Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Spying in a corporate environment

from [Mario DeBono] Network Security [Permanent Link]
Subject: RE: Spying in a corporate environment
Date: Thu, 22 Nov 2007 11:16:25 +0100 
If you have a 2003 domain enforce group policies and restrict access to
certain windows components. I presume even if a user has admin rights on a
pc, he should not be able to over right the group policies, if he is not so
keen to remove the policies from the pc himself.
The best practice is to download by scripts the pc setup every often,
download logs, take snapshots of the cookies directory and "program files"
and if u can copy the ntuser.dat as it has all activity of the user on the
pc and monitor by scripts the "Temp Internet directory", you will be
surprised what you find there.
If you can, do enforce proxies as these have all internet activity logged in
them and it makes it easier to track those "idiots" that makes you the day a
problem at work. I use some of the above and others and I found naughty
users with them. Automate the process, that is important.
Then you can go for more elaborate things, but that is up to yourself, that
even if a user is an admin, you can trace him. If you know how and have the
right tools and TIME you can trace all user activity no matter what.

----------------------------------------------------------------------------
----
The information in this e-mail, and any of its attachments, are strictly
private 
and confidential and intended solely for the person or organisation to whom
it 
is addressed. If you are not the named addressee or if this transmission has

reached you in error, you must not copy, distribute,or make any use of it 
in any manner whatsoever.  If you have received this e-mail in error, 
please notify the sender immediately and then delete this e-mail.
 
All Email(s) sent from this account are virus scanned.
----------------------------------------------------------------------------
----
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Ansgar -59cobalt- Wiechers
Sent: 21 November 2007 18:00
To: security-basics@securityfocus.com
Subject: Re: Spying in a corporate environment

On 2007-11-20 Col wrote:

On Nov 20, 2007 11:25 PM, Murda Mcloud <murdamcloud@bigpond.com> wrote:

You could always set exceptions to the spy software in your AV
solution.


the thing that bothered me with this, a lot of users have admin
rights, so they could run another program we don't have control over.


As long as they have admin rights you don't have control, no matter what
you try.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: managment application for switches/SNMP, Jeffrey Rivero
Next by Date:  Re: managment application for switches/SNMP, Kurt Buff
Previous by Thread:  Re: Spying in a corporate environment, Ansgar -59cobalt- Wiechers
Next by Thread:  Re: Spying in a corporate environment, Ansgar -59cobalt- Wiechers
Indexes:  [Date] [Thread] [Top] [All Lists]