Security Basics mailing list archives
Re: web monitoring tool
From: "Jon Pastore" <jpastore () idetech net>
Date: Sun, 13 Apr 2003 08:42:25 -0400
An important rule in small and medium businesses I've found in dealing with situtations like this, to quote Murphy, "He who has teh gold makes the rules..." if the boss wants to look at porn and not have it logged in the event the EEOC comes in thats not an unreasonable request and justifiable by saying the boss's or executives actions whould be considered confidential and top secret. If you have an exec that is making that kind of request I would have to have it approved by the next highest authority since no one but the top guy gets to do things without anyone else knowing about it... For example a clients office 2 particular individuals where working on information for a project that was going to be pattanted. I would be in violation of a lot of things if I snooped and monitored that project. I found after the work was done what was going on but you can't monitor emails to attorney's etc... Though it usually stands with all of my clients and other friends of mine in IT have found...IT knows all sees all...usually working close with HR we "see dead people" =) infact as a side note I read this funny comic inktank.com about how their IT staff is a bunch of ninja's no one has ever seen and they reside in a dark room... documentation is key... ----- Original Message ----- From: "Douglas K. Fischer" <fischerdk () purefm net> To: <security-basics () securityfocus com> Sent: Friday, April 11, 2003 11:08 PM Subject: RE: web monitoring tool
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lots of excellent points made in this thread. 1. Before you do anything, have a CYA memo of some sort from a superior, ESPECIALLY if this request places any action in direct or inferred opposition to corporate policy or legal reporting/auditing requirements. It's hard to say (and frankly irrelevant) why the executives want their surfing totally confidential. However, if there would be any backlash from this action, you need to minimize your own exposure. (My general rule of thumb is to have clear support for everything I do. If I can't point to a policy or regulation that supports an action, I make sure someone over me has provided some form of e-mail or memo that will offer such support.) 2. Chances are in addition to not wanting anything logged, the executives also do not want any of the traffic observed. I would tend to agree with the proponents for a separate dial-up or broadband Internet connection and a separate PC/laptop to totally isolate this "executive surfing" from your enterprise network. That is the cleanest way. 3. Perhaps suggesting that the execs do their "confidential surfing" from
a
home connection or other non-corporate location would be in order. It
would
be far simpler as far as keeping the traffic confidential. (Frankly, depending on their reasons for wanting to keep their activities invisible, the very act of making this request would arouse suspicion and start vicious rumours. Simply doing the surfing from home would have allowed
them
to keep things quiet and not have to involve anyone at the office.) Doug -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPpeDOp938qfSpraDEQIeLwCgvhhQtBj6mC/wmOVnw0kdMAZEidQAoMvy Ga/9fuqdr+Mmj9GaxHz82Z3G =xAn1 -----END PGP SIGNATURE----- ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free
technical support.
Stop SPAM before it stops you. -------------------------------------------------------------------
------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- RE: web monitoring tool, (continued)
- RE: web monitoring tool Michael Parker (Apr 10)
- RE: web monitoring tool Tim Heagarty (Apr 10)
- Re: web monitoring tool Kenzo (Apr 10)
- Re: web monitoring tool Peter Pandev (Apr 12)
- RE: web monitoring tool Trevor Cushen (Apr 10)
- RE: web monitoring tool Burton M. Strauss III (Apr 10)
- RE: web monitoring tool Robinson, Sonja (Apr 10)
- Re: web monitoring tool Imran Khan (Apr 10)
- RE: web monitoring tool David Gillett (Apr 10)
- RE: web monitoring tool Douglas K. Fischer (Apr 12)
- Re: web monitoring tool Jon Pastore (Apr 14)
- RE: web monitoring tool Ken Kousky (Apr 14)
- RE: web monitoring tool David Gillett (Apr 10)
- RE: web monitoring tool Michael Parker (Apr 10)
- RE: web monitoring tool Chris Berry (Apr 10)
- RE: web monitoring tool Chris Santerre (Apr 11)
- RE: web monitoring tool Imran Khan (Apr 14)