Security Basics mailing list archives

RE: Spy Software

From: "D. Weiss" <David () cawdgw net>
Date: Wed, 16 Apr 2003 21:25:41 -0700


Contractors working for the US Government have carefully worded acceptable
use clauses in their contracts or they must provide their own network. BBN
is very good about providing employees a BBN monitored network and enforcing
the Governments acceptable use clauses on the Governments boxes.

But don't think that BBN is being employee friendly. They are arse covering.
Better to have employee download bad things or talk about corporate
bookkeeping on the BBN network, where they simply have a single person
problem, rather than jeopardize their contract, which is a profit driven
thing.

Other companies ahve complex acceptable use company standards and then also
require following Government guidelines.

Basically, a Government contractor should not do anything on their boxes or
networks that they wouldn't want:

1. The customer to see
2. Their supervisor to see
3. Their wife, kids, friends, or parents to see
4. Their co-workers to see

I sit near and occasionally help CERT personnel look at SNORT logs. Because
of sheer volume, they don't hunt everything to end, but have their priority
list. But they LOOK at those logs and they read "interesting" communications
and pull up those JPG's and web-sites and whistle at pay or profit
discussions. It's their job.

The work place simply isn't a place to get anything more private the flight
reservations, a very occasional golf club on line, a or a quickie grocery
list. I've read my share of others mail, and had execs try to make
themselves exempt - some succeed... but then I don't necessarily have to
tell them they have Green Lantern on their box either, since I specifically,
in writing, do NOT manage their boxes.

-----Original Message-----
From: mobilejimbo [mailto:mobilejimbo () yahoo com]
Sent: Wednesday, April 16, 2003 9:07 AM
To: Mark Ng
Cc: security-basics () securityfocus com
Subject: Re: Spy Software


The use of logon banners informing users they are being monitored is a
common practice within the U.S. Govt and has been for some years now.  I'm
not certain how banners stand up against government contractors or the
civilian sector, but within the military, informing the users about
monitoring using logon banners and then prosecuting misuse of systems stands
up in a military court pretty well.  It takes away claims of ignorance with
respect to misuse.  If employees don't like having to consent to a
comprehensive logon banner, they can always earn their salaries somewhere
else.  Just my thoughts on the subject.

Regards

Jimbo

----- Original Message -----
From: "Mark Ng" <aliasklap () markng co uk>
To: "mobilejimbo" <mobilejimbo () yahoo com>
Cc: <security-basics () securityfocus com>
Sent: Wednesday, April 16, 2003 5:47 PM
Subject: Re: Spy Software

On Monday 14 April 2003 8:09 pm, mobilejimbo wrote:

Perhaps a logon banner informing the users that by using the systems,

they

consent to monitoring.
Then there would be no need for additional paperwork.


Perhaps, but has one of these logon banners ever been tested in court in

any

country ? - obviously, mileage may vary dependent upon your own countries
laws.  Could people say "It doesn't say you're allowed to do this to me in
the contract I have signed with you, so therefore you have to remove the
software" ?  Is there a lawyer in the house ???

It would certainly be safer to embed this into a contract or company

handbook,

and have this as a supplementary measure so that a user cannot deny that

he

is unaware of what his contract says.

Regards,


Mark Ng
Director,
Information Intelligence Ltd.




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------

Current thread:

RE: Spy Software, (continued)
- RE: Spy Software Michael Parker (Apr 12)
- RE: Spy Software Cirelli, Keith(LBS) (Apr 12)
  - RE: Spy Software David Moisan (Apr 14)
  - Re: Spy Software Jon Pastore (Apr 14)
- Re: Spy Software H Carvey (Apr 12)
  - Re: Spy Software Mark Ng (Apr 14)
    - Re: Spy Software Harlan Carvey (Apr 14)
    - Re: Spy Software mobilejimbo (Apr 15)
    - Re: Spy Software Mark Ng (Apr 16)
    - Re: Spy Software mobilejimbo (Apr 16)
    - RE: Spy Software D. Weiss (Apr 17)