Re: web monitoring tool

From: Jon Pastore (jpastore@idetech.net)
Date: 04/13/03

  • Next message: Jon Pastore: "Re: Pop-up alert" 
    From: "Jon Pastore" <jpastore@idetech.net>
To: <security-basics@securityfocus.com>, "Douglas K. Fischer" <fischerdk@purefm.net>
Date: Sun, 13 Apr 2003 08:42:25 -0400

    An important rule in small and medium businesses I've found in dealing with
    situtations like this, to quote Murphy, "He who has teh gold makes the
    rules..." if the boss wants to look at porn and not have it logged in the
    event the EEOC comes in thats not an unreasonable request and justifiable by
    saying the boss's or executives actions whould be considered confidential
    and top secret. If you have an exec that is making that kind of request I
    would have to have it approved by the next highest authority since no one
    but the top guy gets to do things without anyone else knowing about it...

    For example a clients office 2 particular individuals where working on
    information for a project that was going to be pattanted. I would be in
    violation of a lot of things if I snooped and monitored that project. I
    found after the work was done what was going on but you can't monitor emails
    to attorney's etc...

    Though it usually stands with all of my clients and other friends of mine in
    IT have found...IT knows all sees all...usually working close with HR we
    "see dead people" =)

    infact as a side note I read this funny comic inktank.com about how their IT
    staff is a bunch of ninja's no one has ever seen and they reside in a dark
    room...

    documentation is key...

    ----- Original Message -----
    From: "Douglas K. Fischer" <fischerdk@purefm.net>
    To: <security-basics@securityfocus.com>
    Sent: Friday, April 11, 2003 11:08 PM
    Subject: RE: web monitoring tool

    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Lots of excellent points made in this thread.
    >
    > 1. Before you do anything, have a CYA memo of some sort from a superior,
    > ESPECIALLY if this request places any action in direct or inferred
    > opposition to corporate policy or legal reporting/auditing requirements.
    > It's hard to say (and frankly irrelevant) why the executives want their
    > surfing totally confidential. However, if there would be any backlash from
    > this action, you need to minimize your own exposure. (My general rule of
    > thumb is to have clear support for everything I do. If I can't point to a
    > policy or regulation that supports an action, I make sure someone over me
    > has provided some form of e-mail or memo that will offer such support.)
    >
    > 2. Chances are in addition to not wanting anything logged, the executives
    > also do not want any of the traffic observed. I would tend to agree with
    > the proponents for a separate dial-up or broadband Internet connection and
    > a separate PC/laptop to totally isolate this "executive surfing" from your
    > enterprise network. That is the cleanest way.
    >
    > 3. Perhaps suggesting that the execs do their "confidential surfing" from
    a
    > home connection or other non-corporate location would be in order. It
    would
    > be far simpler as far as keeping the traffic confidential. (Frankly,
    > depending on their reasons for wanting to keep their activities invisible,
    > the very act of making this request would arouse suspicion and start
    > vicious rumours. Simply doing the surfing from home would have allowed
    them
    > to keep things quiet and not have to involve anyone at the office.)
    >
    > Doug
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
    >
    > iQA/AwUBPpeDOp938qfSpraDEQIeLwCgvhhQtBj6mC/wmOVnw0kdMAZEidQAoMvy
    > Ga/9fuqdr+Mmj9GaxHz82Z3G
    > =xAn1
    > -----END PGP SIGNATURE-----
    >
    >
    >
    > -------------------------------------------------------------------
    > Is SPAM over-loading your e-mail server, disk space or bandwidth?
    > SurfControl E-Mail Filter is flexible, intelligent and policy-driven
    > protection.
    > http://www.securityfocus.com/SurfControl-security-basics2
    > Download your free fully functional trial, complete with 30-days of free
    technical support.
    > Stop SPAM before it stops you.
    > -------------------------------------------------------------------
    >

    -------------------------------------------------------------------
    Is SPAM over-loading your e-mail server, disk space or bandwidth?
    SurfControl E-Mail Filter is flexible, intelligent and policy-driven
    protection.
    http://www.securityfocus.com/SurfControl-security-basics2
    Download your free fully functional trial, complete with 30-days of free technical support.
    Stop SPAM before it stops you.
    -------------------------------------------------------------------

  • Next message: Jon Pastore: "Re: Pop-up alert"