Security Basics mailing list archives
RE: Spy Software
From: "D. Weiss" <David () cawdgw net>
Date: Wed, 16 Apr 2003 21:25:41 -0700
Contractors working for the US Government have carefully worded acceptable use clauses in their contracts or they must provide their own network. BBN is very good about providing employees a BBN monitored network and enforcing the Governments acceptable use clauses on the Governments boxes. But don't think that BBN is being employee friendly. They are arse covering. Better to have employee download bad things or talk about corporate bookkeeping on the BBN network, where they simply have a single person problem, rather than jeopardize their contract, which is a profit driven thing. Other companies ahve complex acceptable use company standards and then also require following Government guidelines. Basically, a Government contractor should not do anything on their boxes or networks that they wouldn't want: 1. The customer to see 2. Their supervisor to see 3. Their wife, kids, friends, or parents to see 4. Their co-workers to see I sit near and occasionally help CERT personnel look at SNORT logs. Because of sheer volume, they don't hunt everything to end, but have their priority list. But they LOOK at those logs and they read "interesting" communications and pull up those JPG's and web-sites and whistle at pay or profit discussions. It's their job. The work place simply isn't a place to get anything more private the flight reservations, a very occasional golf club on line, a or a quickie grocery list. I've read my share of others mail, and had execs try to make themselves exempt - some succeed... but then I don't necessarily have to tell them they have Green Lantern on their box either, since I specifically, in writing, do NOT manage their boxes. -----Original Message----- From: mobilejimbo [mailto:mobilejimbo () yahoo com] Sent: Wednesday, April 16, 2003 9:07 AM To: Mark Ng Cc: security-basics () securityfocus com Subject: Re: Spy Software The use of logon banners informing users they are being monitored is a common practice within the U.S. Govt and has been for some years now. I'm not certain how banners stand up against government contractors or the civilian sector, but within the military, informing the users about monitoring using logon banners and then prosecuting misuse of systems stands up in a military court pretty well. It takes away claims of ignorance with respect to misuse. If employees don't like having to consent to a comprehensive logon banner, they can always earn their salaries somewhere else. Just my thoughts on the subject. Regards Jimbo ----- Original Message ----- From: "Mark Ng" <aliasklap () markng co uk> To: "mobilejimbo" <mobilejimbo () yahoo com> Cc: <security-basics () securityfocus com> Sent: Wednesday, April 16, 2003 5:47 PM Subject: Re: Spy Software
On Monday 14 April 2003 8:09 pm, mobilejimbo wrote:Perhaps a logon banner informing the users that by using the systems,
they
consent to monitoring. Then there would be no need for additional paperwork.Perhaps, but has one of these logon banners ever been tested in court in
any
country ? - obviously, mileage may vary dependent upon your own countries laws. Could people say "It doesn't say you're allowed to do this to me in the contract I have signed with you, so therefore you have to remove the software" ? Is there a lawyer in the house ??? It would certainly be safer to embed this into a contract or company
handbook,
and have this as a supplementary measure so that a user cannot deny that
he
is unaware of what his contract says. Regards, Mark Ng Director, Information Intelligence Ltd.
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- RE: Spy Software, (continued)
- RE: Spy Software Michael Parker (Apr 12)
- RE: Spy Software Cirelli, Keith(LBS) (Apr 12)
- RE: Spy Software David Moisan (Apr 14)
- Re: Spy Software Jon Pastore (Apr 14)
- Re: Spy Software H Carvey (Apr 12)
- Re: Spy Software Mark Ng (Apr 14)
- Re: Spy Software Harlan Carvey (Apr 14)
- Re: Spy Software mobilejimbo (Apr 15)
- Re: Spy Software Mark Ng (Apr 16)
- Re: Spy Software mobilejimbo (Apr 16)
- RE: Spy Software D. Weiss (Apr 17)
- Re: Spy Software Mark Ng (Apr 14)