Security Basics mailing list archives
RE: New workplace security measures. Are they usual?
From: <securityfocus () aldomedina com>
Date: Mon, 19 Jul 2010 22:16:55 -0500
I'm two levels below the CEO, so I'm not worried about my personal activities, but what if I discuss the recruitment or dismissal of some personal, the purchase of expensive equipment or other sensitive matters? Can a fake buy-recommendation come from my PC? Maybe I should reformulate the question to address how can we trust the informatics personal? (they're not specialized information security personal, just IT engineers who care for anything computer/electronic related) -----Mensaje original----- De: Todd Haverkos [mailto:infosec () haverkos com] Enviado el: lunes, 19 de julio de 2010 03:31 p.m. Para: securityfocus () aldomedina com CC: security-basics () securityfocus com Asunto: Re: New workplace security measures. Are they usual? <securityfocus () aldomedina com> writes:
In my new workplace, they recently implemented severe security measures: security guards, video cams in every hall, they changed all the BIOS and administrator passwords, protected the computers from case-opening,
limited
all the Windows accounts. I assume this is fine (I don't know the Mexican law about this). However, they also installed a VNC server in every computer, and I'm concerned because I believe they can fake any file, document or even email as if I had wrote them. They should also be able to see everyone of my
files
and communications, even the private ones. Am I alright? Is this usual in
a
work environment? Is this legal in US or in Mexico?
It's probably safest to assume that any communication on an employer-owned pc is NOT private. I don't see anything there that strikes me as unusual for a US workplace that has adequate security controls. The choice of VNC raises my eybrows a little from a technology selection standpoint, but some form of remote control is quite common to facilitate support. "Recently implemented" strikes my ear as a place that's either recently had an incident, audit, or security review whereby they had to get religion about security, or a new CISO or equivalent has been hired to tame the beast. Employees do have to trust that the information security folks and support folks with access to such tools on your workstation lack the time or inclination to go about forging emails as you. You only have any real worries if you are doing things on (or have files on) your work computer that you wouldn't want your boss and boss's boss to know about. Assume that everything you do can be monitored at any moment. I have no experience or knowledge of the situation in Mexico, but in the US -- and I'll be quick to make clear that I am not a lawyer -- I've read that there are limits what an employer can log/record/monitor[1], but as a general rule, the "they bought it, they own it, you work for them, they can monitor it" is the thought process. Details vary by state, and the employment agreement as well. [1] http://darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?arti cleID=224201355 -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- New workplace security measures. Are they usual? securityfocus (Jul 19)
- Re: New workplace security measures. Are they usual? Andy Colson (Jul 19)
- Re: New workplace security measures. Are they usual? Todd Haverkos (Jul 19)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- RE: New workplace security measures. Are they usual? Boyd, Chad (Jul 20)
- RE: New workplace security measures. Are they usual? securityfocus (Jul 20)
- RE: New workplace security measures. Are they usual? Erik Soosalu (Jul 20)
- Re: New workplace security measures. Are they usual? Todd Haverkos (Jul 20)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- Re: New workplace security measures. Are they usual? Marc-André Laverdière (Jul 21)
- <Possible follow-ups>
- Re: New workplace security measures. Are they usual? tim (Jul 19)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- Re: New workplace security measures. Are they usual? Todd Haverkos (Jul 21)
- RE: New workplace security measures. Are they usual? Murda (Jul 21)
- RE: New workplace security measures. Are they usual? Murda (Jul 20)
- Re: New workplace security measures. Are they usual? daniel . diaz (Jul 19)