Jump to content

Deadpete

Members
  • Content Count

    9
  • Joined

  • Last visited

Profile Information

  • Location
    Czech Rep.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi folks, I appreciate all the good advice put forward here. I just want to recapitulate what my issue was from the beginning. I needed means to collect web access data for a particular user. Not keylogging, screen dumps, or that sort, as it's far too intrusive. Just record web access, mainly URLs. I could probably have set up a transparent proxy server, but that's using nukes for picking off a few pigeons. I have managed to collect sufficient evidence to present a good case, anyway. Particularly thanks to Tom, for reminding me about documenting everything. The fewer holes in th
  2. Thanks for your input peteyt. It's a balance what is practical, and what's desirable. I don't want to make my office to a second home, which it quickly would be, if I start to lock down user privileges to this particular group. Threat no. 1 for me is rogue USB drives. They can easily carry infection and expand it, circumvent access restrictions to shares, etc. It's also a snap stealing data with a USB drive. Threat no. 2 is web access to pages containing assorted threats. Stealing data just by uploading it to a web server is even more simple. And it bypasses all privileges. As I mentioned
  3. Thanks for your input itman. Been there, done that. As I stated previously, this bunch of people need an unrestrained environment to work efficiently. That does not imply total freedom, however. Access to shared resources is very restricted for this group. The problem here, is that one single user is violating company policy, by using company resources to access web sites (potential hazardous) that has got nothing to do with the work position. Also plugging in non approved USB drives with infected files is part of the problem. Restrict privileges to software installations probably will ju
  4. Hi Tom, In this case I don't agree with you. Every organization is different. If you are in a large organization, there are (hopefully) a bunch of formal instructions and directives how to handle cases like this. There are formal rules how to open a surveillance case, and how to handle the whole process. In my case, I'm appointed to take care of the day to day IT operations. Which includes "policing". If I would contact the management without, or with very scant evidence, I would probably be told to not bring slander. It could also end up that the person in question would be fired on
  5. Hi folks, This topic seems to have caught the interest of quite a few. I sincerely value the input from everybody. The problem has got many facets, both technical, and human. There are not many users in this work group, and I know everybody personally. In a small group, you must have a high level of trust, that everybody behaves responsibly. Many years ago, I tried being restrictive, blocking USB ports, keeping track of flash drives, logging web access, logging mail communications, etc. It was a small success with the office workers, where a certain amount of abuse was detected,
  6. Thanks for your input Tom. I am grateful about the reminder about documenting everything. I have informally told the person in question that I don't like the behavior, and that it poses a serious risk. The response seemed to be uninstalling some "incriminating" browser plugins (harmless by themselves), and access contents by other means. With this type of avoidance reaction, I'm afraid only solid proof (in the form of browser, and USB logs) can get the person to stop. If at all... Best regards, Peter
  7. Hi Marcos, Thanks for your input. In this case, it's not really what I'm after. It's not a large network, there are not a lot of users, and keeping an eye on network traffic does not need very advanced tools. At the moment, I am more in need of some tools to log what a particular user is up to. Best regards, Peter
  8. Hi folks, At our site, we have got a user with seriously risky behavior. The user has frequently been visiting web pages with infected contents, and the user has also been plugging in infected flash drives on a couple of occasions. Up till now, ESET has blocked dangerous content, but it's just a matter of time until something very unpleasant stuff gets through. Telling the person to stop doesn't seem to be very helpful. Monitoring users is a quite sensitive area, but the company policy is, that there are no rights to privacy when using company equipment, or other company resources. P
  9. Hi folks, Deadpete here... Have a nice day! Peter
×
×
  • Create New...