RE: centrally monitored "keylogger"

[xyberpix <xyberpix () xyberpix com>]

Hi All,

Can we please stop this thread now, a simple question was asked, which I
stand corrected has still not been answered. This is not a question of
whether or not we agree with this, as some of our ethics differ, but
let's not get into an ethical war on this one, there is a time and place
for that.

Just my 2p's worth

xyberpix

On Thu, 2004-10-14 at 17:03, Andrew Shore wrote:
> I agree that as a sys admin ensuring that systems are secure should be a high priority.
>
> However, I feel that monitoring every key stoke goes beyond the pale.
>
> Just because we can, morally and ethically, should we. If staff were followed to the rest room or escorted out to the 
> car park every night there would be a justified outcry. Yet when every action they perform during their normal daily 
> job on a computer is scrutinised users don't appear to care, or is it that they don't know.
>
> Don't get me wrong, I'm not bleeding heart liberal but ask your MD one question; are you going to monitor him? Or the 
> other directors? I'll bet my house, car and cat on the answer.
>
> When there is reasonable grounds to monitor some one then fine do it but not until. I've seen this type of monitoring 
> turn to abuse. I'm not for 1 second suggestion that is your intent but I've been in this game 25 years and seen a lot 
> abuse of power.
>
> Try tapping someone phone line, see where that get you.  
>
> Anti virus and web content filters are one thing and should be encouraged. 
>
> Let me put one last question to you. Who monitors the monitors? What's to stop you logging my password to bank then 
> transferring money form my account? At that point what is the company's liability? (Legally and morally)
>
> It's a can of worms I wouldn't want to open.
>
> Just My 2cents and hey what do I know :) I'm just stirring the pot.
>
> -----Original Message-----
> From: Jantz, EJ [mailto:EJantz () bswintl com] 
> Sent: 14 October 2004 15:59
> To: Andrew Shore
> Subject: RE: centrally monitored "keylogger"
>
> Andy, while I am sensitive to the privacy concerns, I am in a position, as a sysadmin, of being somewhat responsible 
> to make sure that our employees don't steal the company blind. While I don't 'own' any of the company, I do get to 
> share when it losses business or has it stolen out from under it.
>
> We try very hard to trust our employees, they are mostly on the honor system. Occasionally, HR will get a request 
> from a manager or VP and trigger some intense scrutiny of a users' activity. Some times it's just the workstation 
> that's monitored, sometimes it's the activity across the domain. 
>
> It would be nice to have a handful of tools that do the job correctly and efficiently. Currently it takes resources 
> we need for routine production offline, and leaves the rest of us to take up the slack until the chore is done. (I 
> just love that when we are having a virus storm.)
>
> Email--The Privacy of a Postcard,
> The Half Life of Styrofoam.
>
> 'EJ' Jantz, IST Dept.
> BSW International
> One West Third St, Suite 800
> Tulsa, OK 74103-3520
> 918-582-8771
>  
> ejantz () bswintl com
> 918.295.4166
> 918.587.3594 FAX
>
> -----Original Message-----
> From: Andrew Shore [mailto:andrew.shore () holistecs com] 
> Sent: Wednesday, October 13, 2004 3:22 AM
> To: tito.basa; security-basics () securityfocus com
> Subject: RE: centrally monitored "keylogger"
>
> You know, some time we go too far.
>
> Just my 2 cents. 1984?
>
> Andy
>
> -----Original Message-----
> From: tito.basa [mailto:mochafrap () mix ph] 
> Sent: 11 October 2004 08:30
> To: security-basics () securityfocus com
> Subject: centrally monitored "keylogger"
>
> guys,
>
> I'm looking for a monitoring tool sort of a keylogger
> installed on every PC (but logs not just keystrokes
> but screenshots as in some advanced "keyloggers")
>
> deploying keyloggers on every PC is easy but
> monitoring them is not due to the volume of records
> we have to parse and keep. This is in conjunction with
> strong authentication we'll also implement.
>
> anybody here with experience in Verint Systems
> ULTRA solutions for contact centers?
>
> http://www.verintsystems.com/contact_center/
>
> this seems to be something I need although their
> agent still has to contact me for details.
>
> other similar suggestions/recommendtions are welcome
>
> thanks
>
> tito
>
>
> --- CONFIDENTIALITY NOTICE ---
> The information in this email may be privileged, confidential,
> proprietary and exempt from disclosure. This email is intended to be
> reviewed by only the individual or organization named above. If you are
> not the intended recipient or an authorized representative of the
> intended recipient, you are hereby notified that any review,
> dissemination or copying of this email and its attachments, if any, or
> the information contained herein is prohibited. If you have received
> this email in error, please immediately notify the sender by return
> email and delete this email from your system.
>
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.776 / Virus Database: 523 - Release Date: 10/12/2004
>  
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.776 / Virus Database: 523 - Release Date: 10/12/2004
>  
-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part