Jump to content

Employee Problems & Monitoring Needed


Guest Deleted_Account

Recommended Posts

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Yeah it's ridiculous, why even have different level machines? All the Level 4 permissions should be permissions the user has. Your whole IT structure needs to be overhauled.

Definitely needs an overhaul.

At the place I work I've got administrative access on the local machine and access to certain folders, but not administrative access on the domain. Granted, I'm not about to go poking around to see what I can access and what I cannot, even if we don't exactly have a "Computer Usage Policy." I prefer to keep my nose clean at work, since anything you do there can come bite you in the ass later. Their network, their rules and all that. :)

Granted of course I can access most of the development machines (gogo using the same shitty vnc password for all dev machines), but why bother.

I like my job and I am not about to start trouble there.

Of course, they "allow" or tolerate people bringing in netbooks and laptops so that kinda tells you what kind of "ship" they run. :lol:

Link to comment
Share on other sites

Of course, they "allow" or tolerate people bringing in netbooks and laptops so that kinda tells you what kind of "shit" they run.

fixed

Still, I think mirroring and maybe a keylogger on YOUR companies computers isnt a bad idea

Link to comment
Share on other sites

Whoops typo.

Shitty company with shitty IT infrastructure is shitty.

Keyloggers aren't a bad idea, but I doubt they'd bother. There isn't even any web filtering software running and most of the machines they are using as servers are 10 to 15 years old running outdated apps and OSes.

I'd love to have a seperate VLAN for hooking up laptops, but for the time being that won't happen. Most of the people who work there use laptops anyway, I think there are maybe 3 or 4 people who use desktops, the rest use laptops.

Edited by Charles
Link to comment
Share on other sites

+1 to most of you.

So there is definitely a question I would like to know, and that is why she CAN access something she is not supposed to? I am also very very sure that upper management will want to know that as well, regardless of what she has done.

Link to comment
Share on other sites

Guest Deleted_Account

Lol i should have made it more clear:

1) 'Level 4' is what we nicknamed our main terminals that give direct access to our server (wired). our nicknames are there to remember them easier for instance: Level 1 - normal computers all employees have access level 2 - Field equipment (laptops) only supervisors can login to these and then grant permissions to the employee who needs it. level 3 - IT only level 4 - Server access (me and 2 other IT's).

2) She had access to the system so she could grab a backup of a previously fried HDD. As she was on our IT team and was given temporary access. Our servers are divided into 3 groups LAN backups/files (normal stuff running SMB), Web/HTTP servers and finally our 'offline' backup server which has all of our HDD images that we take approximately once every 2 months. She used the latter one for to get her HDD image. Essentially (for security and the fact we hardly need to use these backups) we just dump them over the network (off work hours) and then after words when they are needed put them back physically (dump to external hdd of same size then finally dump back to computers HDD).

3) our passwords for normal users are required to be 12 chars. long and alpha numeric all HDD are encrypted with AES-256 BIT XTS mode using TC and a password like:

su6jP!zX'_v31Gf0'\IA?2b;6\fY)B$stCCT4V+<4\`/b$WE}i.#x")8sN2zO,+ (64 Chars)

no one besides IT and Administration of course no these (kinda annoying when we have to turn on 40/50 comps a day but oh well) networks admin passwords are also 12+ alpha numeric + symbols.

Security isn't the issue but mainly policy regarding giving access to people who (rightly) should be supervised by an IT personnel such as myself or the other 2. Guess my supervisor didn't think it mattered too much as it was just a back up. As for the email we block most but Gmail is what we use so it isn't blocked sadly. Maybe this will get them to finally pay for an Enterprise account and setup on our own servers :P

EDIT: Ironically what she stool was the HDD backup she had to "Restore" and then mounted it and grabed files from it

EDIT #2: A quick note: This goes to show that no matter how secure something is human error always lets the bad guys in. Also to clear one more thing up i no longer work for said company as of late me and a friend decided it was time to invest in our own IT firm/Security audit company.

Edited by x942
Link to comment
Share on other sites

regardless, I still say that you should fire her twice then invoke a mandatory password change for all users and then re-evaluate your network security policies. If she was able to gain access to ANY dataset that she was not privileged to then that is terms for dismissal with no reference.

Btw MY password is the true name of god in reverse with symbols. So no one knows it besides me and him :rolleyes:

Lol i should have made it more clear:

1) 'Level 4' is what we nicknamed our main terminals that give direct access to our server (wired). our nicknames are there to remember them easier for instance: Level 1 - normal computers all employees have access level 2 - Field equipment (laptops) only supervisors can login to these and then grant permissions to the employee who needs it. level 3 - IT only level 4 - Server access (me and 2 other IT's).

2) She had access to the system so she could grab a backup of a previously fried HDD. As she was on our IT team and was given temporary access. Our servers are divided into 3 groups LAN backups/files (normal stuff running SMB), Web/HTTP servers and finally our 'offline' backup server which has all of our HDD images that we take approximately once every 2 months. She used the latter one for to get her HDD image. Essentially (for security and the fact we hardly need to use these backups) we just dump them over the network (off work hours) and then after words when they are needed put them back physically (dump to external hdd of same size then finally dump back to computers HDD).

3) our passwords for normal users are required to be 12 chars. long and alpha numeric all HDD are encrypted with AES-256 BIT XTS mode using TC and a password like:

su6jP!zX'_v31Gf0'\IA?2b;6\fY)B$stCCT4V+<4\`/b$WE}i.#x")8sN2zO,+ (64 Chars)

no one besides IT and Administration of course no these (kinda annoying when we have to turn on 40/50 comps a day but oh well) networks admin passwords are also 12+ alpha numeric + symbols.

Security isn't the issue but mainly policy regarding giving access to people who (rightly) should be supervised by an IT personnel such as myself or the other 2. Guess my supervisor didn't think it mattered too much as it was just a back up. As for the email we block most but Gmail is what we use so it isn't blocked sadly. Maybe this will get them to finally pay for an Enterprise account and setup on our own servers :P

EDIT: Ironically what she stool was the HDD backup she had to "Restore" and then mounted it and grabed files from it

EDIT #2: A quick note: This goes to show that no matter how secure something is human error always lets the bad guys in. Also to clear one more thing up i no longer work for said company as of late me and a friend decided it was time to invest in our own IT firm/Security audit company.

Link to comment
Share on other sites

ok, my perception is that all you people are just not getting it.

of course they have enough to 'kick her to the curb' as to

disciplinary action. what I am understanding is that they want

to be able to access/define/copy what it is specifically as to

a file or what the company secret/s that she passed along.

now, here's what i perceive is the crux of the matter. they

need further 'hard' evidence so as to be able to prosecute

her criminally and/or civilly. i'm guessing this is in canada

where i don't know laws, but here in the u.s., federally or

perhaps in some states, it is a serious crime to take and

pass along what are know as 'trade secrets'. there are

some serious fines and criminal penalties as well. THATS

what i think they are after. not 'just enough' to simply

fire her. they have more than enough for that.

just my 2 coins of small value..

Link to comment
Share on other sites

Not sure what its like in America or Canada, or if its changed in the last 20 years, but in Australia even your brain dead shop front solicitor (Australian version of Lawyer) would beat that in court with;

Show me where she agreed not to circumvent any security measures, and was it made clear at time of employment, or was it a case of sign here, and not given time to read or comprehend the document or policies.

I attended a security conference many years ago where an FBI bloke was saying log files don’t stand up in court as you can’t prove that they haven’t been doctored, and this still stands in Australia, as our laws are still back in the days when we were shipped here as convicts, and you must catch them physically at the keyboard committing the crime.

Again from an Australian experience, dismissing someone without hard evidence or solid proof of a breach of the company policy comes down to who has the deeper pockets when it comes time for court, or fear of a sympathetic judge. Most of the time its, here $XXXXXX now bugger off, across a meeting room table, especially when a union is involved.

And I won’t go into our workplace surveillance law’s, which have been dictated by the unions.

Link to comment
Share on other sites

  • 2 weeks later...
Guest Deleted_Account
Not sure what its like in America or Canada, or if its changed in the last 20 years, but in Australia even your brain dead shop front solicitor (Australian version of Lawyer) would beat that in court with;

Show me where she agreed not to circumvent any security measures, and was it made clear at time of employment, or was it a case of sign here, and not given time to read or comprehend the document or policies.

I attended a security conference many years ago where an FBI bloke was saying log files don’t stand up in court as you can’t prove that they haven’t been doctored, and this still stands in Australia, as our laws are still back in the days when we were shipped here as convicts, and you must catch them physically at the keyboard committing the crime.

Again from an Australian experience, dismissing someone without hard evidence or solid proof of a breach of the company policy comes down to who has the deeper pockets when it comes time for court, or fear of a sympathetic judge. Most of the time its, here $XXXXXX now bugger off, across a meeting room table, especially when a union is involved.

And I won’t go into our workplace surveillance law’s, which have been dictated by the unions.

Well all employees have to sign a legal document to work there and trust me our legal team covers 99% of all loop holes. We even make sure they have their own attorney present or make them sign saying they don't want one. as for logs it's called Helix and other forensic methods that preserver all data in a way that can't be compromised easily. Logs, ip, mac, email, headers, etc. are used in court all the time of course they need more then JUST that but thats way i wanted a way of catching her in the act. And as our terms state we can use ANY means of surveillance on our systems. Now don't go thinking we are a Dictatorship of sorts this is only to protect company secrets and we specifically state no personal use is allowed. And in the event personal use is made (besides our coffee /break room's wifi where it's allowed (still monitored by proxy) )we delete the data within 48 hours and they are warned.

Also before i quite the company to start my IT company we got here by using the built in webcam and keyloggers as well as SSLstrip :) all that was needed to get her to court. She did settle outside of court but thats because it was cheaper for our company (as you said) and we didn't want it to be a huge public ordeal. It turns out she was selling the files to someone on Craigslist oddly enough and only for $4000 while it was probably worth more like $10,000 inc. damages (thats what she paid them in the end approx any ways)

Edited by x942
Link to comment
Share on other sites

  • 4 months later...

if you are a boss, probably you want to know what your employees are doing. On the opposite side, if you are an employee, you don't want to be monitored. Unfortunately, I am the latter one, and I was monitored under SurveilStar employee monitoring software. My boss now knows what website I visited, my IM conversation, my emails contents. Facebook, Youtube, myspace, twitter are all blocked. He said SNS were wasting our time...

According to our IT manager, Surveilstar also captures real-time screen snapshot.

It seems more and more company are using employee monitoring software to prevent data leakage or improve employee productivity

Link to comment
Share on other sites

  • 4 months later...

1: Your security sucks. Why can anyone with an account log on to a Level 4 system if its important that access is controlled?

2: Why it is possible for an employee to copy confidential material onto a flash drive from a Level 4 system?

3: Why can an employee get on to the internet and send emails?

As for firing her, IT doesn't do this, HR does. You pass the information you have to HR and the users manager, and they decide on the firing.

Further more why is someone able to utilize encryption software on your network which you don't have access to the keys. If the business which your in is important enough why are you allowing 3rd party USB devices to be plugged in at all. Most of the time those USB sticks require a driver & software to be installed in order to have them work correctly as well which means she has some form of local admin access to her machine...why?

Link to comment
Share on other sites

  • 6 months later...

It is good to hear that lawyers are involved, as is your HR team I would assume. While I understand that part of the theory of not wanting to take any action on this person in the hopes that you can legally capture the password that she used on the encrypted file, I would assume that if she poses any additional security risk to additional breaches, she would be terminated on the spot and her computer put on litigation hold (or whatever the CA equivalent may be). Depending on your security policies, devices such as personal drives or USB thumbdrives should fall under that security policy and be seen as additional risk and action should be taken.

At this point the breach has happend, Is it worth the risk to retain her as an employee (assuming that breach of company security policy is grounds for termination) and risk future breaches? Either way, it may be worth your company re-examining your security model and practices so that events like this cannot occur in the future.

Link to comment
Share on other sites

  • 3 weeks later...

You are probably going to violate Canadian Criminal Code Section 342.1 and maybe even laws of the country where the mail server is hosted..

but...

setup a dummy website for her email. Make it look idential to the login page. Redirect that domain (at the proxy or hosts file) to the dummy site. Next time she logs in you obtain the credentials.

Mission Accomplished.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...