We are beginning to have more and more of a problem with “improper” use of the internet. Although we expect some personal use - periodic checking of personal email, for example. But sometimes there is less business use of the internet happening and less productivity that has been getting noticed. We have been told that putting a proxy in place can help with this. Will a firewall be able to do this instead? Would appreciate some suggestions on how to deal with this. - via the internet
The first thing you should do is set up a meeting with HR and your lawyer or legal department. Policies need to be established as to what is and what is not acceptable use of the internet by employees. If you are going to allow personal use, it should be clearly spelled out what is allowed and when it can be done. You will need to make sure that all employees are aware of this policy and that they are reminded of this policy on a regular basis. There will need to be periodic reviews of your policies on this matter to make sure that they are fair and consistent.
As for the technology, there is no clear cut answer to your question. You’ll need to do a lot of research and careful evaluations to find the product that best suits your requirements and network.
Even if your firewall can block access to specific sites, you should probably still look at proxies - both hardware - and software-based. You will probably find some open-source candidates. Look closely at each one of them and ask: How easy is it to setup and administer? Is there more than one service in place that categorises the websites to make them easier to control access to, how often are the updates released and what is the cost? How does each product relate to the others that you are considering?
An important feature to consider is how to track what employees are doing. If you elect for transparent proxy operation, can internet use be tracked to a particular employee? Is a special client required to be installed for the access to be controlled? If you have different operating systems running in your environment, does anything special have to be done to get them to work with this proxy? To keep an individual from creating user IDs on the proxy system, can it be linked to Active Directory or some other directory service that can service all of the different OSes that you have on the network?