[Employee Problems & Monitoring Needed]

1: Your security sucks. Why can anyone with an account log on to a Level 4 system if its important that access is controlled?

2: Why it is possible for an employee to copy confidential material onto a flash drive from a Level 4 system?

3: Why can an employee get on to the internet and send emails?

As for firing her, IT doesn't do this, HR does. You pass the information you have to HR and the users manager, and they decide on the firing.

Further more why is someone able to utilize encryption software on your network which you don't have access to the keys. If the business which your in is important enough why are you allowing 3rd party USB devices to be plugged in at all. Most of the time those USB sticks require a driver & software to be installed in order to have them work correctly as well which means she has some form of local admin access to her machine...why?

[The French]

Wanted to post this as I though it might be of interest to some. It has some security implications so I wasn't sure if it belonged in the Security forum instead. Here goes nothing.

http://www.bbc.co.uk/news/technology-12983734

Wanted to hear peoples opinion on this one.

[Pwnie Express]

Send in the firm name as HB Gary Federal and give a P.O. Box. I wonder if they would do a verification?

8D

[Mybb 1.6.2 Sql Injection Exploit]

How something so simple can, really screw up your system security. Whenever I write apps in PHP, I always sanitize all the inputs, ensuring all the inputs are valid. I think its something that web application developers should practice more often, to ensure a safer web.

I couldn't agree more. However the issue still remains that web developers too often do not have any or much security experience with the tools in which they use. I suspect that as time progresses that we will see this trend change but likely not any time soon.

[Monitoring Question]

So based on your comments I am unsure the level you sit at within your organization. Obviously you have reporting staff but the solutions which can be implemented will obviously depend on your level within your organization. As mentioned above a proxy server is a great solution to track basic and simple web traffic. If Social media is not a critical part of your teams role then I would suggest blocking those sites outright. Another solution might just to block Facebook, Youtube, Twitter Etc etc etc. all together organization wide. I myself am looking for a nice open source web & packet analyzer tool which can monitor the enterprise which I manage in real time. I am not personally interested in websense does anyone have other solutions which could work?