RE: Securing workstations from IT guys

WALI,

Many list members have contributed valuable suggestions for securing the
PCs.

This, to me, however appears to be an issue with the email system's
security controls, or an abuse of admin privs on the email server.

That would be a much easier location to copy items "sent" and "received"
by the HR dpt.


Kind Regards,

Scott Ramsdell
CISSP CCNA MSCE


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Lim Ming Wei
Sent: Monday, November 26, 2007 9:14 PM
To: 'WALI'; 'security-basics'
Subject: RE: Securing workstations from IT guys

Use encryption program to encrypt those files. Password function in the
normal MS Word application does not help. If you have problem
installing
the program. You might want to consider saving the file in an
alternative
storage media such as a USB Thumb drive.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On
Behalf Of WALI
Sent: Monday, November 26, 2007 2:24 AM
To: security-basics
Subject: Securing workstations from IT guys

It's a catch 22 situation and I need to make our Windows Xp workstations

appropriately secure. Secure from rogue Helpdesk personnel as well as
network admins.
The HR guys are complaining that their 'offer' letters to prospective
employees and some of the CVs that they recieve are finding their way
into
unwanted hands. I suspect both HR application vulnerability, for which I
am
undertaking some vulnerability analysis but I also need to protect the
PCs
that belong to Dept. of HR employees from rogue IT guys.

Here are the basics of what I intend to do:
1. Advise all HR users to shutdown their PC before they leave for the
day.
2. Change all Local Admin passwords so that even IT helpdesk/other
doesn't
know them.
3. Advise HR guys to assign passwords to their excel/word files.
3. Do not create shares off c drive giving 'everyone' access.

But...because they are all connected to Windows 2003 domain, I still
risk
someone from domain admin group to be able to start C$/D$ share and
browse
into their c: drive, what should I do?

Also, it's easy to crack open xls/doc passwords, what else can be done?

Alternatively, Is there an auditing on PC that can be enabled to
track/log
incoming connections to C$ and pop up and alert whenever someone tries
it
out from a remote machine.

Pls advise!!

Relevant Pages

  • RE: Securing workstations from IT guys
    ... Securing workstations from IT guys ... protect the PCs that belong to Dept. of HR employees from rogue IT guys. ... Change all Local Admin passwords so that even IT helpdesk/other ... Advise HR guys to assign passwords to their excel/word files. ...
    (Security-Basics)
  • RE: Securing workstations from IT guys
    ... department and see what's lying on desks and sitting in trash cans. ... Securing workstations from IT guys ... the end of the day you can't stop a sufficiently knowledgeable admin (or ... password to that account is in order to elevate and bypass controls. ...
    (Security-Basics)
  • Re: Somebody is keep trying to ssh into my systems, how can I stop that?
    ... that you use passwords ... I was ANSWERING THE FUCKING QUESTION. ... YOUR method of securing the system at the AUTHENTICATION level, ... packet at Network (at MAC level) level?." ...
    (comp.os.linux.security)
  • RE: Users slam Microsoft Security Analyser
    ... does go to the admin as well. ... Proper configuration can go a long way in securing a system. ... spend y number of hours cleaning up after an incident, ...
    (Focus-Microsoft)
  • Re: SSH connections
    ... don't allow tunneled clear text passwords at all. ... can you elaborate on this? ... > I recently worked on securing all of our servers' SSH configuration ... Was man mit Gewalt gewinnt, kann man nur mit Gewalt behalten (Mahatma ...
    (comp.os.linux.security)