MRGRIM Posted December 7, 2009 Share Posted December 7, 2009 We recently went through the process of implementing email and Internet usage policies here, that was a fun week in work. Having to explain to people that ultimately I don’t care what they spend their day doing but if asked then I can produce reports documenting websites and durations of time they’ve spent on them. I try to explain to people that my department is far to busy to spend all day monitoring people and that it’s purely management putting the frighteners on them. Quote Link to comment Share on other sites More sharing options...
gcninja Posted December 8, 2009 Share Posted December 8, 2009 NO NO! not sarcasm. I mean that's some pretty nice software then. I saw that on a few sites when I was searching for an MMC version of it, but the way it was worded, it didn't look like it would work in the way that he would like it to. why not? if this persons under suspicion and they are using a COMPANY computer they have the right to put what ever the fuck they want on it, and its small well hidden and can be retrieved whenever and how ever he wants Quote Link to comment Share on other sites More sharing options...
anguish79 Posted December 9, 2009 Author Share Posted December 9, 2009 Just as a small update, I haven't done anything on this yet. There have been some other issues inside the company that have crept up, and this is become a lower priority issue. And I'm completely cool with it at this point. I've been trying to stay out of any mess involving this particular individual for a while, and although I'm stuck in some, this is one I can thankfully stay out of for now. Probably end up revisiting it after the first of the year.. Quote Link to comment Share on other sites More sharing options...
OzWizard Posted December 9, 2009 Share Posted December 9, 2009 Use a Hardware keylogger, and update company policy stating that keyloggers may be used. Quote Link to comment Share on other sites More sharing options...
Ap0the0sis Posted December 14, 2009 Share Posted December 14, 2009 Have you tried ssl stripping w/ Man in the middle? I don't know how far you're willing to go, but a few open source utils and WinPcap should do you good for what you're looking to get. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted January 5, 2010 Share Posted January 5, 2010 We recently went through the process of implementing email and Internet usage policies here, that was a fun week in work. Having to explain to people that ultimately I don’t care what they spend their day doing but if asked then I can produce reports documenting websites and durations of time they’ve spent on them. I try to explain to people that my department is far to busy to spend all day monitoring people and that it’s purely management putting the frighteners on them. Heh, people always ask if I read their email all the time. I say nope, we have software do that for us. I don't read my own email, why the hell would I want to read other people's email..... No need for man in the middle. We control the network infrastructure. If I want to see where someone is surfing it's fairly trivial to port mirror their traffic to my desk. If their traffic is in an encrypted stream going to a nonbusiness related site, that site gets blocked. They want it unblocked they can get their manager to tell me to unblock it. Quote Link to comment Share on other sites More sharing options...
macrohard Posted January 6, 2010 Share Posted January 6, 2010 It's really a two-fold problem: Employee does not follow acceptable use policy when using a computer in a workplace Employer does not properly audit nor enforce acceptable use policy when needed or required. I'm in the same position at work myself at times, our management will not review nor audit employee's web usage unless someone speaks up and reports a problem. In a lot of ways I believe its a corporate mindset that it is too much trouble to correct an issue of an employee not following an internet policy that in a lot of ways is not regarded as being such a big deal as to say, levels of sexual harassment in the workplace. But the problem is, if something goes bad and because a employee was abusing internet access and something bad happened to the network, it usually ends up in the lap of the poor IT person who regardless of doing everything right in his or her job, is going to be the one who the finger is pointed at, not the employee who caused the problem in the first place. Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 6, 2010 Share Posted January 6, 2010 It depends, if your AUP says no Facebook, and you notice that one of the finance drones checks her profile at lunch and just before she leaves the office at the end of the day, but otherwise is not causing any IT problems are you going to clamp down on her or are you going to let it slide? I would, because the spirit of the law is more important that the letter. But also because she is not causing a problem, and the sales drones with admin access to their laptops and long periods away from the office are a fucking nightmare. Porn, Warez, spyware... you name it, they installed/downloaded it. But they also bring in multi-million euro contracts, and their bosses are very reluctant to do anything unless its a big problem and/or they are missing targets. So you need to pick your battles and work within the political structure of your organization rather than trying to be god. For example (and this is real), pulling someone into a meeting without HR's backing about a few porn dvd-rips on a laptop and giving them a poorly drafted written warning is a bad thing to do as it will make you no friends and you catch shit from HR, while a quiet chat with the same person on a fag break where you talk about spyware and viruses on p2p networks, mention the fact that high capacity USB sticks are quite cheap these days and most importantly give the impression that while you personally don't care what she does in hotel rooms, there is an AUP as part of her contract, will get you what you want, which is a system without spyware and p2p apps on it, where Chrome is used for all personal browsing and a VP that respects you for being honest, professional and discrete. Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted February 7, 2010 Share Posted February 7, 2010 TBH if you are going to say that a site is off limits it should be blocked. If you then see anyone n it you know they are circumventing network security and that is something to clamp down on. Quote Link to comment Share on other sites More sharing options...
anguish79 Posted February 9, 2010 Author Share Posted February 9, 2010 There's lots of good points all the way around. At this point, the issue has been shelved for now, and I'm not even worrying about it. I've got other things to focus on rather than worry about this issue. Granted, I know it's still an issue, but it's off my plate for now.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.