RE: Remotely manage Zone Alarm

["Mike Peppard" <mpeppard () impole com>]

1)
Make your private network trusted in Zonealarm,
or disable Zonealarm for whatever reason.
Giving him/her access to the nice color printer is a
good enough reason maybe?
Add VNC http://www.realvnc.com/ or XP remote access.

This tells you what is happening, but it's your word
against theirs, unless you have a couple of people
watching.  Sounds boring to me.

2)
Change the gateway to a linux router and run a log of
activity.  Pretty conclusive evidence if you see
"bad things" in the logs.

3)
You could also just stick a camera in the office.  In
the USA and the UK you can invade an employees privacy
in whatever manner you wish while they are on or using
company property.  This would be easier to uphold in a
court as most judges wouldn't have a clue what to do
with a sniffer log.

4)
Secure your network so s/he can't do bad things...


> -----Original Message-----
> From: Halverson, Chris [mailto:chris.halverson () encana com]
> Sent: Thursday, September 04, 2003 12:58 PM
> To: 'Cesar Diaz'; security-basics () securityfocus com
> Subject: RE: Remotely manage Zone Alarm
>
>
> Short of getting on the machine and enabling remote management, and a
> password protection schema.  I am not sure...
>
> you might try protecting the resource from his username and if
> the password
> is being utilized, you know it is intentional.
>
> Chris
>
> -----Original Message-----
> From: Cesar Diaz [mailto:cesadiz () yahoo com]
> Sent: Thursday, September 04, 2003 7:36 AM
> To: security-basics () securityfocus com
> Subject: Remotely manage Zone Alarm
>
>
>
>
> We have a user that works remotely.  Since he works outside our
>
> firewall he has Zone Alarm Pro on his machine.
>
>
>
> This week he is in the office.  Our logs show he is trying to access
>
> things he shouldn't be and doing things he shouldn't be.  For internal
>
> political reasons HR wants some more proof that it's not accidental.  I
>
> can't access his c$ share to look at Zone Alarm logs or remotely access
>
> his event logs because of the Zone Alarm
>
>
>
> Is there a way to centrally manage Zone Alarm settings or is this user
>
> completely shielded while inside our network?
>
>
>
> Cesar
>
>
>
>
> ------------------------------------------------------------------
> ---------
> Attend Black Hat Briefings & Training Federal, September 29-30
> (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September
> 6.Visit us: www.blackhat.com
> ------------------------------------------------------------------
> ----------
>
> ------------------------------------------------------------------
> ---------
> Attend Black Hat Briefings & Training Federal, September 29-30
> (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends
> September 6.Visit us: www.blackhat.com
> ------------------------------------------------------------------
> ----------


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------