Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Sniff Employee Offenders

  1. #11
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Can't say i blame any company for monitoring thier internet traffic. Whether it's simply a matter of non-productive employee time, or all the way to industrial or political espionage (sp?) any company has the right to protect itself from loss from any direction. And, for those companies with defense contracts or such, or classified information on their systems, the lack of monitoring capability could be considered gross negligence in some possible scenarios. But then, i figure paid work time is to be used productively for the person paying me. After all, if i were hiring a carpenter for $60/hr, and he spent his time smokin' 'an jokin', looking for email and chat-rooms on the internet with his portable wireless, i'd probably fire him. So can't see much difference for an employee on the keyboard. But then, maybe i'm just old fashioned.

  2. #12
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    I'm with Tiger Shark on this one also. I have always stressed that nothing you do on-line at work is private for any employer. Employees are always told upon hire that any network traffic may be monitored at anytime for any reason. Simple fact is the company owns the connection to the pipe the equipment from the servers down to the workstations. To admin a network one needs the freedom to turn on logs as needed from emial connects aand messages to web connections. Most cases nowdays with firewalls in and out bound traffic is watched real time at least 8 hours if not 24/7 for the logs when Admin is not there. One is foolish to think work is a private place, one is paid tp do a job best to do it, slipping in 65 personal emails while working a minute here two minutes there the time does add up. Best put on email ueage where most of the abuse I have seen in the past would you make 65 personal phone calls per day while at work? There is also now days a question of libality, yes some places are actually sueing others now for things like a virus excessive email bandwidth and humm an employee takes out another system using a company network guess who they will go after. I know of one case here where an employee on one company sent that all to funny sexual joke to another company only that employee felt it sexual harrassiment and both he and his company are now being sued. Web is not free cost money for people and equipment lots of money just keep up with an M$ liocense agreement Work is work play is play.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  3. #13
    Junior Member
    Join Date
    Dec 2002
    Posts
    12
    Well, the media has once again mis-quoted what the correct application for the technology is used for. Forensics is after the fact, but it is a great preventative tool if employees know that the tools exists - sort of like nuclear weapons. Unfortunately all is for not in the legal world if you haven't done everything as a normal course of business. Logs and all forensic data is considered hearsay evidence until it is handled through proper chain of custody and is established as part of normal business routine.

    Additionally, Tiger Shark has the right Idea, and it is required to notify employees that the systems they use are subject to monitoring, if you don't do this then you again lose the legal edge. And please, have your employees sign confidentiality, non-disclosure and the security policy and place it in "their permanent record". Now, you can have your day in court.
    Mantarey
    Question Everything!!!

  4. #14
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I work for a Government installation. We have a multi-level approach to this issue.

    1) Through our legal department, we have fitted every box with a warning banner at login. It basically tells the user that the machine is not thier property and everything is subject to monitoring. This along with the usual unauthorized personnel disclaimer

    2) At orientation, they are given an acceptable use policy and are made to sign it.

    3) We use WebSense to monitor and filter all internet traffic. We also have a few other goodies for intrusion detection and so on.

    4) We have a zero tolerance policy and it is enforced.

    5) We use a client lockdown strategy to limit the internal threats as best we can. I did see the stat of 85% of all attacks come from the inside. Well from experience I can tell you that the percentage is close.

    Anyway, just my two cents.....
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #15
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    the fact is...

    your company shells out overhead for every system, every resource, every bit of bandwidth used with the intention of meeting certain business goals.....

    From a systems administrators standpoint, I'll monitor all I want on my network, need I remind you that with the recent corporate crime going on they have been holding administrators and technical personell themselves legally responsible as well. Those that have too much time and not enough to do should find something to do, they teach this in grade school. I've no time for the whole privacy argument, your on corporate resources period. if you want to perform personal tasks, fine, do it at home.

    That is not to say that I crack down on everything, often with employees that I do know to work hard I cut a lot of slack, but when someone who isnt pulling the weight they should be is sucking resources allocated to the COMPANY well... I get a little bitter. Especially when I consider a few things... when my company does good so do I through profit sharing, benefits, and job security... I'm not about to waste my time or the company's dollars on dealing with bandwidth or legal problems because my users have little moral or work ethics. I've no use for that.

    But then again I dont come from a super large corporate environment, we all work close, and I know each and every user, the habits, work ethics, all the way down to whether they clean up after themselves in the break room at lunch. I do have a tendancy to look the other way with some, but I make that decision based on potential damage to my network, resource usage, and that persons work ethic.

    simply put, do your job first... most people that get offended by the monitoring/lockdowns I perform are the same abusers that dont pull weight.... thanks for cutting into my profit sharing heh.

    the simple fact is, its the companies right, always has been always will be... deal with it
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  6. #16
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    Originally posted here by THEJRC
    the fact is...

    your company shells out overhead for every system, every resource, every bit of bandwidth used with the intention of meeting certain business goals.....

    From a systems administrators standpoint, I'll monitor all I want on my network, need I remind you that with the recent corporate crime going on they have been holding administrators and technical personell themselves legally responsible as well. Those that have too much time and not enough to do should find something to do, they teach this in grade school. I've no time for the whole privacy argument, your on corporate resources period. if you want to perform personal tasks, fine, do it at home.

    That is not to say that I crack down on everything, often with employees that I do know to work hard I cut a lot of slack, but when someone who isnt pulling the weight they should be is sucking resources allocated to the COMPANY well... I get a little bitter. Especially when I consider a few things... when my company does good so do I through profit sharing, benefits, and job security... I'm not about to waste my time or the company's dollars on dealing with bandwidth or legal problems because my users have little moral or work ethics. I've no use for that.

    But then again I dont come from a super large corporate environment, we all work close, and I know each and every user, the habits, work ethics, all the way down to whether they clean up after themselves in the break room at lunch. I do have a tendancy to look the other way with some, but I make that decision based on potential damage to my network, resource usage, and that persons work ethic.

    simply put, do your job first... most people that get offended by the monitoring/lockdowns I perform are the same abusers that dont pull weight.... thanks for cutting into my profit sharing heh.

    the simple fact is, its the companies right, always has been always will be... deal with it
    I agree that the corporate network is property of the corporation. If you don't want your boss to know your visiting a site -don't go there. I work on the development side of I/T so I do not set up monitoring -but everytime I logon to a new desk top I am greeted with a full screen pop-up that states what the machine can and cannot be used for in order to proceed I have to click the link saying I have read the banner and will follow the policies. I work for a Utilitty with a very restrictive proxy settings. This is fine they pay me and pay for the network. If I need to go to the site I can mail the link to my personal account.

    I think the companies with written policies, such as mine, are just practicing CYA. We had an executive terminated for spending 8+ hrs a day at porn sites. To the best of my knowledge these practices have not yet been tested in court but I do not think an ex-employee stands a chance if the policy is well documented and explained to them (during new hire orientation or via a pop-up with a link to the full policy).

    With regards to employee privacy I do not think that is relavant. You are being paid to work not shop or view porn. It similar to a drug test policy but less envasive. W/a drug test poilcy I cannot use drugs during work or non work hours. With a web policy I can do whatever I want when I'm not in the office.

    A previous poster mentioned that many hacks are internal -which leads to the need for good monitoring and proper access to network shares. This prevents the wrong people from grabing information they do not need. I think people need to do a better with who as access to what data. Last year, a colleague of mine found a spreadsheet with all my colleagues current salary, what their year end bonus would be and what the raise would be. That information is private and should not be left unattended on a shared network drive.

    Well that's my 2 cents.

    Cheers.
    -D
    If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
    -- former White House cybersecurity adviser Richard Clarke

  7. #17
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I guess it should be said that proper administration is essential along with proper network security practices. This especially applies in enterprise settings where administration and network security is handled by different groups.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #18
    Junior Member
    Join Date
    Jan 2003
    Posts
    3
    Well i'm an admin at my school and we have to monitor all the activities of student we do this by opening up their accounts and going over what they do (this even happens to us admins 2)
    And we do this because its what we do and we have to.
    Albino Bird

  9. #19
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    Check out 'Internet Law'. Since the employer is suppling Internet Access and Email....they then have 'FULL RIGHTS' to read all email....and to monitor the employees use of the internet.
    (may sound unfair.......but if ya want to do something 'illegal' or surf 'porn'....then do it on your own time at home) The employer is paying the employee to do 'his' work.

    Not that I agree.......but that's the LAW

  10. #20
    Senior Member
    Join Date
    Jan 2003
    Posts
    242
    I have to agree with the general consensus that "if you value your job-don't screw around". Because the privacy policies are posted and employees basically know what is "legit" and what's not-one would have to be an idiot to risk their liveliehood.
    Of course, as a student, I log on anonymously if I am concerned about my being monitored and usually have a nearby station on a porn site

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •