Wrong, it's already been done many times and already passed through the courts and local benefits office and upheld.
All you have to do is show that someone is using the network for non- company related actions/reasons, that it's clearly against the company policy, and they can be fired on the spot - even without a warning.
And again, you're missing the point - it's already been done, proven, and upheld.
What was does not always remain - much like what you were taught about Networking.
Oh, and if they are not visiting partner sites, and you show the logs with IP of destination and time spent, it doesn't really matter WHAT they were doing or WHAT they were viewing.
:> All you have to do is show that someone is using the network for non- :> company related actions/reasons, that it's clearly against the company :> policy, and they can be fired on the spot - even without a warning.
:But you have to have the actual content of what they viewed or :downloaded, in order to show they used the network for non :business reasons. If you dont have the actual content, you had :better tread lightly on it. That is what I was taught in business :law class once.
The effective rules in the US have changed through various court rulings since your classes. What is needed now for non-government situations is evidence that a written policy existed, evidence that they were directed to read the policy and agree to it, and evidence that they contravened the policy. The actual content is not important if you have (say) firewall logs showing that they went to sites that were against policy, or that they emailed their spouse when personal email is prohibitted.
The reason for the emphasis on content is now not the content itself but rather to directly tie the content to the computer, and then the usage to that one person -- but any sufficiently robust method of tying firewall logs to individuals would be accepted. One of the reasons for mandatory password changes is to reduce the strength of the argument that "someone must have stolen my password!"
In article , Owl Jolsen wrote: : Also, as far as anything going on in Europe, partcularly the :29th March solar eclipse in Africa goes, a lot of cell phones in :Europe now have high-speed internet access built-in. Someone who :REALLY wanted to sneak on from work could unplug from the company :LAN, and plug their office PC into their cell phone,
I know within minutes when someone unplugs from our company LAN. I could know within seconds if I wanted to bother.
:and sign on that :way. short of using an illegal cell phone jammer, there is no POSSIBLE :way they could detect or stop THAT, because all the traffic would :be going through their cellular provider, and nothing would show up :in the company logs.
"Illegal" cell phone jammer?? If I thought I had a good reason to put in a cell phone jammer, our national police force would be the ones who would come and install it for us!
"Leythos" wrote in message news:wsC2f.31126$ snipped-for-privacy@tornado.ohiordc.rr.com...
However, local adminstrator access inside the PC can be hacked. There are hacking tools out there that will let you get local administrator access to the PC, without compromising the company network. You just disconnect from the network, before hacking your way into local adminstrator access. There are enough security holes in Windows that any NT, XP, 2000, 2003, or Vista box could be hacked to allow you local administrator access without compromising the network or leaving any telltale entries in the logs. As long as you are not connected to the network when you break into local administrator access on the PC, they will never know, a standalone XP machine does not keep any logs, so there is no POSSIBLE way for them to know you have broken into administrator access on the local machine, as long as you are not plugged into the network when you do it. And before anyone says "keylogger", there are programs that can hunt down and destroy any keylogging software installed on your PC, and once you have hacked into administrator acceess on the local PC, you can run one of these programs and destroy the keyloging software. You are talking about stuff that is our BREAD AND BUTTER. And we stand to make even more money from subscription video for various sporting events worldwide. Unfortunately, we will not be able to do Olympics until AT LEAST 2012, becuase the American NBC network stubbournly refuses to carry the Olympics in the USA, if any Internet outlet is allowed to carry audio or video over the internet of the event. NBC bascially has the IOC over a barrell over this one until the current contract expires after the 2010 Olympics. We will, however, still provide IRC-based live commentary from the Games. That is still allowed. Certain figure skating rivalries are also generating interest in IRC-based coverage, and video coverage (if we should be allowed to do it). The next rivalry matchup expected to bring interest will be between Michelle Kwan and Irina Slutskaya, at a competition in Korea in November. The schedule for the ladies short, as of right now, puts the ladies short at 7:30PM Korea time on Thursday,
3 November, that will make it during the working hours in Russia. There is a lot of interest from users in Irina's native Russia. It will be the DAY FROM HELL for Russian IT admins, if we get to transmit live video from Pyongyang. For that, we have to clear it with the POlitical Security Beareau (North Korea's national police agency), and we are in negotiations now to be able to transmit video from Pyongyang. Russian IT admins will be going NUTS trying to stop our service, and not making any headway. I will not say WHICH one, but there is one skater in Russia, who works in Novosibirsk, when not competing or practicing. I have chatted with her, and she bounces off open relays all over the world, so she can sneak on to the IRC chat room we use for covering events, without her employer in Novosbirsk knowing about it. Her Russian employers know that she is going to strange addresses on several cable modem/DSL providers around the globe. She is always coming in on addresses on Ct-Inets in China, Comcast and Qwest in the USA, and Rogers in Canada. Do these afforemtioned companies even CARE about people runnign open proxies on their networks? There are sure a lot of open proxies on these networks. Anyway, since the logs only show that she went to cable/DSL modems on these networks, they are clueless of what she is up to.
You write acceptable use, password policy, and maintenance of password security into the same policy. They you tie that into the progressive discipline policy like any other workplace guidelines. Publicize it and train on it, and keep records. Employees don't have to agree to it, you only have to prove they understand it. That may require testing in the case of employees that are not easy to train.
If your policy says certain types of sites or certain types of activities are offside, you don't have to have the contents, only proof that whatever they were doing is offside. So, you don't have to capture the streaming media if you have classified it all as offside, as an example, just show that it was streaming media. You don't have to download all the picturs from the p*rn site, just show that it's a p*rn site and that they accessed it.
An easy method is to use a content filtering system on your gateway firewall that only allows access to sites that meet company guidelines, and un-rated sites are blocked. This way, distributed port 80 connections will be blocked. Encrypted or not, if they're not going to an approved destination, they will be stopped. This can be pitched to employees as a favor to them, to prevent them from unwittingly going offside of company policy by enforcing it at the firewall.
Open proxies of course, don't go on the approved site list.
So, the worst nightmare scenario is avoided with zero extra administration effort.
And if it comes down to it, there are very few people that can cover their tracks on illicit material to such a degree that it *can't* be tracked and proven, if sufficient resources are brought forth for the problem i.e. responding to a lawsuit. Just like when crimes are comitted physically in real life.
-Russ.
Alright, so you're telling us, that your BREAD AND BUTTER depends on:
To watch... figure skating?! An eclipse?!
Dude, find a new hobby.
-Russ.
That's why you don't get them to sign agreement, but rather put it into policy and train them on it and tie it to the progressive discipline policy. This way, they are fired for violating company policy, not for performing a particular activity. You are allowed to make new policies after somebody begins employment. If they violate once or twice it's just a black mark on their record, not a termination offence. Then, termination is for repeated violations of policy, whether it's AUP, attendance, peformance, whatever. Employees can't just say "well the policy didn't exist when I was hired, so it doesn't apply to me", otherwise, you could never set a new policy about anything, ever, except for new employees.
If you walk around with an AUP and say "you have to sign this, or you're fired" then you will have the problem you describe. If you fire for a first offence, you will have the problem you describe. If you create it, train it, prove understanding, and integrate it with a progressive discipline policy, you'll be ok in court, because the person will have to say that they repeatedly violated a company-wide policy that they understood, because it was a new since they were hired and therefore didn't apply to them. An amesty grace-period on implementation with attendant coaching will also help your stance in court.
As an exerise, ask people that argue as you indicate above, if you state "no child p*rn on premesis or you're fired" does that not apply to them because it's a new condition of employment?
Of course the union does change this for better and for worse -- you'll have a harder time with th composition of the AUP with a union, but a better time with its implementation.
-Russ.
You may know something about bean counting - I tend to think not, but I have no proof one way or another. You _think_ you know about other subjects, such as networking, computer security, an labor law. You don't. I really don't care if you go down in flames because of your own stupidity. But don't offer advice to others - because as has been proven time and time again - you don't know what you are talking about, and in most cases your advice if flat out wrong.
Old guy
Ya know - I always have to laugh at total fools like this. They can't think of the blatant stuff, and wonder why it's so freakin obvious to everyone else.
But there's nothing there!!!
That ought to get a few yuks at the afternoon security briefing.
Old guy
:> The effective rules in the US have changed through various court rulings :> since your classes. What is needed now for non-government situations :> is evidence that a written policy existed, evidence that they were :> directed to read the policy and agree to it, and evidence that they :> contravened the policy.
:You write acceptable use, password policy, and maintenance of password :security into the same policy. They you tie that into the progressive :discipline policy like any other workplace guidelines. Publicize it and :train on it, and keep records. Employees don't have to agree to it, you :only have to prove they understand it.
We had a little bit of a theoretically messy transitional situation in going from no official policy to a real policy. Anyone who worked for us before the official policy existed could have made the claim that the policy was not "a condition of employment" at the time they were hired, and thus that they could not be -fired- for contravening it. [The situation differs a bit from anti-harassment policies and the like, as the government requires adherence with Civil Rights legislation.]
Fortunately (from a security administration point of view), the unions had been consulted about the new policy ahead of time, and all signed on to it, so for legal purposes it effectively became a condition of employment as of the next contract ratification for each bargining unit. There might in theory be a small number of exempt Management left, but I believe that those all signed on as well.
Evidence Eliminator, BC Wipe, MacAfee, etc, etc, if used properly, leave no clue that they were ever used. The DOD spec of zeros, overwitten by ones, then overwrtitten by random bits, doe not leave any telltale signs that such a program was used
And other stuff. We also plan on bringing live encrypted feeds of the Harriett Miers Supreme court Hearings from the United States. There is a lot of interest, we find, in people that would like to be able to sneak on from work, and be able to watch or listen, so we intend to oblige them, though the hearings will probably not take place until next month, becuase the committee schedule is full through the end of October. We also do other sports. While we will not be able to bring live video or audio of the Olympics, we will be able to do IRC-based live updates and commentary from the Games. We are also planning on doing a live feed of the world swimming championships in Shanghai, in April. Swimming is a hugly popular sport in Australia, and there is a lot of interest in Australia, in being able to get the swimming championships. We do the stuff our subscribers most want to see.
They leave clear evidence that they were used.
I'm starting to think it's some lamer troll that is just baiting us with the same old drivel - we all know how to stop it, but he keeps inventing what he Thinks are more ways around it - next he'll be telling us that the employee must bring in their own laptop with a WIFI card that connects to the World-Domination wireless network, and while standing on one leg, with a hand pointing to the east, that they will be able to access their content without us knowing - and as long as it's not on our network/resources I don't really care - but that means they didn't subvert our network security - which is the lamers point in posting.
Yea, I get a kick out of him, pcbutts1, and VB, putting them all in the same class.
The only way to detect their use is to put a keylogger on the machine, and hope the person you are snooping on does not find it and destroy it. That is how the government caught the one Newsday reporter arrested for child p*rn. It was a secret keylogger that caught him using Evidence Eliminator. Had that keylogger not been there, they would have never known the program was used. And like I said up-thread, there is on Russian figure skater, I will not say WHICH one, that works in an office in Novosibirsk, when not training or at a competition, and she has been able to sign on to my service, without her Russian employers having any CLUE as to what she is up to. I have chatted with her, and has been able to sneak on from work, without her employer, in Novosibirsk, knowing about it. She bounces off open relays all over the world. Her boss knows she is going to strange addresses all over the world, but he cannot figure out what she is up to. She appreciates my service very much, becuase it allows her to sneak on from work, when there is a comeptition she wants to watch and/or follow.
You are dreaming - it's easy to tell when a wipe/cleaner program has run, if you don't believe me (or others here) as someone you trust that knows something about security.
an administartor's main concern is to make sure the computer's are running ok. Not to make sure that workers don't pick their noses or watch the eclipse.
Anyhow, who the heck watches eclipses nowadays anyway? except astronomers, school children, and the bored/unemployed.
It can be blocked, but most admins probably won't bother. It's not their concern. It's not their responsibility if ppl don't want to work.
Anyhow. you ever think that maybe the boss or manager, or in your scenario, the IT person couldn't walk past the computers during those 6 minutes?
Besides, do you really get so excited about an eclipse? (given that you're an adult and you're not an astronomer)
As long as they chant a mantra at the same time. Yeah, that wouldn't be noticeable. I'd rather doubt that WiFi would do the trick here, as even cell phones don't work very well in our buildings. Non-company pagers don't work either. To bad the company pagers do.
It would be a problem here - we don't allow non-company computers into the facility. That's been company policy for over 12 years.
Old guy
Apparently. He's willing to (or at least, he trolls here trying to get us to believe that he's willing to) build his bread and butter on the model that people will risk their employment by disconnecting their machines, hacking the admin account, de-installing keyloggers, using a cell phone for Internet, installing his freakish questionble proxy-viewer-server software (put out by a company that recommends all the previous security compromises) viewing his content, wiping the evidence, and re-connecting to the corporate LAN... for an eclipse.
-Russ.
>X-No-Archive: Yes
Well, there are a number of homemande antenna designs, for both cell phones and WiFi that might boost the signal enough to work. Some antenna designs can give as much as a 12db increase in signal, and you can buy one as Compusa. Of course, I had to turn on X-No-Archive for this post, or one guy will find me and tell me it is illegal to use such an antenna, when it is not. One salesman as Compusa said the the Super Cantenna is perfectly legal to use on any WiFi card or AP. Depending on what your building is made out of, the Super Cantenna, sold at Compusa for $49, might do the trick.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.