wh1t3 and n3rdy Posted June 18, 2010 Share Posted June 18, 2010 Yeah it's ridiculous, why even have different level machines? All the Level 4 permissions should be permissions the user has. Your whole IT structure needs to be overhauled. Quote Link to comment Share on other sites More sharing options...
Charles Posted June 19, 2010 Share Posted June 19, 2010 Yeah it's ridiculous, why even have different level machines? All the Level 4 permissions should be permissions the user has. Your whole IT structure needs to be overhauled. Definitely needs an overhaul. At the place I work I've got administrative access on the local machine and access to certain folders, but not administrative access on the domain. Granted, I'm not about to go poking around to see what I can access and what I cannot, even if we don't exactly have a "Computer Usage Policy." I prefer to keep my nose clean at work, since anything you do there can come bite you in the ass later. Their network, their rules and all that. :) Granted of course I can access most of the development machines (gogo using the same shitty vnc password for all dev machines), but why bother. I like my job and I am not about to start trouble there. Of course, they "allow" or tolerate people bringing in netbooks and laptops so that kinda tells you what kind of "ship" they run. Quote Link to comment Share on other sites More sharing options...
gcninja Posted June 19, 2010 Share Posted June 19, 2010 Of course, they "allow" or tolerate people bringing in netbooks and laptops so that kinda tells you what kind of "shit" they run. fixed Still, I think mirroring and maybe a keylogger on YOUR companies computers isnt a bad idea Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted June 19, 2010 Share Posted June 19, 2010 We have a separate wifi lan with a net connection for us in the it department to use with private machines, but we don't connect them to the corporate network. Quote Link to comment Share on other sites More sharing options...
Charles Posted June 19, 2010 Share Posted June 19, 2010 (edited) Whoops typo. Shitty company with shitty IT infrastructure is shitty. Keyloggers aren't a bad idea, but I doubt they'd bother. There isn't even any web filtering software running and most of the machines they are using as servers are 10 to 15 years old running outdated apps and OSes. I'd love to have a seperate VLAN for hooking up laptops, but for the time being that won't happen. Most of the people who work there use laptops anyway, I think there are maybe 3 or 4 people who use desktops, the rest use laptops. Edited June 19, 2010 by Charles Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted June 20, 2010 Share Posted June 20, 2010 +1 to most of you. So there is definitely a question I would like to know, and that is why she CAN access something she is not supposed to? I am also very very sure that upper management will want to know that as well, regardless of what she has done. Quote Link to comment Share on other sites More sharing options...
eliminatebotnets Posted June 21, 2010 Share Posted June 21, 2010 Are you sure the password isn't "12345" ?? *hides* I think ADMIN is more likely. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 23, 2010 Share Posted June 23, 2010 I think ADMIN is more likely. My password is 9 spaces..... Quote Link to comment Share on other sites More sharing options...
Charles Posted June 23, 2010 Share Posted June 23, 2010 Mine is this: *************** Or at least that's how it shows up. Owait. :D Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted June 24, 2010 Share Posted June 24, 2010 {|}~◘⌂ü≤äd╛ how's that for a passwd?! :X Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted June 24, 2010 Share Posted June 24, 2010 My password is Pi Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted June 24, 2010 Share Posted June 24, 2010 My password is Pi To 0 dp? :) Quote Link to comment Share on other sites More sharing options...
Jokke Posted June 24, 2010 Share Posted June 24, 2010 Haha! Thnx this was great thread to read. Haven't laugh this much for a while behind my desk. More stories like this guys! Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted June 28, 2010 Share Posted June 28, 2010 (edited) Lol i should have made it more clear: 1) 'Level 4' is what we nicknamed our main terminals that give direct access to our server (wired). our nicknames are there to remember them easier for instance: Level 1 - normal computers all employees have access level 2 - Field equipment (laptops) only supervisors can login to these and then grant permissions to the employee who needs it. level 3 - IT only level 4 - Server access (me and 2 other IT's). 2) She had access to the system so she could grab a backup of a previously fried HDD. As she was on our IT team and was given temporary access. Our servers are divided into 3 groups LAN backups/files (normal stuff running SMB), Web/HTTP servers and finally our 'offline' backup server which has all of our HDD images that we take approximately once every 2 months. She used the latter one for to get her HDD image. Essentially (for security and the fact we hardly need to use these backups) we just dump them over the network (off work hours) and then after words when they are needed put them back physically (dump to external hdd of same size then finally dump back to computers HDD). 3) our passwords for normal users are required to be 12 chars. long and alpha numeric all HDD are encrypted with AES-256 BIT XTS mode using TC and a password like: su6jP!zX'_v31Gf0'\IA?2b;6\fY)B$stCCT4V+<4\`/b$WE}i.#x")8sN2zO,+ (64 Chars) no one besides IT and Administration of course no these (kinda annoying when we have to turn on 40/50 comps a day but oh well) networks admin passwords are also 12+ alpha numeric + symbols. Security isn't the issue but mainly policy regarding giving access to people who (rightly) should be supervised by an IT personnel such as myself or the other 2. Guess my supervisor didn't think it mattered too much as it was just a back up. As for the email we block most but Gmail is what we use so it isn't blocked sadly. Maybe this will get them to finally pay for an Enterprise account and setup on our own servers :P EDIT: Ironically what she stool was the HDD backup she had to "Restore" and then mounted it and grabed files from it EDIT #2: A quick note: This goes to show that no matter how secure something is human error always lets the bad guys in. Also to clear one more thing up i no longer work for said company as of late me and a friend decided it was time to invest in our own IT firm/Security audit company. Edited June 28, 2010 by x942 Quote Link to comment Share on other sites More sharing options...
Wetwork Posted June 29, 2010 Share Posted June 29, 2010 regardless, I still say that you should fire her twice then invoke a mandatory password change for all users and then re-evaluate your network security policies. If she was able to gain access to ANY dataset that she was not privileged to then that is terms for dismissal with no reference. Btw MY password is the true name of god in reverse with symbols. So no one knows it besides me and him Lol i should have made it more clear: 1) 'Level 4' is what we nicknamed our main terminals that give direct access to our server (wired). our nicknames are there to remember them easier for instance: Level 1 - normal computers all employees have access level 2 - Field equipment (laptops) only supervisors can login to these and then grant permissions to the employee who needs it. level 3 - IT only level 4 - Server access (me and 2 other IT's). 2) She had access to the system so she could grab a backup of a previously fried HDD. As she was on our IT team and was given temporary access. Our servers are divided into 3 groups LAN backups/files (normal stuff running SMB), Web/HTTP servers and finally our 'offline' backup server which has all of our HDD images that we take approximately once every 2 months. She used the latter one for to get her HDD image. Essentially (for security and the fact we hardly need to use these backups) we just dump them over the network (off work hours) and then after words when they are needed put them back physically (dump to external hdd of same size then finally dump back to computers HDD). 3) our passwords for normal users are required to be 12 chars. long and alpha numeric all HDD are encrypted with AES-256 BIT XTS mode using TC and a password like: su6jP!zX'_v31Gf0'\IA?2b;6\fY)B$stCCT4V+<4\`/b$WE}i.#x")8sN2zO,+ (64 Chars) no one besides IT and Administration of course no these (kinda annoying when we have to turn on 40/50 comps a day but oh well) networks admin passwords are also 12+ alpha numeric + symbols. Security isn't the issue but mainly policy regarding giving access to people who (rightly) should be supervised by an IT personnel such as myself or the other 2. Guess my supervisor didn't think it mattered too much as it was just a back up. As for the email we block most but Gmail is what we use so it isn't blocked sadly. Maybe this will get them to finally pay for an Enterprise account and setup on our own servers :P EDIT: Ironically what she stool was the HDD backup she had to "Restore" and then mounted it and grabed files from it EDIT #2: A quick note: This goes to show that no matter how secure something is human error always lets the bad guys in. Also to clear one more thing up i no longer work for said company as of late me and a friend decided it was time to invest in our own IT firm/Security audit company. Quote Link to comment Share on other sites More sharing options...
gcninja Posted July 1, 2010 Share Posted July 1, 2010 bitch needs to be MONITORED and badly Quote Link to comment Share on other sites More sharing options...
Ron Posted July 3, 2010 Share Posted July 3, 2010 ok, my perception is that all you people are just not getting it. of course they have enough to 'kick her to the curb' as to disciplinary action. what I am understanding is that they want to be able to access/define/copy what it is specifically as to a file or what the company secret/s that she passed along. now, here's what i perceive is the crux of the matter. they need further 'hard' evidence so as to be able to prosecute her criminally and/or civilly. i'm guessing this is in canada where i don't know laws, but here in the u.s., federally or perhaps in some states, it is a serious crime to take and pass along what are know as 'trade secrets'. there are some serious fines and criminal penalties as well. THATS what i think they are after. not 'just enough' to simply fire her. they have more than enough for that. just my 2 coins of small value.. Quote Link to comment Share on other sites More sharing options...
oxley Posted July 3, 2010 Share Posted July 3, 2010 Not sure what its like in America or Canada, or if its changed in the last 20 years, but in Australia even your brain dead shop front solicitor (Australian version of Lawyer) would beat that in court with; Show me where she agreed not to circumvent any security measures, and was it made clear at time of employment, or was it a case of sign here, and not given time to read or comprehend the document or policies. I attended a security conference many years ago where an FBI bloke was saying log files don’t stand up in court as you can’t prove that they haven’t been doctored, and this still stands in Australia, as our laws are still back in the days when we were shipped here as convicts, and you must catch them physically at the keyboard committing the crime. Again from an Australian experience, dismissing someone without hard evidence or solid proof of a breach of the company policy comes down to who has the deeper pockets when it comes time for court, or fear of a sympathetic judge. Most of the time its, here $XXXXXX now bugger off, across a meeting room table, especially when a union is involved. And I won’t go into our workplace surveillance law’s, which have been dictated by the unions. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted July 12, 2010 Share Posted July 12, 2010 (edited) Not sure what its like in America or Canada, or if its changed in the last 20 years, but in Australia even your brain dead shop front solicitor (Australian version of Lawyer) would beat that in court with; Show me where she agreed not to circumvent any security measures, and was it made clear at time of employment, or was it a case of sign here, and not given time to read or comprehend the document or policies. I attended a security conference many years ago where an FBI bloke was saying log files don’t stand up in court as you can’t prove that they haven’t been doctored, and this still stands in Australia, as our laws are still back in the days when we were shipped here as convicts, and you must catch them physically at the keyboard committing the crime. Again from an Australian experience, dismissing someone without hard evidence or solid proof of a breach of the company policy comes down to who has the deeper pockets when it comes time for court, or fear of a sympathetic judge. Most of the time its, here $XXXXXX now bugger off, across a meeting room table, especially when a union is involved. And I won’t go into our workplace surveillance law’s, which have been dictated by the unions. Well all employees have to sign a legal document to work there and trust me our legal team covers 99% of all loop holes. We even make sure they have their own attorney present or make them sign saying they don't want one. as for logs it's called Helix and other forensic methods that preserver all data in a way that can't be compromised easily. Logs, ip, mac, email, headers, etc. are used in court all the time of course they need more then JUST that but thats way i wanted a way of catching her in the act. And as our terms state we can use ANY means of surveillance on our systems. Now don't go thinking we are a Dictatorship of sorts this is only to protect company secrets and we specifically state no personal use is allowed. And in the event personal use is made (besides our coffee /break room's wifi where it's allowed (still monitored by proxy) )we delete the data within 48 hours and they are warned. Also before i quite the company to start my IT company we got here by using the built in webcam and keyloggers as well as SSLstrip :) all that was needed to get her to court. She did settle outside of court but thats because it was cheaper for our company (as you said) and we didn't want it to be a huge public ordeal. It turns out she was selling the files to someone on Craigslist oddly enough and only for $4000 while it was probably worth more like $10,000 inc. damages (thats what she paid them in the end approx any ways) Edited July 12, 2010 by x942 Quote Link to comment Share on other sites More sharing options...
kevin lee Posted November 18, 2010 Share Posted November 18, 2010 if you are a boss, probably you want to know what your employees are doing. On the opposite side, if you are an employee, you don't want to be monitored. Unfortunately, I am the latter one, and I was monitored under SurveilStar employee monitoring software. My boss now knows what website I visited, my IM conversation, my emails contents. Facebook, Youtube, myspace, twitter are all blocked. He said SNS were wasting our time... According to our IT manager, Surveilstar also captures real-time screen snapshot. It seems more and more company are using employee monitoring software to prevent data leakage or improve employee productivity Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 18, 2010 Share Posted November 18, 2010 Laws in europe make it a lot harder to do this type of monitoring. For example x942, had you pulled that type of stunt in Europe, you would probally have been sued. Quote Link to comment Share on other sites More sharing options...
L1f3less Posted April 8, 2011 Share Posted April 8, 2011 1: Your security sucks. Why can anyone with an account log on to a Level 4 system if its important that access is controlled? 2: Why it is possible for an employee to copy confidential material onto a flash drive from a Level 4 system? 3: Why can an employee get on to the internet and send emails? As for firing her, IT doesn't do this, HR does. You pass the information you have to HR and the users manager, and they decide on the firing. Further more why is someone able to utilize encryption software on your network which you don't have access to the keys. If the business which your in is important enough why are you allowing 3rd party USB devices to be plugged in at all. Most of the time those USB sticks require a driver & software to be installed in order to have them work correctly as well which means she has some form of local admin access to her machine...why? Quote Link to comment Share on other sites More sharing options...
Folkar Posted October 29, 2011 Share Posted October 29, 2011 It is good to hear that lawyers are involved, as is your HR team I would assume. While I understand that part of the theory of not wanting to take any action on this person in the hopes that you can legally capture the password that she used on the encrypted file, I would assume that if she poses any additional security risk to additional breaches, she would be terminated on the spot and her computer put on litigation hold (or whatever the CA equivalent may be). Depending on your security policies, devices such as personal drives or USB thumbdrives should fall under that security policy and be seen as additional risk and action should be taken. At this point the breach has happend, Is it worth the risk to retain her as an employee (assuming that breach of company security policy is grounds for termination) and risk future breaches? Either way, it may be worth your company re-examining your security model and practices so that events like this cannot occur in the future. Quote Link to comment Share on other sites More sharing options...
flood Posted November 16, 2011 Share Posted November 16, 2011 You are probably going to violate Canadian Criminal Code Section 342.1 and maybe even laws of the country where the mail server is hosted.. but... setup a dummy website for her email. Make it look idential to the login page. Redirect that domain (at the proxy or hosts file) to the dummy site. Next time she logs in you obtain the credentials. Mission Accomplished. Quote Link to comment Share on other sites More sharing options...
F1r3B4llH4X0r Posted November 28, 2011 Share Posted November 28, 2011 I love when year old threads get bumped :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.