Use of contract worker
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Use of contract worker

  1. #1
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152

    Use of contract worker

    We have recently hired a contract worker to assist on a project and I am trying to advise HR and upper management on using a contract to outline an AUP for when said contractor accesses the internet....and also have him document his work.

    I am hoping for some has a links to some basic guidelines to follow showing how important it is to have a contract and documentation of the work done....and the risks of not having these in place.

    Any links and or suggestions are greatly appreciated as always!

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    Hey MLF Start here http://www.sans.org/reading_room/whi...nsibility-it_3

    Now since I know a bit about your contractor, I have a nice little bit of malware I could send you. It will do all the nasty things slammer and code red did, but it will not replicate or spread. I use it every now and again when my lusers don't follow the "don't allow vendors or contractors to connect to the network with out contacting IT first" Rule.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Thanks Dino...yes same contractor.

    I did find the constant DNS requests were his iphone piggybacking on his laptop to get mail as Hybr|d suggested....but I still receive excessive UDP requests which I attribute to P2P. When I blocked the program on the local router in use (segmented from our corporate network)...the little ba$tard reset it...and then "could not" remember the admin password he set.

    I again reset the router.....and approached upper management. They have no contract....no documentation. A project that was to take 1-2 weeks is now in its 3rd month...and the little twerp is playing P2P network games while here. <shaking head>

    Of course...now the little ba$tard knows I am on to him.

    <sigh> .......all I can say is...its typical from our upper management

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    HYBR|D
    Guest
    Why does the contractor have access to the Router?

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    The contractor has physical access to the router because he and the R and D products are on a segmented lan ....outside of our corporate network...but sharing our internet. Together we set up the router ...which he needed access to for the setup of the devices in development...using both wifi and wired.

    Once the initial setup and functionality was done...I reset the admin password and set it to filter the P2P traffic....he hard reset it...and would not give me the password

    He has physical access to it because he told management he needed access to set it up.....

    I am trying to make them see that he does not need access to it for the project....

    I reset and set a password that I did not share with contractor....the UDP traffic has since stopped.....with no loss of functionality to our R and D devices.

    Because there is no contract or AUP...he can pretty well reset if he likes.....unless I can show management reasons and risks of letting him do so.

    Hence my initial request

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    he hard reset it...and would not give me the password
    "pick a window, you are going out"

    I guess I would cut off his internet share.................if they want to do their own thing then let them?................... but they have to make their own arrangements.

    Back in the day I would give a contractor a telephone socket and let them get on with it............OK that was pre-broadband. Nowadays I would be tempted to set up a standalone home broadband account to achieve the same (make sure that it is the slowest and crappest you can find)............as a corporate you might have to go for the type of account that pubs, restaurants and cafes use...............over here those are pretty basic.

    What the hell kind of organisation employs a contractor without a contract, terms of reference etc.???? I mean contractor..................................?

    I don't know Canadian law, but over here if someone set a password on your system (which they have no legitimate reason to do) and then refused to reveal it, they would be looking at "the big house" for sure.

    Does your company have a legal department? they might be interested?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    What the hell kind of organization employs a contractor without a contract, terms of reference etc.
    Not a very smart one !!!! (Private family owned.)

    I am not happy with the whole thing.....all I can say it is typical for our HR ditz and her consort

    Its a long sordid story and you really dont want all the gory details

    I need to show the risks of

    1. not having a contract with the AUP
    2. lack of documentation of work\programming

    I have found some good stuff on TechRepublic since my original posting....and will present next week....its all I can do...and to continue to monitor and document.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Well, if you don't have a contract how do you define what the deliverables are? Also, remuneration rates, allowable expenses and all that.......... lawyers can be very expensive

    A system that is not properly documented is difficult if not impossible to support.........also to update. Are you expected to support it after it goes live?

    Supposing this guy gets killed in a car crash or whatever (I will give you an alibi MLF) what then? You will fetch up paying a fortune for someone to analyse the system to find out what it does and how it works?

    Otherwise you are faced with a complete re-write?

    The basic reasons for contracts and documentation are to avoid downstream costs. They are pre-emptive rather than pedantic.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Supposing this guy gets killed in a car crash or whatever
    falls out a window

    I know all that....they dont

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    I already mentioned the window (defenestration is the technical term I believe)

    Hey, you have my sincere sympathies MLF, it is not a nice position to be in. I don't want to worry you further but to me this guy does not sound very professional; I am willing to bet that if a more lucrative contract came along, he would drop you like a hot brick.

    After all, he doesn't have a contract. Also, without documentation, how could anyone pick up the pieces? You would probably have to start from scratch, which means extra cost and delay. I know that specific performance is hard to enforce in these situations, but once the word got out that he breached a contract he would pretty soon find himself unemployable because no-one would trust him.

    I for one would certainly not employ someone who was prepared to breach their existing contract.

    Supposing he contracted a long term illness (nothing trivial I hope) .....would the company be prepared to wait? Without documentation they wouldn't have much choice would they?

    I know I am preaching to the converted, but the company doesn't seem to understand the professional aspects of systems development and employing outsiders?

    I have been trying to suggest a few arguments you might use, but at the end of the day I would suggest that emphasis on cost risks might get a better understanding. I bet they understand money, if nothing else?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. ICANN approves dotcom contract
    By whatthe in forum Regulatory Compliance
    Replies: 1
    Last Post: March 1st, 2006, 05:37 PM
  2. Social Worker.....Not Black Enough.
    By OverdueSpy in forum Cosmos
    Replies: 8
    Last Post: May 27th, 2005, 06:49 PM
  3. Norway cancels Microsoft contract
    By Palemoon in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: July 15th, 2002, 08:17 PM
  4. Expand / contract
    By VictorKaum in forum Site Feedback/Questions/Suggestions
    Replies: 2
    Last Post: January 16th, 2002, 11:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides