User insists on accessing AOL...help please

[Virago]

I am netadmin/helpdesk/comp-gofer for a smallish corp. Recently the corp reorganized and brought in some "consultants" who are not very bright (but that's another post entirely).

My problem is this: one of the consultants uses AOL at home, and insists on having free access to AOL from within my corporate network. I see this as a grave breach of security and have refused until now to open the firewall to allow him access.

However, he doesn't understand the security risk despite my many explanations of why/how it is a risk. I've also given him reams of paperwork on the subject which very clearly states the problems with allowing AIM and AOL access from within a corporate network.

He's throwing his weight around, and I am 98% certain that the powers-that-be are simply going to tell me that I have to allow him the access. Since my department consists entirely of myself with nobody else in the corporation who understands anything about networking, security, firewalls, etc I'm in a bad situation.

Is there any way from within AOL to set it to forward email? I have no idea since I wouldn't touch AOL with someone else's 10-ft pole. Is there any way that I can set my Exchange server to go out and retrieve his AOL email for him? I'd much rather have it pass through my protected server than have him with an open connection to the outside world.

There's no hope in going to my boss; he is a clueless wonder in relation to computers -- took him 10 months after he started working here to wander into my office and ask me "What exactly do you do here?" He always sides against me in decisions because doesn't know dick about my job...

[MacGyver]

Give the guy his own dedicated phone line and let him connect to AOL via modem that way. Then make sure the account that he uses to sign in to your corporate network is locked down nice and tight to make sure AOL isn't going to contaminate your network. AOL is designed for home use, it is not designed for use in a corporate network environment and this compromise gives the best solution. Then if he has problems with AOL, he can call them for support instead of you!

[Virago]

Even with a dialup, won't that still put my network at risk? He'll be able to bring in unscanned email, and he'll certainly be dialing in to them while he has an active network connection. Perhaps ZoneAlarm on his system as well?

[Gollo]

HA HA HA HA HA HA HA a "profesional consultant" that uses AOL Isn't that like an oxymoron?

Why doesn't he just use the aol webmail feature? Just my 0.02

[EvilCabbage]

I wouldnt put much faith in Zonealarm. I think of it, much like the software equivelant of laying a ring of salt around your computer, to protect it from evil. ie: its a heap of mumbo jumbo crap.

Anyway, back to the main issue at hand:

If this was me (unfortunate that it isnt) there would be no way in hell, that this would happen. No chance, no way, no how. He wants to acess his AOL mail? Fine. He can do that at home, in his own friggin time. Set him up with an Exchange account, and get *him* to call AOL support to setup some sort of mail forwarding.

My $0.2c

[Gollo]

[quote]Originally posted by EvilCabbage:
<strong>

My $0.2c</strong><hr></blockquote>

Ok I think you'd better listen to EC because he is giving his 20cents compared to my measly 2 cents.

[storm]

just have him use the 'myaol' link off of aol.com. he'll be able to see his e-mail etc. through aol's web interface. this way you won't have to load software or punch a hole in the firewall.

[Virago]

EvilCabbage, I wish I was in your situation. The problem with my job is that I'm the only one employed by the corp that has any knowledge about computers, networks, security, etc.

They constantly tie my hands in regard to security; hell, they don't even have an Acceptable Use Policy for god's sake. They don't fire people who abuse their internet access. They don't restrict email use. They won't pay for software upgrades, so I'm stuck supporting 30 different applications that vary in age from 2 to 9 years old (yes, the entire accounting dept runs on a database that was written in 1993).

It's like beating my head against a brick wall. I'd have moved to another job long ago, but the job market in this area is highly depressed for IT people.

Not only that, but the person who is my boss -- the person that has to "approve" everything I do knows jack**** about computers. For god's sake, he doesn't even understand the difference between a local and a network drive.

Sorry, I'm venting...my bad. I guess I'll suggest the myaol thing (which I didn't even know existed because I stay as far away from AOHell as I can).

Thanks all.

[Deity]

I feel your pain. I have a couple of users, who are unfortuanately my bosses, who insist on being able to access their AOL accounts from the corporate network. They do just as storm suggested. They access their AOL email through our internet connection just using the IE browser and myAOL. I've yet to see any problems, but it does create a problem with possible viruses. I just have to watch those systems a little closer.

[EvilCabbage]

Virago :

If you would like a copy of an acceptable usage policy, (we've got a lot of this stuff) I would be more than happy to email you one of ours, so you can pour over it, or show it around to show how it can be implemented. It may not help right now, but they are an excellent thing to have, and if you modify it a little, perhaps it will show management how serious you are about these things

Drop me an email at :

[email protected]

if you would like a copy of some guidelines to work from.

Cheerio

[Ahcoraj]

Do you have any monitoring ability? if so give him the access and track his every move....He sounds to me like a typical aol idiot who can't function without his training Wheels........Gollo's right on the mail access, It works fine..Make sure your bosses know that, and that the rest of the content on aol can be found elsewhere also. The cynic in me says he wants aol specifically for non business related purposes.

[Virago]

Well, of course he wants it for non-business purposes. I provide every employee at this corporation with an email address. If it were business, he should logically have it sent to his business email address, correct?

What I'm pretty sure is that he is running some sort of business on the side, and that he has all that email sent to his AOL address. So basically he's working his second job while on the corporate payroll.

Oh, by the way, I got "written up" for being "uncooperative" in regards to this matter. Apparently they really don't give a sh*t about security here.

If anyone has any employment opportunity in the Kansas City area, I'll take just about anything now. I'm desperate to relieve myself of this position.

[Ahcoraj]

I'm sorry man, I don't blame you for wanting to bail from that situation. If someting happend tomorrow i bet theyd blame you even though you were trying to steer them in the right direction all along.......

[Ya_know]

[quote]Originally posted by Virago:
<strong>...Oh, by the way, I got "written up" for being "uncooperative" in regards to this matter. Apparently they really don't give a sh*t about security here...</strong><hr></blockquote>

Written up!?! Dude, you have to learn how to pick your battles. You saw this coming…I am quite sure that there was little surprise for you. For the rest of us, it seems unreasonable that you are subject to the torment you have described, but at least you have a paycheck.

Your first mistake was not recognizing that Everyone here hates AOL. Taking advise from a group of people compelled to offer only one perspective is bad judgment on your part. What you should have been doing was calling AOL and asked for advice from a senior network admin, not the chumps in the call center. Then take what you learn from them, and here, and formulate a responsible decision; in many cases, you still have to, “Satisfy the customer with what ever it takes to make them happy”.

Many places, even large corporations operate with AOL on the desktop with little or no security problems. Take Time Warner Cable: every desktop they have uses AOL for email. They don’t have a single Exchange server since the AOL giant acquired them. Sure there is the occasional virus, but if your PC’s and file servers are as well protected as they should be, there should not be an issue.

For the record, I dislike AOL. I think the best solution offered here was the web mail option. In essence, that is all that the AOL client offers, but with some various fun stuff users can touch and feel. All of the saved mail (minus downloads) resides on the AOL servers, so he would have been able to do everything from there. My guess is that you put up a struggle the whole way, and only latter offered the idea. At that point it was too late to deceive anyone that you really are trying to help. It also seems that he had a bit more clout that you did…in you own company. That sucks, but that is politics.

Consider this a learning lesson in management. Never lock horns with an idea, employee or contractor, just because you don’t like something. If the people in charge put money into this contractor’s pocket, and allow him to conduct personal business on their time, it is not your place to intercede! That is the bottom line.

[Gollo]

[quote]Originally posted by Ya_know:
<strong>
“Satisfy the customer with what ever it takes to make them happy”.

</strong><hr></blockquote>

That's just it this guy isn't a customer. He's an employee.