Opening a conversation with the user and his
supervisor need not be from the stand point of making
an accusation or suggesting suspicion. It should be a
simple matter of policy that the IT department manages
company owned machines. If the machine is not under
IT control and is not configured in a standard way
then you cannot verify that it complies with company
policies concerning the installation of antivirus
software, licensing of applications and may present a
security risk to the organizational network. He may
say, "Trust me it is secured." But then he is asking
you to trust every other user in the organization and
make him an exception to organizational policy; a bad
practice for anyone.
Another tactic would be to simply audit his access to
potentially sensitive data stored on servers. Boot a
LiveCD running Snort on a different system and log all
of his access to systems or IP addresses to which he
shouldn't have access. With these steps you are
establishing whether he is making inappropriate access
attempts. By breaking into his machine, you may only
establish that he has sensitive data for which he may
have authorization.
You're approaching the problem from the completely
wrong angle and it stinks of potentially illegal
activity on your own part.
--- Mifa <mifa@stangercorp.com> wrote:
Thanks for the info. Backups are not done on a
machine thats off our network. I can not access my
admin privilages becasue the machine is not on a
domain and is not simply locked with windows.
Further , the admin account is disabled/missing; to
be honest Im not shure how. I had hoped to do a
quick reboot from a floppy because its fast.
We suspect that we have someone who is sending
company job files to another company. If so this
would make the second person doing such. One of our
employes left this company to start another company
and he had friends. We dare not point out any one
without proof or fire anyone without knowing we the
correct person; especially when this person has been
with the company most of its existance. To get that
proof I think the hardware key logger would be a
good option to get the password ect then log in, but
not any good for the longer term. Also, we are
keeping a copy of all emails. The other option is
to disclose our suspecions and have him turn in the
computer the next time he comes into the office;
which we will do if we must. Being a small company
based on trust its the last option short of fireing
wich the owner will not do without proof. Now you
see the sensitive delima here. We do have every
right and policy, but....
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
