Security Basics mailing list archives
RE: Securing workstations from IT guys
From: "Vandenberg, Robert" <rv2954 () att com>
Date: Tue, 27 Nov 2007 09:18:25 -0800
Those are good points. I would recommend that you put in a keystroke logger program with the written approval of your upper management on the PCs in question and then download the logs each day. That way you are able to create a forensics "e-Trail" that can be used to confront/counsel/etc. them. I would also make sure that you look at your documenation and ensure that each IT person has signed a document stating that they will not use their abilities improperly. Combine those two and you have a means of pursuing them legally. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Lim Ming Wei Sent: Monday, November 26, 2007 7:14 PM To: 'WALI'; 'security-basics' Subject: RE: Securing workstations from IT guys Use encryption program to encrypt those files. Password function in the normal MS Word application does not help. If you have problem installing the program. You might want to consider saving the file in an alternative storage media such as a USB Thumb drive. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of WALI Sent: Monday, November 26, 2007 2:24 AM To: security-basics Subject: Securing workstations from IT guys It's a catch 22 situation and I need to make our Windows Xp workstations appropriately secure. Secure from rogue Helpdesk personnel as well as network admins. The HR guys are complaining that their 'offer' letters to prospective employees and some of the CVs that they recieve are finding their way into unwanted hands. I suspect both HR application vulnerability, for which I am undertaking some vulnerability analysis but I also need to protect the PCs that belong to Dept. of HR employees from rogue IT guys. Here are the basics of what I intend to do: 1. Advise all HR users to shutdown their PC before they leave for the day. 2. Change all Local Admin passwords so that even IT helpdesk/other doesn't know them. 3. Advise HR guys to assign passwords to their excel/word files. 3. Do not create shares off c drive giving 'everyone' access. But...because they are all connected to Windows 2003 domain, I still risk someone from domain admin group to be able to start C$/D$ share and browse into their c: drive, what should I do? Also, it's easy to crack open xls/doc passwords, what else can be done? Alternatively, Is there an auditing on PC that can be enabled to track/log incoming connections to C$ and pop up and alert whenever someone tries it out from a remote machine. Pls advise!!
Current thread:
- Re: Securing workstations from IT guys, (continued)
- Re: Securing workstations from IT guys Mark Owen (Nov 26)
- Re: Securing workstations from IT guys Kurt Buff (Nov 27)
- RE: Securing workstations from IT guys Lim Ming Wei (Nov 27)
- RE: Securing workstations from IT guys Depp, Dennis M. (Nov 27)
- Re: Securing workstations from IT guys Liam Jewell (Nov 27)
- Re: Securing workstations from IT guys Mark Owen (Nov 27)
- RE: Securing workstations from IT guys Erin Carroll (Nov 27)
- Re: Securing workstations from IT guys Christian Brenner (Nov 27)
- RE: Securing workstations from IT guys Holtz,Robert (Nov 27)
- RE: Securing workstations from IT guys Depp, Dennis M. (Nov 27)
- Re: Securing workstations from IT guys Micheal Espinola Jr (Nov 29)
- RE: Securing workstations from IT guys Nick Vaernhoej (Nov 28)
- Network protocol analyzers Malhoit, Lauren (Nov 28)
- Re: Network protocol analyzers Michael R. Martinez (Nov 28)
- RE: Network protocol analyzers Chris Boczko (Nov 28)
- Re: Network protocol analyzers crazy frog crazy frog (Nov 28)