This sounds cool. At least for the admins... sucks to be the employee...

Tech Sniffs Employee Offenders By Michelle Delio
Story location (http://www.wired.com/news/infostructure/0,1377,56826,00.html)
02:00 AM Dec. 13, 2002 PT

NEW YORK -- There are no bodies, bones or blood to analyze. No pondering over a piece of decaying evidence that was once part of a human being.

But the forensics software on display at this year's Infosecurity 2002 tradeshow is enough to spook corporate employees everywhere.

Computer forensics applications are typically used to investigate computer crimes and to preserve digital evidence so it's usable in court. But these applications aren't just for law enforcement officials anymore. Computer forensics software is helping stop corporate crime before it happens.

What do the members of AO think about employers monitoring their employees?

Personally, if it was me, I'd feel violated. Only becuase if they hired me, they should trust me. I think I should only be monitored if they have "reasonable doubt". My company uses software to monitor the usage of the internet and to "watch for malicious activities".
Since I'm too damn busy at work to abuse the privledge of having the internet and the "toys" that I have, I don't have anything to worry about.
But what about the employee who has too much free time at work and has access to the internet? I don't think that because the company can't keep them busy enough is a good reason to find out what recipie they are going to follow for tonights dinner...

Honestly I'd never even use public PCs such as the ones in offices and libraries.

Can't you drag your files under like a pile of directories or overwrite the file a few times and it makes the file harder to dig up? Of course I'd never risk my job but it might be fun when nosey librarians are around.

I haven't used a library PC in years.... I had to use one when my comp broke.... It didn't take me long to fix my PC but gezz its so annoying to have librarians walk around you and pretend they aren't snooping and stuff. And then when you get off the librarian sits down at the PC and checks temp. internet files and a bunch of other stuff that nosey peaple would love to look at.

well it says " Computer forensics software is helping stop corporate crime before it happens. "
i think this is good,
but, phishphreek80 have a good point of view, ( if they hired me, they should trust me ) lol, well this would be an employee point of view, but as an CEO or business owner specially for enterprise and large companies i believe they have to double check everything before they risk thier business.

as for my company, they only track internet trafic, but our CEO give us some free borders to surf :) specially for senior employees , like i can get to any site with no coments from the manegment

Our company only monitors Internet traffic. Once we see that internet traffic is going to non-work related sites (porn or whatever) we start monitoring that persons computer.

We monitor anything we please..... Period!!!!

Our employees are warned at their orientation that nothing, I repeat _nothing_ you do on our company's network is private. I make the point that I can sniff every piece of traffic they send and receive across the network including their passwords. They are informed that every webmail server I can find, every AIM, IRC etc. is blocked at the firewall and that I am warned immediately connection attempts are made.

Am I a bit harsh in the policies I enforce? I don't think so for 2 reasons:

1. I work for a non-profit - I can't throw money at problems so I minimize my risk by removing the high risk items.

2. Folks, this is work...... You are being paid for it - not to go galivanting around the web or BSing with your friends.....

Lastly, someone mentioned "trust"...... Number one rule of IT security: Trust noone and trust nothing!!!!!

well I hate to say this, but your employees are the LAST people you should trust. Several studies have been done in recent years that show upwards of 85% of all hack attempts are from INSIDE your own network. I'll have to dig the reports up, but I know several folks like CERT and SANS have done these same types of studies.

I lock down as much as I can, but a lot of what I can and cannot do is controlled by the policy (which I'm rewriting) and to some extent by the directors of this company.



El Diablo

Indeed:

The bigest security risk in the office resides between the keyboard and the chair..

But is sniffing any good, you can't (where I live) do that kind of thing without first clearing it with your personell ( although one sticker with "You are Being watched" is sufficient by law )

And this pre-emptive (however that is spelled) sniffing doesn't "feel" good by my standards..

Although I would agree with tiger-shark on some issues...

Luckily I'm the one in controll of the servers / firewall where I work..

you may adress me as the BOFH

I agree 100% with Tiger Sharks remarks.....

At the company i work in (admin) i enforce the same policies.
Ofcourse the users are told these things before they have access to the machines they use, but its not only trust. What if they are the victims of malicous code and the "illegal" actions are automated? All our machines have banners saying that all activity will be monitored if suspicous use is suspected. This way we still control the situation if its done purposely or by user error.

The important thing though is to make the users aware that there is no such thing as privacy on the company machines.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Tiger Shark
We monitor anything we please..... Period!!!!

Our employees are warned at their orientation that nothing, I repeat _nothing_ you do on our company's network is private. I make the point that I can sniff every piece of traffic they send and receive across the network including their passwords. They are informed that every webmail server I can find, every AIM, IRC etc. is blocked at the firewall and that I am warned immediately connection attempts are made.

Am I a bit harsh in the policies I enforce? I don't think so for 2 reasons:

1. I work for a non-profit - I can't throw money at problems so I minimize my risk by removing the high risk items.

2. Folks, this is work...... You are being paid for it - not to go galivanting around the web or BSing with your friends.....

Lastly, someone mentioned "trust"...... Number one rule of IT security: Trust noone and trust nothing!!!!!

Couldn't have said it better. It's amazing how much non-productive traffic there is. I think HR should include a disclaimer to new employees AND contractors that all network activity is monitored. With that done, sniff away! If somebody feels strongly enough that they "should be trusted" by the employer, then they don't need to take the job.

And this has what to do with forensics software? Packet sniffing and utilizing forensic tools are two totally seperate things. I don't think ANYONE has a moral or legal issue with people using forensics tools to investigate after a break-in. The other issue, logging employee network traffic, is much more controversial. I tend tho agree with the idea that as long as employees are informed of what's happening, it's OK. Doing it without informing them is scummy, and probably illegal.

Can't say i blame any company for monitoring thier internet traffic. Whether it's simply a matter of non-productive employee time, or all the way to industrial or political espionage (sp?) any company has the right to protect itself from loss from any direction. And, for those companies with defense contracts or such, or classified information on their systems, the lack of monitoring capability could be considered gross negligence in some possible scenarios. But then, i figure paid work time is to be used productively for the person paying me. After all, if i were hiring a carpenter for $60/hr, and he spent his time smokin' 'an jokin', looking for email and chat-rooms on the internet with his portable wireless, i'd probably fire him. So can't see much difference for an employee on the keyboard. But then, maybe i'm just old fashioned.

I'm with Tiger Shark on this one also. I have always stressed that nothing you do on-line at work is private for any employer. Employees are always told upon hire that any network traffic may be monitored at anytime for any reason. Simple fact is the company owns the connection to the pipe the equipment from the servers down to the workstations. To admin a network one needs the freedom to turn on logs as needed from emial connects aand messages to web connections. Most cases nowdays with firewalls in and out bound traffic is watched real time at least 8 hours if not 24/7 for the logs when Admin is not there. One is foolish to think work is a private place, one is paid tp do a job best to do it, slipping in 65 personal emails while working a minute here two minutes there the time does add up. Best put on email ueage where most of the abuse I have seen in the past would you make 65 personal phone calls per day while at work? There is also now days a question of libality, yes some places are actually sueing others now for things like a virus excessive email bandwidth and humm an employee takes out another system using a company network guess who they will go after. I know of one case here where an employee on one company sent that all to funny sexual joke to another company only that employee felt it sexual harrassiment and both he and his company are now being sued. Web is not free cost money for people and equipment lots of money just keep up with an M$ liocense agreement :) Work is work play is play.

Well, the media has once again mis-quoted what the correct application for the technology is used for. Forensics is after the fact, but it is a great preventative tool if employees know that the tools exists - sort of like nuclear weapons. Unfortunately all is for not in the legal world if you haven't done everything as a normal course of business. Logs and all forensic data is considered hearsay evidence until it is handled through proper chain of custody and is established as part of normal business routine.

Additionally, Tiger Shark has the right Idea, and it is required to notify employees that the systems they use are subject to monitoring, if you don't do this then you again lose the legal edge. And please, have your employees sign confidentiality, non-disclosure and the security policy and place it in "their permanent record". Now, you can have your day in court.

I work for a Government installation. We have a multi-level approach to this issue.

1) Through our legal department, we have fitted every box with a warning banner at login. It basically tells the user that the machine is not thier property and everything is subject to monitoring. This along with the usual unauthorized personnel disclaimer

2) At orientation, they are given an acceptable use policy and are made to sign it.

3) We use WebSense to monitor and filter all internet traffic. We also have a few other goodies for intrusion detection and so on.

4) We have a zero tolerance policy and it is enforced.

5) We use a client lockdown strategy to limit the internal threats as best we can. I did see the stat of 85% of all attacks come from the inside. Well from experience I can tell you that the percentage is close.

Anyway, just my two cents.....

the fact is...

your company shells out overhead for every system, every resource, every bit of bandwidth used with the intention of meeting certain business goals.....

From a systems administrators standpoint, I'll monitor all I want on my network, need I remind you that with the recent corporate crime going on they have been holding administrators and technical personell themselves legally responsible as well. Those that have too much time and not enough to do should find something to do, they teach this in grade school. I've no time for the whole privacy argument, your on corporate resources period. if you want to perform personal tasks, fine, do it at home.

That is not to say that I crack down on everything, often with employees that I do know to work hard I cut a lot of slack, but when someone who isnt pulling the weight they should be is sucking resources allocated to the COMPANY well... I get a little bitter. Especially when I consider a few things... when my company does good so do I through profit sharing, benefits, and job security... I'm not about to waste my time or the company's dollars on dealing with bandwidth or legal problems because my users have little moral or work ethics. I've no use for that.

But then again I dont come from a super large corporate environment, we all work close, and I know each and every user, the habits, work ethics, all the way down to whether they clean up after themselves in the break room at lunch. I do have a tendancy to look the other way with some, but I make that decision based on potential damage to my network, resource usage, and that persons work ethic.

simply put, do your job first... most people that get offended by the monitoring/lockdowns I perform are the same abusers that dont pull weight.... thanks for cutting into my profit sharing heh.

the simple fact is, its the companies right, always has been always will be... deal with it

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by THEJRC
the fact is...

your company shells out overhead for every system, every resource, every bit of bandwidth used with the intention of meeting certain business goals.....

From a systems administrators standpoint, I'll monitor all I want on my network, need I remind you that with the recent corporate crime going on they have been holding administrators and technical personell themselves legally responsible as well. Those that have too much time and not enough to do should find something to do, they teach this in grade school. I've no time for the whole privacy argument, your on corporate resources period. if you want to perform personal tasks, fine, do it at home.

That is not to say that I crack down on everything, often with employees that I do know to work hard I cut a lot of slack, but when someone who isnt pulling the weight they should be is sucking resources allocated to the COMPANY well... I get a little bitter. Especially when I consider a few things... when my company does good so do I through profit sharing, benefits, and job security... I'm not about to waste my time or the company's dollars on dealing with bandwidth or legal problems because my users have little moral or work ethics. I've no use for that.

But then again I dont come from a super large corporate environment, we all work close, and I know each and every user, the habits, work ethics, all the way down to whether they clean up after themselves in the break room at lunch. I do have a tendancy to look the other way with some, but I make that decision based on potential damage to my network, resource usage, and that persons work ethic.

simply put, do your job first... most people that get offended by the monitoring/lockdowns I perform are the same abusers that dont pull weight.... thanks for cutting into my profit sharing heh.

the simple fact is, its the companies right, always has been always will be... deal with it

I agree that the corporate network is property of the corporation. If you don't want your boss to know your visiting a site -don't go there. I work on the development side of I/T so I do not set up monitoring -but everytime I logon to a new desk top I am greeted with a full screen pop-up that states what the machine can and cannot be used for in order to proceed I have to click the link saying I have read the banner and will follow the policies. I work for a Utilitty with a very restrictive proxy settings. This is fine they pay me and pay for the network. If I need to go to the site I can mail the link to my personal account.

I think the companies with written policies, such as mine, are just practicing CYA. We had an executive terminated for spending 8+ hrs a day at porn sites. To the best of my knowledge these practices have not yet been tested in court but I do not think an ex-employee stands a chance if the policy is well documented and explained to them (during new hire orientation or via a pop-up with a link to the full policy).

With regards to employee privacy I do not think that is relavant. You are being paid to work not shop or view porn. It similar to a drug test policy but less envasive. W/a drug test poilcy I cannot use drugs during work or non work hours. With a web policy I can do whatever I want when I'm not in the office.

A previous poster mentioned that many hacks are internal -which leads to the need for good monitoring and proper access to network shares. This prevents the wrong people from grabing information they do not need. I think people need to do a better with who as access to what data. Last year, a colleague of mine found a spreadsheet with all my colleagues current salary, what their year end bonus would be and what the raise would be. That information is private and should not be left unattended on a shared network drive.

Well that's my 2 cents.

Cheers.
-D

I guess it should be said that proper administration is essential along with proper network security practices. This especially applies in enterprise settings where administration and network security is handled by different groups.

Well i'm an admin at my school and we have to monitor all the activities of student we do this by opening up their accounts and going over what they do (this even happens to us admins 2)
And we do this because its what we do and we have to.

Check out 'Internet Law'. Since the employer is suppling Internet Access and Email....they then have 'FULL RIGHTS' to read all email....and to monitor the employees use of the internet.
(may sound unfair.......but if ya want to do something 'illegal' or surf 'porn'....then do it on your own time at home) The employer is paying the employee to do 'his' work.

Not that I agree.......but that's the LAW

I have to agree with the general consensus that "if you value your job-don't screw around". Because the privacy policies are posted and employees basically know what is "legit" and what's not-one would have to be an idiot to risk their liveliehood.
Of course, as a student, I log on anonymously if I am concerned about my being monitored and usually have a nearby station on a porn site

I'm gonna make this simple. If you do not monitor your emplyees, you WILL get burned.

I know someone who is findng this out, the hard way :(