Re: Securing workstations from IT guys

[James Alcasid <james.alcasid () va gov>]

You may also want to consider an RMS solution or the HR department using
data encryption. 

I would think that their is also some policy in place for this sort of
thing? If your firm does not have an information security/assurance manager,
engineer or officer type then the time for such person has arrived.

Since it is the HR department that is being messed with it might be easier
to terminate the personnel involved given sufficient evidence.

--

James Alcasid | VTI
Department of Veterans Affairs
james.alcasid () va gov



> From: Nick Vaernhoej <nick.vaernhoej () capitalcardservices com>
> Date: Mon, 26 Nov 2007 10:31:46 -0600
> To: security-basics <security-basics () securityfocus com>
> Conversation: Securing workstations from IT guys
> Subject: RE: Securing workstations from IT guys
> Resent-From: <security-basics-return-46591 () securityfocus com>
> Resent-Date: Mon, 26 Nov 2007 08:45:21 -0700 (MST)
>
> Hello,
>
> Give them a share on a file server and set up some file access auditing.
> You find this in the same area as the NTFS permissions.
> http://support.microsoft.com/kb/310399
> Access will be tracked in the event viewer.
> With domain admins you can't do much to keep them out (unless money and
> staffing is of no concern), but you can audit their access to files.
>
> Here there are files being audited, Snare then forwards event entries to
> Kiwi which in turn emails staff on certain criteria. For example, an
> email alert goes out when a log entry contains X AND Y.
> X being the file/folder name and Y being a user or group in active
> directory. Simple but works.
>
> Nick Vaernhoej
> "Quidquid latine dictum sit, altum sonatur."
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of WALI
> Sent: Sunday, November 25, 2007 12:24 PM
> To: security-basics
> Subject: Securing workstations from IT guys
>
> It's a catch 22 situation and I need to make our Windows Xp workstations
>
> appropriately secure. Secure from rogue Helpdesk personnel as well as
> network admins.
> The HR guys are complaining that their 'offer' letters to prospective
> employees and some of the CVs that they recieve are finding their way
> into
> unwanted hands. I suspect both HR application vulnerability, for which I
> am
> undertaking some vulnerability analysis but I also need to protect the
> PCs
> that belong to Dept. of HR employees from rogue IT guys.
>
> Here are the basics of what I intend to do:
> 1. Advise all HR users to shutdown their PC before they leave for the
> day.
> 2. Change all Local Admin passwords so that even IT helpdesk/other
> doesn't
> know them.
> 3. Advise HR guys to assign passwords to their excel/word files.
> 3. Do not create shares off c drive giving 'everyone' access.
>
> But...because they are all connected to Windows 2003 domain, I still
> risk
> someone from domain admin group to be able to start C$/D$ share and
> browse
> into their c: drive, what should I do?
>
> Also, it's easy to crack open xls/doc passwords, what else can be done?
>
> Alternatively, Is there an auditing on PC that can be enabled to
> track/log
> incoming connections to C$ and pop up and alert whenever someone tries
> it
> out from a remote machine.
>
> Pls advise!!
>
>
>
> This electronic transmission is intended for the addressee (s) named above. It
> contains information that is privileged, confidential, or otherwise protected
> from use and disclosure. If you are not the intended recipient you are hereby
> notified that any review, disclosure, copy, or dissemination of this
> transmission or the taking of any action in reliance on its contents, or other
> use is strictly prohibited. If you have received this transmission in error,
> please notify the sender that this message was received in error and then
> delete this message.
> Thank you.