Security Basics mailing list archives

RE: Remotely manage Zone Alarm

From: "Zachary Mutrux" <zmutrux () compumentor org>
Date: Thu, 4 Sep 2003 11:12:22 -0700

There are legal implications when it comes to monitoring employees.
Especially if the computer (presumably a laptop) does not belong to the
company. You should consult with counsel before proceeding.
http://www.gigalaw.com/articles/2002/towns-2002-01.html

If the following are true:

- user is in your office
- you have physical access to the computer
- he leaves it unattended

Then it should be a simple matter to open the ports on Zone Alarm so you can
remotely access it over the network to perform whatever monitoring is
necessary.

You can record TCP/IP sessions originating from his computer and analyze
them to identify what he is doing.

You could also announce a new company policy regarding the use of personal
firewalls, under the guise of improving security. Tell everyone that you are
deploying a managed client firewall solution like the ones offered by
Symantec and McAfee. Use that as an excuse to remove ZoneAlarm from his PC.

Zac

-----Original Message-----
From: Cesar Diaz [mailto:cesadiz () yahoo com]
Sent: Thursday, September 04, 2003 6:36 AM
To: security-basics () securityfocus com
Subject: Remotely manage Zone Alarm




We have a user that works remotely.  Since he works outside our
firewall he has Zone Alarm Pro on his machine.   This week he is
in the office.  Our logs show he is trying to access  things he
shouldn't be and doing things he shouldn't be.  For internal
political reasons HR wants some more proof that it's not
accidental.  I  can't access his c$ share to look at Zone Alarm
logs or remotely access  his event logs because of the Zone Alarm
  Is there a way to centrally manage Zone Alarm settings or is
this user  completely shielded while inside our network?   Cesar
------------------------------------------------------------------
---------
Attend Black Hat Briefings & Training Federal, September 29-30
(Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends
September 6.Visit us: www.blackhat.com
------------------------------------------------------------------
----------



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Remotely manage Zone Alarm Cesar Diaz (Sep 04)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
  - Re: Remotely manage Zone Alarm Birl (Sep 05)
    - RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
    - Re: Remotely manage Zone Alarm gregh (Sep 08)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- <Possible follow-ups>
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
  - RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
  - Re: Remotely manage Zone Alarm Birl (Sep 05)

(Thread continues...)