Security Basics mailing list archives
Re: Securing workstations from IT guys
From: krymson () gmail com
Date: 26 Nov 2007 19:34:03 -0000
1) Figure out the commonality between the information that is being leaked and to whom it is being leaked. Is it the same person who happens to have access to your mail server and they're all email-borne files? Is it open c$ shares (or other shares!?) from the HR PCs? I've found that while we can dream up fanciful scenarios about IT workers hacking applications, typically (much like law enforcement), I find the simplest answers really are the correct answers. And in IT and data access, I've typically found that users don't look to break into and steal things, they just happen to find open shares or unsecured stuff sitting around (crimes of opportunity, not premeditation). Mistakes and human errors... 2) Once you find out how or by whom these files are being leaked, you can target your efforts to plug that hole. It would suck to implement 5 different security measures, and none of them stop the problem. 3) When the cooling in your data center breaks and you let your AC repairman into the data center, do you watch him like a hawk to make sure he doesn't start stealing software or yanking out cables from the racks? Most likely not, and you rely on video cameras to log any activity which is never looked at unless a problem occurs. Likewise, you eventually need to trust your IT workers, otherwise, as another posted noted, you have personnel issues (and nicely enough, if you do, at least HR is feeling the resultant pain and can get on your side!). Likewise, audit accesses, logins, and admin account usage...much like keeping that security camera on the servers even though you likely won't ever check it out unless you have reason to. <- snip -> It's a catch 22 situation and I need to make our Windows Xp workstations appropriately secure. Secure from rogue Helpdesk personnel as well as network admins. The HR guys are complaining that their 'offer' letters to prospective employees and some of the CVs that they recieve are finding their way into unwanted hands. I suspect both HR application vulnerability, for which I am undertaking some vulnerability analysis but I also need to protect the PCs that belong to Dept. of HR employees from rogue IT guys. Here are the basics of what I intend to do: 1. Advise all HR users to shutdown their PC before they leave for the day. 2. Change all Local Admin passwords so that even IT helpdesk/other doesn't know them. 3. Advise HR guys to assign passwords to their excel/word files. 3. Do not create shares off c drive giving 'everyone' access. But...because they are all connected to Windows 2003 domain, I still risk someone from domain admin group to be able to start C$/D$ share and browse into their c: drive, what should I do? Also, it's easy to crack open xls/doc passwords, what else can be done? Alternatively, Is there an auditing on PC that can be enabled to track/log incoming connections to C$ and pop up and alert whenever someone tries it out from a remote machine. Pls advise!!
Current thread:
- RE: Securing workstations from IT guys, (continued)
- RE: Securing workstations from IT guys Nick Vaernhoej (Nov 29)
- RE: Securing workstations from IT guys Craig Wright (Nov 29)
- Re: Securing workstations from IT guys Mark Owen (Nov 29)
- Re: Securing workstations from IT guys Patrick J Kobly (Nov 29)
- RE: Securing workstations from IT guys Vandenberg, Robert (Nov 28)
- Re: Securing workstations from IT guys Brad Bendily (Nov 27)
- RE: Securing workstations from IT guys Petter Bruland (Nov 27)
- RE: Securing workstations from IT guys Ramsdell, Scott (Nov 27)
- RE: Securing workstations from IT guys Craig Wright (Nov 28)
- Re: Securing workstations from IT guys cc (Nov 29)
- Re: Securing workstations from IT guys krymson (Nov 26)
- Re: Securing workstations from IT guys rohnskii (Nov 26)
- Re: RE: Securing workstations from IT guys kurt . kessler (Nov 27)
- RE: RE: Securing workstations from IT guys David Gillett (Nov 27)
- Re: Re: Securing workstations from IT guys bert . knabe (Nov 27)
- Re: Securing workstations from IT guys Bob (Nov 28)
- Re: Securing workstations from IT guys stuff (Nov 28)
- FW: Securing workstations from IT guys Nick Vaernhoej (Nov 28)
- Re: Securing workstations from IT guys Michael R. Martinez (Nov 28)
- Re: FW: Securing workstations from IT guys Jan Heisterkamp (Nov 29)
- RE: FW: Securing workstations from IT guys Worrell, Brian (Nov 29)