I guess I have to think more globally. I was basing my comments on U.S. case
law
See the following site
http://www.windowsecurity.com/articles/Being-Big-Brother-Monitoring-employees-network-activity.html
So as you said it does depend on your specific country's laws.
I disagree with you on one other point. I regularly do port scans of my client
PCs and my server and network equipment as well, it shows me when a rogue
web\ftp\telnet\smtp\.... server shows up.
As a network security administrator I take it as my responsibility to know the
purpose of every packet that goes across the wire. I cannot do that unless I
watch what's going on. With the abundance of spyware\viruses\trojans\etc that
infect our client PCs it becomes even more imperative that you watch ALL client
traffic.
My question to you would be this. What activities are you engaging in at work
that you would not want your network security people to be aware of. I
understand the uneasy feeling that you get when you feel like you are being
watched but understand that some of this is necessary.
I give the following advice to my users, if you are using company assets don't
do anything that you would not want your grandmother to watch you do..
-J
-----Original Message-----
From: Christian.Assfalg@bc.boehringer-ingelheim.com
[mailto:Christian.Assfalg@bc.boehringer-ingelheim.com]
Sent: Friday, July 28, 2006 4:32 AM
To: Weir, Jason; security-basics@securityfocus.com
Subject: AW: How to stop Admins from sniffing ?
Well, they don't.
At least not neccesarily. In Germany, for example, there are a number of laws
against monitoring of user activity. You can not simply read someones emails
for example, unless you have a specific reason for it, and the works council
agrees.
Similar things apply to auditing and monitoring and stuff like that. As soon as
user behaviour is concerned, the works council has to agree. I am no lawyer or
data privacy professional so I may be wrong, but that's what I think is the
situation in Germany, and soon-to-be in the whole European Union. I guess those
laws are not so strict in America, but I don't think you can simple watch
"everything" someone does.
I'd say it depends on the laws of the country you work in, and the agreements
you siged with your employer.
Personaly, I don't see why a security professional would want to do a portscan
on some client PC, or why someone would want to monitor every network package.
That should be quite a lot, so it is a lot of work. Haven't they got other
(better) things to do?
If Jeff would realy want to hide something, then well - that's his problem. But
I would not be very comfortable with this situation as well. We don't live in
the world of "1984", do we?
-----Ursprüngliche Nachricht-----
Von: Weir, Jason [mailto:jason.weir@nhrs.org]
Gesendet: Donnerstag, 27. Juli 2006 18:12
An: security-basics@securityfocus.com
Betreff: RE: How to stop Admins from sniffing ?
Jeff,
My first question would be why would you want to stop them.. Any
competent IT security professional will be and should be monitoring
anything and everything that goes across their wire. In my opinion that
is their job.
If you are trying to hide something that's a different story. If its
web traffic you can use an hppts connection to one of the many
anonymizer services out there. Ethereal would only show encrypted
packets to\from the anonymizer site and not reveal the actual site you
are going to. This would prevent network sniffing of web traffic only.
There are many other ways to see what's going on..
It sounds like you have a privacy issue but if you are using company
equipment and services you have no expectation of privacy and they have
every right to monitor everything you do
Jason Weir
Systems Administrator
New Hampshire Retirement System
-----Original Message-----
From: swap_tek@yahoo.co.uk [mailto:swap_tek@yahoo.co.uk]
Sent: Wednesday, July 26, 2006 1:14 AM
To: security-basics@securityfocus.com
Subject: How to stop Admins from sniffing ?
Hey List
I work in a small organisation and the system and network administrators
here are constantly monitoring all data in the network. I have seen them
running Etherreal on their systems and from their talks i am sure that
they know who is doing what. I m using windows XP and i have a personal
firewall installed which pop's up every few minutes saying that there is
a port scan attack going on. And when i looked up that IP address it
belongs to tbe system being used by the administrator. I have tried
talking to my bosses about this but not happened ( maybe the admins
convinced them that they are not doing anything like that or its
happening by bosses permisson). i know since they are in same network
as me its easy for them to sniff all traffic and everything.
What i want to know from you ppl is that is there is anyway way to stop
this ? is it possible for me to encrypt all traffic going out from my
system ?
I have never used a Anti-Sniffer but can they help ? any way out ?
Thanks in advance
Jeff
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
