Snort mailing list archives
Re: Legal Form Advice
From: Michael Boman <michael.boman () securecirt com>
Date: Sat, 26 Oct 2002 11:35:29 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 26 October 2002 06:45, Jacob Redding wrote:
I have a general question that I was hoping could be answered in this group. I have recently switched jobs from a consulting position to a permanent position as a systems analyst/administrator. As you can probably guess (from inclusion on this list) I use products such as Snort often (ethereal, tcpdump, ntop, etc. etc.). When I was working as a consultant I was legally convered by proxy of my employer. I no longer have said luxury. So my question is "How do I write (or copy) a legal document that will make it clear to my manager(s) what type of information I will be able to view and also protect me from firing or prosecution". This is a scenario that I am worried about. My immediate manager is very technically adept, she understands networks and there inherent insecurity. The manager above her does not however. If that person perceived my network analysis actions as "hacking" or "invasion of privacy" I could be fired for such reasons or even prosecuted (it is a possibility). Here are the facts, just so that this is clear. 1.) I do work for this company. 2.) My Immediate manager does understand what I am doing 3.) My title is Information Systems Analyst / System's Administrator 4.) I do have security clearance into the building (physical keycard) 5.) I am a trusted member of the faculty.(just looking to cover my butt a little more) 6.) I am not specifically looking for passwords, but I can see them (pop account, http web logins, ftp, etc. etc.)
So what you want is a 'Get Out Of Jail' card. Those are best written by real lawers, but if you want to roll out one of your own you need it to say something like: In the course of your work you are allowed to intercept and record network traffic for intrusion detection/policy violation purposes. In the course of this there will be a certain 'waste', ie it is very possible that you would intercept allowed/permitted traffic - including username and passwords of ligimite users. You want the signers (basicly top managment) to understand these issues and permit you to do this traffic recording and analysis. I also advice you NOT to run any kind of IDS etc if you are declined approval. Also check how your IDS monitoring clashes with HR deparment rules + laws in the country. But the best is to hire a lawer for a couple of hours to write the whole lot up so you are covered at all bases. Best regards Michael Boman - -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ug2Pds5fQJiraJwRAnxIAJ9rFfzC58hqnvqco1E7Rob8QLoVSwCdHrKa jMIvNF5/Sm6DXEazO/FYtHQ= =CQcZ -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Legal Form Advice Jacob Redding (Oct 25)
- Re: Legal Form Advice Michael Boman (Oct 25)