Security Basics mailing list archives
Re: How to stop Admins from sniffing ?
From: cc <cc () belfordhk com>
Date: Sat, 29 Jul 2006 09:22:30 +0800
Didn't you write?:
hi, there Skype connection is encrypted, so it can keep your chat message and call.
The question isn't whether you can encrypt traffic. Clearly, anyone can. The question is whether or not it will jeopardize the integrity and security of the network. Another question is why is there a necessity to use Skype? A couple of years ago, my co-workers had a 3rd party member install Skype on two company systems without informing me before hand. As the systems admin at the company, I considered that both a breach of conduct and a breach of security. In essence, I was livid. How did I know? I monitor the firewall system regularly and even at night and when I noticed at 1am that traffic was going in and out of the system, it raised an alarm. I blocked the ports. The next day, I uninstalled Skype on both systems and gave the two an earful. I then fired off an email to the director, cc'ing the others.
SMTPs, IMAPs and POP3s are encrypted email service, while https is encrypted web service. you can you them to prevent system administrators from monitoring you. But if you do that, you must take care for internet attack by yourself, like phishing, spam, exploit in email and etc.
Does the email server the OP uses support these protocols? If so, and the admins have approved, then he can use those. For other items, it's better to go to the sys admins and get a clarification from them. As for taking care of any possible 'internet attack', since he isn't a Sys admin, it isn't his job. Suggesting users to do this undermines the sys admin's ability to keep things in check. The bottom line is. The company owns the computer. It dictates the underlying policies what the users can or cannot use the computers for. Doing something that counteracts these policies may be considered a breach of conduct, security or integrity of information and might even be a reason for termination and/or financial reparations. Just my $0.02. But like all, I'm here to learn more so if someone can correct me if I'm wrong, I'd be much appreciated. Edmund --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- How to stop Admins from sniffing ? swap_tek (Jul 27)
- RE: How to stop Admins from sniffing ? Weir, Jason (Jul 27)
- RE: How to stop Admins from sniffing ? Chris Mavin (Jul 27)
- RE: How to stop Admins from sniffing ? Thomas D. (Jul 28)
- Re: How to stop Admins from sniffing ? James Harless (Jul 28)
- Re: How to stop Admins from sniffing ? Harrison Holland (Jul 28)
- RE: How to stop Admins from sniffing ? Chris Chandler (Jul 28)
- Re: How to stop Admins from sniffing ? Zach Giezen (Jul 28)
- Re: How to stop Admins from sniffing ? Alice Bryson <abryson () bytefocus com> (Jul 28)
- Re: How to stop Admins from sniffing ? cc (Jul 31)
- Re: How to stop Admins from sniffing ? Dereck Martin (Jul 28)
- Re: How to stop Admins from sniffing ? cc (Jul 28)
- Re: How to stop Admins from sniffing ? Ruben Alves (Jul 31)
- RE: How to stop Admins from sniffing ? Murda Mcloud (Jul 31)
- <Possible follow-ups>
- RE: How to stop Admins from sniffing ? Beauford, Jason (Jul 28)
- Re: RE: How to stop Admins from sniffing ? D (Jul 31)