RE: Re: chat logs

["Stephen Alford" <stephena () sbspros net>]

Hello again to all,
This thread has definitely run its course.  

Melissa, pleased don't confuse computer literacy with emotional involvement.
We all should try to filter the technology from the legal & moral issues in
a home-based scenario.  Again, a balance needs to be struck when assessing
the whole situation, but I'll always err on the side of being
over-protective vs. invasion of privacy rights (better safe than sorry).

Please let's put this chat to bed.

Best wishes,

Stephen Alford, MCT, MCSE+Security, CCNA, CCDA, ASE
Director, Partner Practices & Solutions, SBS Pros
Email: stephena () sbspros net 


-----Original Message-----
From: Melissa Fischer [mailto:Melissa.Fischer () NorthMemorial com] 
Sent: Tuesday, May 17, 2005 10:42 AM
To: david () clicksee net; ANTHONY.D.BUNDSCHUH () saic com; stephena () sbspros net;
security-basics () securityfocus com
Subject: RE: Re: chat logs

Anthony,  thank you for your response, obviously there are people monitoring
this log who are not as computer literate as I and yourself.

Not only is it allowed by law, it is done on a regular basis, I work in the
Health Care industry which is heavily controlled by regulations as to what
people can and cannot be viewing, and in my capacity of Database
Administrator, I have the security rights to view anything about anyone,
however, my employment responsibilities are different and I only view what
is necessary for me to do my job.  Employers not only can, they DO monitor
your computers and day to day activities, including limiting the email you
can and cannot "completely" delete.

Thanks for speaking up.

Melissa Fischer
Database Administrator
Data  and System Engineering
North Memorial Health Care
763/520-1533
melissa.fischer () northmemorial com

> > > "Bundschuh, Anthony D" <ANTHONY.D.BUNDSCHUH () saic com> 5/17/2005 10:41:42
AM >>>
Hate to burst your bubble, but your boss is perfectly able and allowed by
law to view your email and web browsing history. 

-----Original Message-----
From: David [mailto:david () clicksee net] 
Sent: Monday, May 16, 2005 8:22 PM
To: 'Stephen Alford'; 'Melissa Fischer'; security-basics () securityfocus com 
Subject: RE: Re: chat logs

I must disagree with this line from Ms. Fischer- 'if they are doing nothing
wrong, then there is nothing to hide and have "private".'

How would you respond if your boss wanted to read your email and monitor the
web sites you went to and read your IM's under the same philosophy?

I love my wife and she loves me and we trust each other greatly and yet she
still doesn't want to poop if I'm in the bathroom even though there is
nothing 'wrong' going on. :) i.e. even children deserve some privacy.

Choosing their friends and having relationships with those friends is part
of growing up and learning to socialize and keeping total control over that
will stagnate that process. Balance is the key word here I think and
monitoring communications considered private is going to far just as having
a child carry an electronic listening device would be going too far. 

I agree with Mihai's sentiment. How about the parents explain to the kids
what the security situation is and go through the emails and chat logs
together? Maybe even show the kids how to run searches using scripts and
teach them some computer stuff?

An interesting dilemma as to how far to go with things. I think it's a bit
different with K-12 kids though. With a kindergartener, yeah, the parents
should probably just go ahead and search through their files unasked. With a
12 year old that could really touch off a fire-storm.
"Dad, how could you just totally violate my privacy like that?" 


-----Original Message-----
From: Stephen Alford [mailto:stephena () sbspros net] 
Sent: Saturday, May 14, 2005 3:05 AM
To: 'Melissa Fischer'; security-basics () securityfocus com 
Subject: RE: Re: chat logs

Melissa, Mihai, et al,
I can see both sides, as a father of 3 teens and a sec pro.  We all went
thru our trials and tribulations as teens and I loved and related well with
my parents.  However, I certainly had moments I preferred keeping between me
and my peers.  I know there were experiences, real & virtual, that I didn't
consider WRONG but still kept from my parents.  Looking back on this with
perspective, I can understand my kids need for privacy, and I also
understand my parental need to ensure they are protected from inadvertently
choosing BAD options.  It is one of our greatest challenges to balance these
needs appropriately.

Thus, like any seasoned sec pro, make sure you assess the whole situation
before applying your solution (and you DON'T NEED TO BE A PARENT TO FOLLOW
THIS).

My 2c worth.

Stephen Alford, MCT, MCSE+Security, CCNA, CCDA, ASE Director, Partner
Practices & Solutions, SBS Pros
Email: stephena () sbspros net 


-----Original Message-----
From: Melissa Fischer [mailto:Melissa.Fischer () NorthMemorial com] 
Sent: Friday, May 13, 2005 8:50 AM
To: security-basics () securityfocus com 
Subject: Fwd: Re: chat logs

FYI

Melissa Fischer
Database Administrator
Data  and System Engineering
North Memorial Health Care
763/520-1533
melissa.fischer () northmemorial com 

> > > Melissa Fischer 5/13/2005 10:49:39 AM >>>
I understand your concern, apparently you must not be a parent.
I have raised 3 sons, 24, 20 and now an 8 year old.  Teenagers talk to EACH
OTHER, not to their parents.
Our parents HAVE personally talked to their children, looking at files on
their computers is not taking away their privacy, if they are doing nothing
wrong, then there is nothing to hide and have "private".



Melissa Fischer
Database Administrator
Data  and System Engineering
North Memorial Health Care
763/520-1533
melissa.fischer () northmemorial com 

> > > Mihai Amarandei <mihai () xmcopartners com> 5/13/2005 9:45:28 AM >>>
I'm glad too se everyone helping out to find the logs and giving advice on
how to search those teen-agers web history.
Just me(and this has nothing to do with security), but wouldn't it be better
that each parent asked directly its children about such incidents

instead of searching and digining through their logs and web history?
I for one wouldn't like it that my parents knew all my browsing and chatting
habbits, and I think this is the case for most of today's persons. Teens are
as ,uch entitled to their privacy "apriori" as anyone

else in my opinion.
I know all I've said has not much to do with security (actually it has to do
with privacy), but neither is searching for logs.
I'm not trying to undermine the importance of the threat and the gravity

of the situation, I just don't think such an intrusion of privacy would be a
good answer.


Mihai
Blog: http://secinternship.blogspot.com 

Melissa Fischer wrote:

> Our community, Waconia, Minnesota has recently been the victims of
> threats against our children and schools.
> http://www.startribune.com/stories/462/5399090.html 
>
> The Emergency Response Task Force assigned to our case asked parents to
> go home and check their kids computers for any chats or emails with
> information.
>
> We are trying to find a document explaining where and what to look at
> to find any information.  We would like to post this on our school main
> page www.waconia.k12.mn.us for a resource for parents to use on how to
> find any information.  Can you tell me where to find this information?
>
> Thank you in advance,
>
>
>
> Melissa Fischer
> Database Administrator
> Data  and System Engineering
> North Memorial Health Care
> 763/520-1533
> melissa.fischer () northmemorial com 
>
>  


-- 
Mihai Amarandei-Stavila - Xmco Partners
Consultant Sécurité / Test d'intrusion

tel  : 33 1 47 34 68 61
web  : http://www.xmcopartners.com 
Villa Gabrielle 75015 PARIS