I have a young technician who thinks he’s just the business.
As a rule, I run my office on an honesty policy. That is to say, if I say “Please don’t do”, I expect it not to be done. I’m not a policeman. It’s not my job to run around and check up on people to ensure they have done what I told them.
Unfortunately, for the first time since I started in business at age 19, (that’s 25 years ago) I now have to start enforcing the rules.
I’ve already managed to set our office router so that it assigns a default IP to his MAC address and then sets a queue of “0” if he tries to use DHCP to bypass his network IP - which he’s already tried to do. So he can’t bypass his static IP address that he must use.
Now, unfortunately I need to start blocking traffic.
I need ports 110 and 25 open. I need port 53 open and some sites on port 80 open. All other sites must be blocked.
So far so good. I’ve blocked everything to and from his IP address and opened the TCP or UDP ports as needed, but now my problem starts with “some sites”.
He needs access to our intranet, our twitter feed, our facebook page and his online courseware at MIT. MIT and our intranet aren’t a problem. I know their IP address ranges, but how does one handle a situation like Twitter or Facebook that have hundreds of thousands of IP addresses, where those IP addresses are constantly changing according to the load on their servers?
The reason why I have to do this, is if he’s left along in the office for even five minutes, he’s logging into his online games, putting on a headset that he brings to work and then he can’t hear the phone when it rings, so he’s costing me money and doing damage to my business’ reputation. If I could fire him, I would have done so long ago. Unfortunately, he’s my partner’s son and we all know what parents are like, their children can do no wrong.
Thanks
Eben
