Security Basics mailing list archives
RE: Remotely manage Zone Alarm
From: "Mike Peppard" <mpeppard () impole com>
Date: Thu, 4 Sep 2003 14:17:13 -0400
1) Make your private network trusted in Zonealarm, or disable Zonealarm for whatever reason. Giving him/her access to the nice color printer is a good enough reason maybe? Add VNC http://www.realvnc.com/ or XP remote access. This tells you what is happening, but it's your word against theirs, unless you have a couple of people watching. Sounds boring to me. 2) Change the gateway to a linux router and run a log of activity. Pretty conclusive evidence if you see "bad things" in the logs. 3) You could also just stick a camera in the office. In the USA and the UK you can invade an employees privacy in whatever manner you wish while they are on or using company property. This would be easier to uphold in a court as most judges wouldn't have a clue what to do with a sniffer log. 4) Secure your network so s/he can't do bad things...
-----Original Message----- From: Halverson, Chris [mailto:chris.halverson () encana com] Sent: Thursday, September 04, 2003 12:58 PM To: 'Cesar Diaz'; security-basics () securityfocus com Subject: RE: Remotely manage Zone Alarm Short of getting on the machine and enabling remote management, and a password protection schema. I am not sure... you might try protecting the resource from his username and if the password is being utilized, you know it is intentional. Chris -----Original Message----- From: Cesar Diaz [mailto:cesadiz () yahoo com] Sent: Thursday, September 04, 2003 7:36 AM To: security-basics () securityfocus com Subject: Remotely manage Zone Alarm We have a user that works remotely. Since he works outside our firewall he has Zone Alarm Pro on his machine. This week he is in the office. Our logs show he is trying to access things he shouldn't be and doing things he shouldn't be. For internal political reasons HR wants some more proof that it's not accidental. I can't access his c$ share to look at Zone Alarm logs or remotely access his event logs because of the Zone Alarm Is there a way to centrally manage Zone Alarm settings or is this user completely shielded while inside our network? Cesar ------------------------------------------------------------------ --------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------ ---------- ------------------------------------------------------------------ --------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ------------------------------------------------------------------ ----------
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Remotely manage Zone Alarm Cesar Diaz (Sep 04)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
- Re: Remotely manage Zone Alarm gregh (Sep 08)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- <Possible follow-ups>
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
- RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
- Re: Remotely manage Zone Alarm Birl (Sep 05)
- Question on Corrupted BlackIce Defender Installation Paul Fishbein (Sep 11)
- RE: Question on Corrupted BlackIce Defender Installation matt willson (Sep 15)
- Re: Remotely manage Zone Alarm small fry (Sep 05)
- Re: Remotely manage Zone Alarm Cesar Diaz (Sep 08)