Re: [fw-wiz] Highlighting Security Issues

From: Victor Williams (vbwilliams_at_neb.rr.com)
Date: 08/01/04

  • Next message: Victor Williams: "Re: [fw-wiz] Highlighting Security Issues"
    To: "Paul D. Robertson" <paul@compuwar.net>
    Date: Sun, 01 Aug 2004 16:08:15 -0500
    
    

    Might be an unpopular opinion...

    But he got what was coming to him. If I was above him in the food
    chain, I would have terminated him also...without even thinking about
    it...it was a no-brainer. The screenshots also prove nothing. I can
    make my computer screen look like anyone's with about 10 minutes of
    work, and then take screenshots of it. This dude is an amateur at best.

    Having worked as an employee (not a contractor) for the US Dept of
    Agriculture for almost 10 years, I can honestly say that this is
    commonplace--employees getting into others' business when they have not
    enough to do.

    Fact is, computer "abuse" is a common problem, and it is only going to
    be solved by admins who know what they're doing--which this guy
    obviously didn't--coupled with a strict, easy-to-understand policy that
    is also able to be enforced. In government (where the lowest bidder
    always wins) there just isn't enough resources (money and qualified
    people) to make policies and actually implement them.

    1. Why didn't he have any security measures in place to disallow
    surfing of questionable websites? (my current company doesn't even
    allow us to check our company-matched 401k plans while on the company
    network, let alone checking stocks).
    2. Why didn't his workstation policy (written and implementation)
    dictate that no games be loaded on workstations?
    3. Regarding point 2, if that was the policy, why wasn't it policy
    (written and implementation) that end-users (like his boss) not have
    admin rights on their machine to re-install restricted software? This
    is a simple Windows NT/2000/XP policy issue.

    His methods are that of vigilantism. If he was the actual network admin
      (which it doesn't clarify whether he is or not), then his job was to
    monitor and DOCUMENT, should any employees whose machines he oversees
    become a *problem*...not monitor, document, and tattle-tale. If his job
    was just system administrator (which is completely different from
    network administrator), then he was overstepping his boundaries again
    because it wasn't his job. I would promptly be removed from my current
    job if it came to light that I had installed software to spy on my boss
    without any order from upper management to do so. That's just common
    sense (uncommon these days). You do what you're told unless someone
    else higher than your boss tells you to do something
    differently...because that's what you're paid to do--what your boss(es)
    tell you to in the grand scheme of things.

    Fact is, in any business, the bottom line is what matters. If you are
    getting your work done with 10% of your time, checking your stocks
    another 20%, and the other 70% playing Solitaire, that's a management
    problem (above you and your boss), that's not your problem or
    concern...and you should not assume it is. You should do your job
    within your reach of authority, and when called upon by the right
    authority for more, do more. This guy clearly overstepped his
    boundaries. I think it's good for him to be concerned, but he should
    have never named names with submitting his findings. If anything, it
    made it look as though he had a vendetta against ONE person. If he
    would have been thinking, he would have submitted a report saying more
    ambiguously that there were various abuses of computer resources going
    on. If management then wanted to make it an issue and have him provide
    more proof of this, then he gets a bit more specific. If he submits
    that proof and management turns around and again wants specifics on
    named individuals, then you go to that step.

    This story is inherently what's so wrong with government at EVERY
    level...it's a perfect example. It's why I ultimately left...and
    hopefully I will never have to go back.

    I hope he learned a valuable lesson...do your job and don't worry about
    anyone else. It was good for him to be concerned. It wasn't good for
    him to act out based on that concern.

    Paul D. Robertson wrote:
    > Saw this on Slashdot, and thought it might be worth some thought...
    >
    > http://www.aldotwaste.com/
    >
    > The short version is that after being frustrated for a while, the person
    > in question Trojaned his boss's machine, and gathered screenshots over a 7
    > month period that show 70% of the time, his boss was playing solitaire,
    > and 20% of the time, checking his stocks. The whistle-blower was removed
    > from his position, though he claims policy gave him the right to monitor
    > and document abuses.
    >
    > Some of the knee-jerk reaction from the organization looks to be "there
    > was IDS and it was showing hacking and obviously this got us hacked!"
    > balanced by an independent report that says they were up to their ears in
    > false positives and didn't have AV updates working.
    >
    > Thoughts? Comments? Updates from our favorite copying place?
    >
    > Paul
    > -----------------------------------------------------------------------------
    > Paul D. Robertson "My statements in this message are personal opinions
    > paul@compuwar.net which may have no basis whatsoever in fact."
    > probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Victor Williams: "Re: [fw-wiz] Highlighting Security Issues"

    Relevant Pages

    • Workgroup XP PC discovered but will not Enable
      ... Management Point is 10.204.31.17 ClientLocation 6/18/2007 ... Refreshing Certifcate Information over HTTP LocationServices 6/19/2007 ... Requesting policy from authority 'SMS:TMP' PolicyAgent_RequestAssignments ... Authority 'SMS:TMP' does not have an associated Policy Agent configuration. ...
      (microsoft.public.sms.installer)
    • Re: Workgroup XP PC discovered but will not Enable
      ... Management Point is 10.204.31.17 ClientLocation 6/18/2007 2:12:28 PM 4000 ... Refreshing Certifcate Information over HTTP LocationServices 6/19/2007 4:44:08 PM 3116 ... Requesting policy from authority 'SMS:TMP' PolicyAgent_RequestAssignments ... Proxy MP __InstanceModificationEvent event received SrcUpdateMgr 6/18/2007 3:43:47 PM 2140 ...
      (microsoft.public.sms.installer)
    • Re: Records Management Question
      ... It's generally not necessary to restart anything for MRM policies to kick in. ... policy to, and the same was true for it. ... when I click on the managed folder I ... >>> How to Configure Messaging Records Management Logging ...
      (microsoft.public.exchange.admin)
    • Re: Intermittent ADSL fault
      ... length of the driveway to get the service working - again against policy. ... of time is officially frowned upon and with the way 'de management' are ... I was recently sent out on a pole damage, where a large vehicle had literally removed 2 to 3 foot where the pole had somehow kept up right, just dropping back onto it's base. ... Despite any warnings from either myself or one of the 2 police personal who were on site the public ignored the cordon and just had to walk up to the pole just to check it out. ...
      (uk.telecom.broadband)
    • Re: Locking down workstation
      ... Mada Dulate wrote: ... Pick the primary OS that your workstations use. ... includes a client for some kind of patch management system. ... network and equipment usage policy. ...
      (Security-Basics)