Results 1 to 7 of 7

Thread: legal aspect of NIDS

  1. #1
    Junior Member
    Join Date
    Jan 2004
    Posts
    20

    legal aspect of NIDS

    I am doing some research on NIDS systems
    and i am starting to wonder about the legal aspects of a NIDS. Sweden where I'm from seems not to have a clear law about what is legal to check and what not.
    Ex You can put a rule set to check if people are surfing porn sites okay maybe that is against office policy so we inform them to stop but where do we draw the line here. What if we would make a rule set for that check's for sentences like i hate my boss or information about a employee that is thinking about leaving the company. My point is that with a NIDS you can keep much better track of a person than just checking his mail with a mail filter.
    because these is is a global problem i am wondering what different company's and countries say about this issue.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If your company has a policy that clearly states that "while a user is using the computer assets of the company that they can have no expectation of privacy" and "that the company has the right but not the duty, to monitor and record any or all activity" and has the user sign has having read and understood the policy then here in the USA you are covered. Of course, there should be a whole slew of other things added to make it quite clear what is and is not acceptable but those are the two "cover all" parts where the users's privacy is concerned.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Yes, and to add to my good pal Tiger's comments, some places even have a separate acceptable use policy in addition to a formal security policy. Ours covers things like e-mail use, web browsing, file uploads/downloads, using non Govt. hardware on a Govt. network, etc.

    When it comes to signing, we have the employee sign along with a witness. This keeps the document free from additional legal wranglings that users will surely try when cornered.

    my two cents...
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: NIDS legal issues

    I agree w/ th13 and Tiger. The only additional information I have to add is:

    Occasionally, the depth of packet inspection can be argued. Meaning, looking into the packet payload and logging that information might be construed as a wiretap. In California, the state constitution only permits 'taps when all parties consent (loose paraphrase...check out http://www.leginfo.ca.gov/cgi-bin/di...file=630-637.9 for the exact text of the provision).

    I fully concede that a signed policy such as those illustrated by Tiger does indeed constitute 'consent'. I would further posit that these measures, whilst perhaps a bit on the unethical side in some views, are forced onto the Employer due the litigious nature of society.

    My only real point is that NIDS in particular walk a fine line. That fine line can occasionally be defined by the depth of monitoring/logging being performed.

    I'm not a lawyer, so I'm just proffering my opinion and interpretation here- nothing else!

    Cheers,
    <0
    Ego is the great Logic killer

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Lessthan:

    are forced onto the Employer due the litigious nature of society.
    Exactly..... Did you notice the "has the right but not the duty" portion of my phrase? Entirely due to the litigiousness of the society. You don't want to be sued because one employee is harassing another via email and you _don't_ have a sniffed record of it. So you state that you can do it but that you don't ever have to do it if you don't want to. When they come back with their legal beagle saying "why don't you have records since you monitor?" you can point to the phrase and say "we weren't doing it that day"....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Feb 2004
    Posts
    105

    re: Tiger Shark...

    I couldn't agree more.

    It is unfortunate that the majority of end-users lump these types of security measures into the "big brother" container. I think the common, everyday 9-5'er fails to understand the necessary security measures employers must take to keep business operations operational.
    Additionally, I don't think it is the 9-5'ers fault or sole responsibility. That's what corporate security training programs and policies/procedures are for imho.

    Big Brother is a syndrome all-together different. However many technical similarities they may be, it is always distinguishable by the amount of subterfuge involved.

    Again, well said Tiger and I agree 100%.

    Cheers,
    <0
    Ego is the great Logic killer

  7. #7
    Junior Member
    Join Date
    Jan 2004
    Posts
    20
    Thank you for all your comments
    Sweden is not a very litigious country it not like America where lawyers rule. So we have less of a incentive to keep our asses clear.
    But i wonder about these consent forms , considering traffic you might sniff might come from the outside and the person sitting at the other side hasn't signed a consent form and the attacker's "usually" come from the outside so you would like to sniff that traffic. Wouldn't the company need a big sign warning that we have a NIDS system like in Sweden you need to put up sign to be able to have surveillance cameras because their illegal if they havent. And as far as i know i have never seen such a sign. I know some people will say that we don't want the hacker to know we have one but i assume that most competent hacker guess that there there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •