying is true technically. When you allow
> http traffic on port 80 that's pretty safe under a browser control.
> You're talking as if we are opening a direct link between two
> computers and bad stuff is going to pass freely from the outside to
> the inside, which is not the case. I work for a bank and we allow
> webex sessions from the outside to troubleshoot issues. It's pretty
> safe. You have to go through a third party gateway.
>
> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
> network because it's pure http traffic inside a browser with no
> ActiveX or Java or anything installed in the client. Just mappged
> images that you click on to do stuff on the remote server.
> Technically, in my opinion it's a clever way of doing it with total
> security.
>
>

A correction

<I got rolled on the carpet for doing it and thank God they didn't
terminate me at the time.>

Duane

On 17 Nov 2005 09:00:58 -0800, chrispsg wrote:

> John,
>
> Nothing is "safe" from a remote source. I also work for a bank and
> inbound
> traffic is restricted. If we need remote support from a software
> manufacturer we use a program that can initate the request. Such as
> pcanywhere. We initiate the connection via a dialup host. Any other
> time
> the modem is switched off.

I am initiating the connection. It's an outbound connection. The software
is not in host mode so it can't accept connections. It's used only when I
am online and at the desk.


>
> totalrc.net states that they do not use encryption for the
> connection...I
> wouldnt say it's impossible to cause harm.

totalrc uses SSL. It's encrypted. Even if it's not using SSL, the
initiating browser doesn't have anything installed in it so it's just html
which means it's safe. The only security problem is someone sniffing the
traffic and figuring out the username and password of the remote system.


--
John Dalberg

On Thu, 17 Nov 2005 20:41:43 GMT, Duane Arnold wrote:

> John Dalberg <2> wrote in
> news:760qtd5rw9k8$.19hhvv2pnsb83$.:
>
>> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
>>
>>> John Dalberg <2> wrote in
>>> news:1trrqc7x9r7v5.1mcd6ap9biy36$.:
>>>
>>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
>>>>
>>>>> John Dalberg <2> wrote in
>>>>> news::
>>>>>
>>>>>>
>>>>>>
>>>>>> Are there software for remote control of another computer which
>>>>>> work over port 80 because of a firewall?
>>>>>>
>>>>>
>>>>> Yeah, there are Remote Desktop appliactions that will work over
>>>>> HTTP. But if you think a FW Admin will not spot that traffic over
>>>>> HTTP and know something is up if you're trying to do this from work
>>>>> to home, you would be wrong.
>>>>
>>>> Even if the admin spots the traffic, what will be the issue?
>>>>
>>>>
>>>
>>> You are compromising the company's network making contact with your
>>> home network that has not been approved and is most likely a non
>>> secure situation. That's the issue. The issue is that you don't have
>>> the authority to do it or they would have given you that authority to
>>> make that contact.
>>>
>>> What's so important that you would risk the company's security like
>>> that and possibly put your job in jeopardy?
>>>
>>> I have seen employees' severely reprimanded or terminated for such
>>> security breaches. As a matter of fact, I have seen people be
>>> terminated for a far less security breach on the network than what
>>> you want to do.
>>>
>>> Any FW or Network Security Admin worth his or her beans will spot
>>> your traffic as that is their job with you using a company machine
>>> and DHCP IP linked to the machine on the company's LAN. They know the
>>> LAN IP and the remote WAN IP traffic is going to and coming from by
>>> looking at the logs. And they do review those logs on a routine
>>> basis.
>>
>> I don't believe what you're saying is true technically. When you allow
>> http traffic on port 80 that's pretty safe under a browser control.
>> You're talking as if we are opening a direct link between two
>> computers and bad stuff is going to pass freely from the outside to
>> the inside, which is not the case. I work for a bank and we allow
>> webex sessions from the outside to troubleshoot issues. It's pretty
>> safe. You have to go through a third party gateway.
>>
>> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
>> network because it's pure http traffic inside a browser with no
>> ActiveX or Java or anything installed in the client. Just mappged
>> images that you click on to do stuff on the remote server.
>> Technically, in my opinion it's a clever way of doing it with total
>> security.
>>
>>
>
> A correction
>
> <I got rolled on the carpet for doing it and thank God they didn't
> terminate me at the time.>

What did you do that made them be able to spot you?


--
John Dalberg

On Thu, 17 Nov 2005 08:57:25 GMT, Duane Arnold wrote:

> John Dalberg <2> wrote in
> news:760qtd5rw9k8$.19hhvv2pnsb83$.:
>
>> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
>>
>>> John Dalberg <2> wrote in
>>> news:1trrqc7x9r7v5.1mcd6ap9biy36$.:
>>>
>>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
>>>>
>>>>> John Dalberg <2> wrote in
>>>>> news::
>>>>>
>>>>>>
>>>>>>
>>>>>> Are there software for remote control of another computer which
>>>>>> work over port 80 because of a firewall?
>>>>>>
>>>>>
>>>>> Yeah, there are Remote Desktop appliactions that will work over
>>>>> HTTP. But if you think a FW Admin will not spot that traffic over
>>>>> HTTP and know something is up if you're trying to do this from work
>>>>> to home, you would be wrong.
>>>>
>>>> Even if the admin spots the traffic, what will be the issue?
>>>>
>>>>
>>>
>>> You are compromising the company's network making contact with your
>>> home network that has not been approved and is most likely a non
>>> secure situation. That's the issue. The issue is that you don't have
>>> the authority to do it or they would have given you that authority to
>>> make that contact.
>>>
>>> What's so important that you would risk the company's security like
>>> that and possibly put your job in jeopardy?
>>>
>>> I have seen employees' severely reprimanded or terminated for such
>>> security breaches. As a matter of fact, I have seen people be
>>> terminated for a far less security breach on the network than what
>>> you want to do.
>>>
>>> Any FW or Network Security Admin worth his or her beans will spot
>>> your traffic as that is their job with you using a company machine
>>> and DHCP IP linked to the machine on the company's LAN. They know the
>>> LAN IP and the remote WAN IP traffic is going to and coming from by
>>> looking at the logs. And they do review those logs on a routine
>>> basis.
>>
>> I don't believe what you're saying is true technically. When you allow
>> http traffic on port 80 that's pretty safe under a browser control.
>> You're talking as if we are opening a direct link between two
>> computers and bad stuff is going to pass freely from the outside to
>> the inside, which is not the case. I work for a bank and we allow
>> webex sessions from the outside to troubleshoot issues. It's pretty
>> safe. You have to go through a third party gateway.
>>
>> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
>> network because it's pure http traffic inside a browser with no
>> ActiveX or Java or anything installed in the client. Just mappged
>> images that you click on to do stuff on the remote server.
>> Technically, in my opinion it's a clever way of doing it with total
>> security.
>>
>>
>
> If it's so safe what you're trying to do, then run it by the FW and
> Network Admins and let them give you their opinions instead of you
> snaking around and trying doing it.
>
> You are there to work and you're on company time. You are not there to do
> what you're trying to do.
>
> You are making contact and it has NOT been approved for you to make this
> contact. You are there to work.
>
> At one place I worked, there was this Finance Controller who was making
> contact with porn sites on the company machine during lunch hour. They
> spotted that traffic and the guy was terminated for it.
>
> Network security install backdoors on company computers and they sit
> there and watch workers at those workstations watching every move the
> employee makes and I have seen this. Many companies are aware of the mis-
> use of the company machine on company time and they are watching.
>
> You have not been given the authorization to do it and they will spot you
> and you can count on it.
>
> So, you go right ahead and make that unauthorized contact with your home
> network.
>
> You may regret that you did it.
>
> I got rolled on the carpet for doing it and thank God they did terminate
> me at the time.

Because some FW admins are paraoid or retarded. If if they don't understand
what I am trying to do, they will say NO without giving a convincing reason
just to end the discussion becaause they're not sure what might happen and
they want to jsut be safe.

I have worked for many companies and used opened ports to connect to
outside servers. Nothing happened. Firewall admins are busy trying to
protect computers from outside attacks. Not from inside to the outside. You
don't get viruses, worms or whatever by using a remote control software
like pcanywhere.

As for porn sites, it's easy to spot these using content filtering software
and hardware. It's stupid to go to 'illegal' sites at work because these
domain names/ip addresses are on blacklists.

You're reading from the employee manual. I am aware of the risks and the
mumbo jumbo and that's not the point of my post. I am looking for some
software.


--
John Dalberg

John Dalberg <2> wrote in news:1cmfdlfl2zv9g
$.:

> On Thu, 17 Nov 2005 20:41:43 GMT, Duane Arnold wrote:
>
>> John Dalberg <2> wrote in
>> news:760qtd5rw9k8$.19hhvv2pnsb83$.:
>>
>>> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
>>>
>>>> John Dalberg <2> wrote in
>>>> news:1trrqc7x9r7v5.1mcd6ap9biy36$.:
>>>>
>>>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
>>>>>
>>>>>> John Dalberg <2> wrote in
>>>>>> news::
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Are there software for remote control of another computer which
>>>>>>> work over port 80 because of a firewall?
>>>>>>>
>>>>>>
>>>>>> Yeah, there are Remote Desktop appliactions that will work over
>>>>>> HTTP. But if you think a FW Admin will not spot that traffic over
>>>>>> HTTP and know something is up if you're trying to do this from work
>>>>>> to home, you would be wrong.
>>>>>
>>>>> Even if the admin spots the traffic, what will be the issue?
>>>>>
>>>>>
>>>>
>>>> You are compromising the company's network making contact with your
>>>> home network that has not been approved and is most likely a non
>>>> secure situation. That's the issue. The issue is that you don't have
>>>> the authority to do it or they would have given you that authority to
>>>> make that contact.
>>>>
>>>> What's so important that you would risk the company's security like
>>>> that and possibly put your job in jeopardy?
>>>>
>>>> I have seen employees' severely reprimanded or terminated for such
>>>> security breaches. As a matter of fact, I have seen people be
>>>> terminated for a far less security breach on the network than what
>>>> you want to do.
>>>>
>>>> Any FW or Network Security Admin worth his or her beans will spot
>>>> your traffic as that is their job with you using a company machine
>>>> and DHCP IP linked to the machine on the company's LAN. They know the
>>>> LAN IP and the remote WAN IP traffic is going to and coming from by
>>>> looking at the logs. And they do review those logs on a routine
>>>> basis.
>>>
>>> I don't believe what you're saying is true technically. When you allow
>>> http traffic on port 80 that's pretty safe under a browser control.
>>> You're talking as if we are opening a direct link between two
>>> computers and bad stuff is going to pass freely from the outside to
>>> the inside, which is not the case. I work for a bank and we allow
>>> webex sessions from the outside to troubleshoot issues. It's pretty
>>> safe. You have to go through a third party gateway.
>>>
>>> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the internal
>>> network because it's pure http traffic inside a browser with no
>>> ActiveX or Java or anything installed in the client. Just mappged
>>> images that you click on to do stuff on the remote server.
>>> Technically, in my opinion it's a clever way of doing it with total
>>> security.
>>>
>>>
>>
>> A correction
>>
>> <I got rolled on the carpet for doing it and thank God they didn't
>> terminate me at the time.>
>
> What did you do that made them be able to spot you?
>
>

What part of this don't you understand?

Any inbound or outbound traffic to/from the company network on any TCP or
UDP port is being logged by the company's FW. You cannot disguise that
traffic. The log shows the remote WAN IP and LAN IP for to/from traffic,
along with date and time of the connections. These logs are kept on a daily
basis for month's worth of data. They can run reports against that log data
and produce a report or reports showing what kind of traffic activity by IP
(s) and cross correlate data to determine suspicious activity.

I had permission to use the remote desktop application to connect to any
company machine around the world to diagnose application problems on the
applications I supported. What I didn't have permission to do was connect
to my home network and they spotted that traffic. They set FW rules to
block any inbound or outbound traffic with my ISP's domain on any port and
that killed my activities and then I was rolled on the carpet.

You think that they cannot stop inbound or outbound traffic to your ISP's
domain. You think that they cannot determine that traffic is going to an
ISP's domain from a company machine that has a company DHCP IP assigned to
it and track it back to you. You would be wrong. You can use port 80 all
you want. But it's their job to track traffic to and from the company's
network and protect the company's interest whether that be someone trying
to hack the network or mis-use a company machine, on the company network
and accessing the Internet.

And on top of that, you're trying to do this on a financial institution's
network. You're asking for trouble.

Duane

John Dalberg <2> wrote in
news:nadav4ztk7zw.1ju7nakq61sij$.:

> On Thu, 17 Nov 2005 08:57:25 GMT, Duane Arnold wrote:
>
>> John Dalberg <2> wrote in
>> news:760qtd5rw9k8$.19hhvv2pnsb83$.:
>>
>>> On Wed, 16 Nov 2005 06:30:36 GMT, Duane Arnold wrote:
>>>
>>>> John Dalberg <2> wrote in
>>>> news:1trrqc7x9r7v5.1mcd6ap9biy36$.:
>>>>
>>>>> On Tue, 15 Nov 2005 07:11:43 GMT, Duane Arnold wrote:
>>>>>
>>>>>> John Dalberg <2> wrote in
>>>>>> news::
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Are there software for remote control of another computer which
>>>>>>> work over port 80 because of a firewall?
>>>>>>>
>>>>>>
>>>>>> Yeah, there are Remote Desktop appliactions that will work over
>>>>>> HTTP. But if you think a FW Admin will not spot that traffic over
>>>>>> HTTP and know something is up if you're trying to do this from
>>>>>> work to home, you would be wrong.
>>>>>
>>>>> Even if the admin spots the traffic, what will be the issue?
>>>>>
>>>>>
>>>>
>>>> You are compromising the company's network making contact with your
>>>> home network that has not been approved and is most likely a non
>>>> secure situation. That's the issue. The issue is that you don't
>>>> have the authority to do it or they would have given you that
>>>> authority to make that contact.
>>>>
>>>> What's so important that you would risk the company's security like
>>>> that and possibly put your job in jeopardy?
>>>>
>>>> I have seen employees' severely reprimanded or terminated for such
>>>> security breaches. As a matter of fact, I have seen people be
>>>> terminated for a far less security breach on the network than what
>>>> you want to do.
>>>>
>>>> Any FW or Network Security Admin worth his or her beans will spot
>>>> your traffic as that is their job with you using a company machine
>>>> and DHCP IP linked to the machine on the company's LAN. They know
>>>> the LAN IP and the remote WAN IP traffic is going to and coming
>>>> from by looking at the logs. And they do review those logs on a
>>>> routine basis.
>>>
>>> I don't believe what you're saying is true technically. When you
>>> allow http traffic on port 80 that's pretty safe under a browser
>>> control. You're talking as if we are opening a direct link between
>>> two computers and bad stuff is going to pass freely from the outside
>>> to the inside, which is not the case. I work for a bank and we allow
>>> webex sessions from the outside to troubleshoot issues. It's pretty
>>> safe. You have to go through a third party gateway.
>>>
>>> Check out totalrc.net. It's IMPOSSIBLE to do any harm to the
>>> internal network because it's pure http traffic inside a browser
>>> with no ActiveX or Java or anything installed in the client. Just
>>> mappged images that you click on to do stuff on the remote server.
>>> Technically, in my opinion it's a clever way of doing it with total
>>> security.
>>>
>>>
>>
>> If it's so safe what you're trying to do, then run it by the FW and
>> Network Admins and let them give you their opinions instead of you
>> snaking around and trying doing it.
>>
>> You are there to work and you're on company time. You are not there
>> to do what you're trying to do.
>>
>> You are making contact and it has NOT been approved for you to make
>> this contact. You are there to work.
>>
>> At one place I worked, there was this Finance Controller who was
>> making contact with porn sites on the company machine during lunch
>> hour. They spotted that traffic and the guy was terminated for it.
>>
>> Network security install backdoors on company computers and they sit
>> there and watch workers at those workstations watching every move the
>> employee makes and I have seen this. Many companies are aware of the
>> mis- use of the company machine on company time and they are
>> watching.
>>
>> You have not been given the authorization to do it and they will spot
>> you and you can count on it.
>>
>> So, you go right ahead and make that unauthorized contact with your
>> home network.
>>
>> You may regret that you did it.
>>
>> I got rolled on the carpet for doing it and thank God they did
>> terminate me at the time.
>
> Because some FW admins are paraoid or retarded. If if they don't
> understand what I am trying to do, they will say NO without giving a
> convincing reason just to end the discussion becaause they're not sure
> what might happen and they want to jsut be safe.


They are doing the job the company has hired them to do, which is to
protect the company's intrest.

Not under any circumstances should you be trying to make contact with
your home network unless you have a valid reason to be doing so on the
behalf of the company.

If you don't have that valid reason and you don't have that permission to
do so and you do it, you're in the wrong if you are caught.

It's as simple as that and it is grounds to be severely reprimanded or
terminated.

You are trying to do something that you're not supposed to be doing and
you're using the company's equipment, time the company is paying for you
to be doing your job and not mis-use the company.

Companies frown on employees that buck the system or mis-use the company
and they can and will take care of the situation by any means necessary.

All you have to do is get in that bad light and see what happens to you.

Whatelse can I say? It's your situation and not mine and you do what you
feel is best for you to do.

Duane

> I have worked for many companies and used opened ports to connect to
> outside servers. Nothing happened. Firewall admins are busy trying to
> protect computers from outside attacks.

They are not trying to protect computers. They are protecting the
company's network and the company's interest it is an Internet/Network FW
they are working with and not some personal FW on a machine protecting a
machine.

And people are not as stupid as you make them out to be.

And I have worked for many companies as well.
..

> Not from inside to the
> outside. You don't get viruses, worms or whatever by using a remote
> control software like pcanywhere.

The last time I looked and used pcanywhere, it has a feature to xfer
files from the host to the client and client to host and I have used it
to xfer all kinds of files such a program executables that could be
infected on one machine and xfered them to another machine. So what
you're saying above, I am not buying it. As there is nothing to stop one
from xfering files if one chooses to do so infected or not infected.

Companies are more easily attacked by employees behind the FW than can
ever be done from some outside intruder. They are already *behind* the
FW.

FW and Network admins are becoming more and more aware of what's happing
behind the FW.
>
> As for porn sites, it's easy to spot these using content filtering
> software and hardware. It's stupid to go to 'illegal' sites at work
> because these domain names/ip addresses are on blacklists.

The same thing can be applied to ISP's as well. I got a WatchGuard at
home and know all about that. And as far as I am concerned, your point is
moot.

>
> You're reading from the employee manual. I am aware of the risks and
> the mumbo jumbo and that's not the point of my post. I am looking for
> some software.

No I am using common sense and have seen what happens to employees that
think they can buck the system and do what they want and not think that
something cannot happen to them or they cannot be caught.

If you're looking for this software, then drop a post in a FW and
Security NG maybe they can advise you.

Duane