Security Basics mailing list archives
RE: Remotely manage Zone Alarm
From: "Zachary Mutrux" <zmutrux () compumentor org>
Date: Thu, 4 Sep 2003 11:12:22 -0700
There are legal implications when it comes to monitoring employees. Especially if the computer (presumably a laptop) does not belong to the company. You should consult with counsel before proceeding. http://www.gigalaw.com/articles/2002/towns-2002-01.html If the following are true: - user is in your office - you have physical access to the computer - he leaves it unattended Then it should be a simple matter to open the ports on Zone Alarm so you can remotely access it over the network to perform whatever monitoring is necessary. You can record TCP/IP sessions originating from his computer and analyze them to identify what he is doing. You could also announce a new company policy regarding the use of personal firewalls, under the guise of improving security. Tell everyone that you are deploying a managed client firewall solution like the ones offered by Symantec and McAfee. Use that as an excuse to remove ZoneAlarm from his PC. Zac
-----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: Thursday, September 04, 2003 6:36 AM To: security-basics () securityfocus com Subject: Remotely manage Zone Alarm We have a user that works remotely. Since he works outside our firewall he has Zone Alarm Pro on his machine. This week he is in the office. Our logs show he is trying to access things he shouldn't be and doing things he shouldn't be. For internal political reasons HR wants some more proof that it's not accidental. I can't access his c$ share to look at Zone Alarm logs or remotely access his event logs because of the Zone Alarm Is there a way to centrally manage Zone Alarm settings or is this user completely shielded while inside our network? Cesar ------------------------------------------------------------------ --------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------ ----------
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Remotely manage Zone Alarm Cesar Diaz (Sep 04)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
- Re: Remotely manage Zone Alarm gregh (Sep 08)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- <Possible follow-ups>
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
- RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
(Thread continues...)