Blocking Yahoo Messenger With Firewall??

Discussion in 'Computer Security' started by NaCN, Nov 12, 2005.

  1. NaCN

    NaCN Guest

    Is there a way to block Yahoo Messenger with a firewall?? Rules?? If
    so, how??

    Thanks,
    NaCN
    NaCN, Nov 12, 2005
    #1
    1. Advertising

  2. NaCN

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    <>, NaCN wrote:

    >Is there a way to block Yahoo Messenger with a firewall??


    Yes

    >Rules??


    Yes

    >If so, how??


    Port and address blocking can make it more difficult with a firewall,
    but a better solution is to have written policy in place that allows
    removing computer privileges to malefactors. If the policies are
    violated further, then you remove the malefactors.

    Old guy
    Moe Trin, Nov 12, 2005
    #2
    1. Advertising

  3. NaCN

    winged Guest

    Moe Trin wrote:
    > In the Usenet newsgroup alt.computer.security, in article
    > <>, NaCN wrote:
    >
    >
    >>Is there a way to block Yahoo Messenger with a firewall??

    >
    >
    > Yes
    >
    >
    >>Rules??

    >
    >
    > Yes
    >
    >
    >>If so, how??

    >
    >
    > Port and address blocking can make it more difficult with a firewall,
    > but a better solution is to have written policy in place that allows
    > removing computer privileges to malefactors. If the policies are
    > violated further, then you remove the malefactors.
    >
    > Old guy

    Concur, Users are creative, they will just use a different chat tool, or
    possibly worse unless policy makes it clear and then enforced. Once you
    shoot a couple users the problem disappears.

    We had one user get creative and route a ssh connector through home
    broadband connection...."had" being the definitive word here.

    Winged
    winged, Nov 15, 2005
    #3
  4. NaCN

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    <dlbsif$>, winged wrote:

    >Concur, Users are creative, they will just use a different chat tool, or
    >possibly worse unless policy makes it clear and then enforced. Once you
    >shoot a couple users the problem disappears.


    A friend who admins at a nearby community college tells new users that
    the line of flag poles along the walkway to the Computer Center (short
    poles, normally used for banners) are there so they can impale the
    severed heads of "creative" users who violate policy. I point out that
    this is messy and probably a biohazard - the better way is to follow
    Iosif Stalin's example, and just make them disappear.

    >We had one user get creative and route a ssh connector through home
    >broadband connection...."had" being the definitive word here.


    I always have to laugh at people who post about doing this, because
    the ssh datastream is encrypted, and no one will be able to see what
    they are doing. They seem to forget that the very _presence_ of an
    encrypted data stream is like waving a huge flag with the legend "I'm a
    fool - make an example of me, please!!!". Sometimes, they get their wish.

    Old guy
    Moe Trin, Nov 15, 2005
    #4
  5. NaCN

    NaCN Guest

    Well, I was hoping to just do it with a firewall (hardware). We
    really don't have policies and I don't have the experience to draw
    them up.

    Places to look for a hardware solution would be appreciated.

    NaCN


    On Sat, 12 Nov 2005 13:38:19 -0600,
    (Moe Trin) wrote:

    >In the Usenet newsgroup alt.computer.security, in article
    ><>, NaCN wrote:
    >
    >>Is there a way to block Yahoo Messenger with a firewall??

    >
    >Yes
    >
    >>Rules??

    >
    >Yes
    >
    >>If so, how??

    >
    >Port and address blocking can make it more difficult with a firewall,
    >but a better solution is to have written policy in place that allows
    >removing computer privileges to malefactors. If the policies are
    >violated further, then you remove the malefactors.
    >
    > Old guy
    NaCN, Nov 18, 2005
    #5
  6. NaCN

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    <>, NaCN wrote:

    >Well, I was hoping to just do it with a firewall (hardware).


    google is your friend - search for 'blocking Yahoo+Messenger'. If you
    really have to go this route, rather than trying to block ports, block
    the address ranges assigned to Yahoo. 66.163.160.0/19, 66.94.224.0/19,
    and 216.155.192.0/20 would be a good start.

    >We really don't have policies and I don't have the experience to draw
    >them up.


    If this is NOT a family situation (you trying to keep your kid from using
    the service, or similar), you REALLY DO NEED TO have written policies.
    Depending on what country you are in, you could be in violation of laws
    at a country (federal) level, state (sub-division of a country), or
    if in Europe, supranational level stuff (such as EU regulations). If
    this is the case, consult a legal professional. REALLY. Policy really
    does make the solution trivial, unlike hardware solutions.

    If this is a family situation, you have far larger problems than a written
    policy or hardware firewall can solve.

    >Places to look for a hardware solution would be appreciated.


    If you mean a place to shop - obviously, that depends on where you are
    located. In the USA, even office supply stores like OfficeMax can sell you
    the cheap hardware routers suitable for a small installation (such as a
    home, or small office). Larger facilities - contact your network supplier
    such as Foundry, Cisco, 3Com, etc.

    If you mean more information about the solution, you could look at the
    Usenet newsgroup 'comp.security.firewalls' (the only other newsgroup that
    even vaguely looks on topic is 'alt.comp.networking.firewalls' and it only
    sees an occasional post, mainly from spammers).

    Old guy
    Moe Trin, Nov 19, 2005
    #6
  7. NaCN

    NâCN Guest

    Old Guy:
    Thanks for reply, and this is for a small company. We have a
    SonicWall , but looking around on there site all I could find was them
    wanting to sell a subscription service to go with the firewall. My
    opinion... what we paid for that I sould be able to do it with out
    futher costs.

    When I started there and after a few months I approached Mr. Big about
    setting up some policies and he responded... "We aren't that draconion
    here". I have never drawn up policies or even read a copy of a
    companies policies.

    I would like to stop the Messenger because of virus threats.

    I did a Goolge search long before coming here and was also in an
    online forum. This was sort of my last resort.

    Yes there are many hits on a Google search and I read the first 2 1/2
    pages of hits. They was no one with success or they want to sell you
    a client side software solution. Of course if you have read one of
    the hits you saw in your Google search that was productive I would
    appreciate the link. The closest I saw to a solution was blocking the
    login servers by name, but you have to monitor for Yahoo adding new
    server names to the list.

    Thanks again,
    NaCN



    On Sat, 19 Nov 2005 12:42:40 -0600,
    (Moe Trin) wrote:

    >In the Usenet newsgroup alt.computer.security, in article
    ><>, NaCN wrote:
    >
    >>Well, I was hoping to just do it with a firewall (hardware).

    >
    >google is your friend - search for 'blocking Yahoo+Messenger'. If you
    >really have to go this route, rather than trying to block ports, block
    >the address ranges assigned to Yahoo. 66.163.160.0/19, 66.94.224.0/19,
    >and 216.155.192.0/20 would be a good start.
    >
    >>We really don't have policies and I don't have the experience to draw
    >>them up.

    >
    >If this is NOT a family situation (you trying to keep your kid from using
    >the service, or similar), you REALLY DO NEED TO have written policies.
    >Depending on what country you are in, you could be in violation of laws
    >at a country (federal) level, state (sub-division of a country), or
    >if in Europe, supranational level stuff (such as EU regulations). If
    >this is the case, consult a legal professional. REALLY. Policy really
    >does make the solution trivial, unlike hardware solutions.
    >
    >If this is a family situation, you have far larger problems than a written
    >policy or hardware firewall can solve.
    >
    >>Places to look for a hardware solution would be appreciated.

    >
    >If you mean a place to shop - obviously, that depends on where you are
    >located. In the USA, even office supply stores like OfficeMax can sell you
    >the cheap hardware routers suitable for a small installation (such as a
    >home, or small office). Larger facilities - contact your network supplier
    >such as Foundry, Cisco, 3Com, etc.
    >
    >If you mean more information about the solution, you could look at the
    >Usenet newsgroup 'comp.security.firewalls' (the only other newsgroup that
    >even vaguely looks on topic is 'alt.comp.networking.firewalls' and it only
    >sees an occasional post, mainly from spammers).
    >
    > Old guy
    NâCN, Nov 20, 2005
    #7
  8. NaCN

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    <>, NâCN wrote:

    >Thanks for reply, and this is for a small company. We have a
    >SonicWall , but looking around on there site all I could find was them
    >wanting to sell a subscription service to go with the firewall. My
    >opinion... what we paid for that I sould be able to do it with out
    >futher costs.


    Blocking network address blocks should be child's play

    >When I started there and after a few months I approached Mr. Big about
    >setting up some policies and he responded... "We aren't that draconion
    >here". I have never drawn up policies or even read a copy of a
    >companies policies.


    You haven't mentioned what jurisdiction you are in - I'm in the USA, and
    there have been some rather costly law suites over company actions to
    employees. A disgruntled employee (or even ex-employee) can file a
    complaint with state or Federal authorities (such as the Department of
    Labor), and the cost to answer the query (never mind if this goes to
    trial) can be significant. The fed's and most states have substantial
    information on-line about how to avoid problems - it's not Draconian at
    all. Just because a company has a "company car" doesn't mean that it can
    be used for joy-riding, or going shopping downtown during lunch. The same
    is true of computers and computer networks.

    >I would like to stop the Messenger because of virus threats.


    This is where policy comes in. By restricting access except for work
    related stuff, by not giving users administrative access to the hardware
    and by explaining to the employees that malware doesn't magically appear
    on a computer as a result of the Virus Fairy waving a wand, you reduce
    the need of hardware filters.

    By the same token, blocking unneeded access to sites (using a proxy
    server can help here), you also reduce your exposure. Normally, a
    firewall is used to block access from outside. This isn't needed for
    everything - try connecting to any computer in your company on port 70
    and see what happens. (Port 70/tcp is 'gopher' an information service
    that predates the web - and virtually no one uses it any more.)

    [compton ~]$ telnet localhost 70
    Trying 127.0.0.1...
    telnet: Unable to connect to remote host: Connection refused
    [compton ~]$

    Thus, you don't need to specifically block port 70, as anyone attempting
    to connect from anywhere would get the same result. Does that mean you
    don't need a firewall? Don't be silly. Simple firewall setups are set
    BY DEFAULT to block all that is not allowed. This means you don't block
    port 70, or port 71, or 72, or... you block all, and then set rules to
    allow certain services or certain addresses. Basically, block all, then
    look in the logs and see what is being blocked - do you need to allow
    this or that? If so, add the most restrictive rule you can devise to
    allow it, and repeat. Yes, you need access to your ISP's DNS servers, and
    perhaps their mail servers, but do you need to knock a hole for the game
    server in Aruba?

    >The closest I saw to a solution was blocking the login servers by name,
    >but you have to monitor for Yahoo adding new server names to the list.


    Contradictions - blocking by name does no good if your bad user knows to
    use the IP address (or sticks an entry into the hosts file on his computer).
    Blocking by specific IP address does not good, because there are more than
    one - in fact there are currently something like 2.21e9 (2.21 billion) IP
    addresses in use on the Internet. You can't make a Yes/No decision on each
    one of those, you need to use blocks or addresses.

    First - get clearance from Mr. Big. You probably don't have the authority
    to commit the company to blocking. Explain why (and it's not just
    Messenger you need to block) you feel that blocking is a good solution.
    (It is, but it's only part of the solution. Policy is also needed.)

    Second, configure the firewall to block access to/from IP blocks - I
    mentioned 66.163.160.0/19, 66.94.224.0/19, and 216.155.192.0/20 as a
    start - then put connection logging in place, and see what else is
    going on. Investigate the addresses involved ON BOTH ENDS and take
    further actions.

    Old guy
    Moe Trin, Nov 21, 2005
    #8
  9. NaCN

    NâCN Guest

    On Mon, 21 Nov 2005 13:45:39 -0600,
    (Moe Trin) wrote:

    >In the Usenet newsgroup alt.computer.security, in article
    ><>, NâCN wrote:
    >
    >>Thanks for reply, and this is for a small company. We have a
    >>SonicWall , but looking around on there site all I could find was them
    >>wanting to sell a subscription service to go with the firewall. My
    >>opinion... what we paid for that I sould be able to do it with out
    >>futher costs.

    >
    >Blocking network address blocks should be child's play
    >
    >>When I started there and after a few months I approached Mr. Big about
    >>setting up some policies and he responded... "We aren't that draconion
    >>here". I have never drawn up policies or even read a copy of a
    >>companies policies.

    >
    >You haven't mentioned what jurisdiction you are in - I'm in the USA, and
    >there have been some rather costly law suites over company actions to
    >employees. A disgruntled employee (or even ex-employee) can file a
    >complaint with state or Federal authorities (such as the Department of
    >Labor), and the cost to answer the query (never mind if this goes to
    >trial) can be significant. The fed's and most states have substantial
    >information on-line about how to avoid problems - it's not Draconian at
    >all. Just because a company has a "company car" doesn't mean that it can
    >be used for joy-riding, or going shopping downtown during lunch. The same
    >is true of computers and computer networks.
    >
    >>I would like to stop the Messenger because of virus threats.

    >
    >This is where policy comes in. By restricting access except for work
    >related stuff, by not giving users administrative access to the hardware
    >and by explaining to the employees that malware doesn't magically appear
    >on a computer as a result of the Virus Fairy waving a wand, you reduce
    >the need of hardware filters.
    >
    >By the same token, blocking unneeded access to sites (using a proxy
    >server can help here), you also reduce your exposure. Normally, a
    >firewall is used to block access from outside. This isn't needed for
    >everything - try connecting to any computer in your company on port 70
    >and see what happens. (Port 70/tcp is 'gopher' an information service
    >that predates the web - and virtually no one uses it any more.)
    >
    >[compton ~]$ telnet localhost 70
    >Trying 127.0.0.1...
    >telnet: Unable to connect to remote host: Connection refused
    >[compton ~]$
    >
    >Thus, you don't need to specifically block port 70, as anyone attempting
    >to connect from anywhere would get the same result. Does that mean you
    >don't need a firewall? Don't be silly. Simple firewall setups are set
    >BY DEFAULT to block all that is not allowed. This means you don't block
    >port 70, or port 71, or 72, or... you block all, and then set rules to
    >allow certain services or certain addresses. Basically, block all, then
    >look in the logs and see what is being blocked - do you need to allow
    >this or that? If so, add the most restrictive rule you can devise to
    >allow it, and repeat. Yes, you need access to your ISP's DNS servers, and
    >perhaps their mail servers, but do you need to knock a hole for the game
    >server in Aruba?
    >
    >>The closest I saw to a solution was blocking the login servers by name,
    >>but you have to monitor for Yahoo adding new server names to the list.

    >
    >Contradictions - blocking by name does no good if your bad user knows to
    >use the IP address (or sticks an entry into the hosts file on his computer).
    >Blocking by specific IP address does not good, because there are more than
    >one - in fact there are currently something like 2.21e9 (2.21 billion) IP
    >addresses in use on the Internet. You can't make a Yes/No decision on each
    >one of those, you need to use blocks or addresses.
    >
    >First - get clearance from Mr. Big. You probably don't have the authority
    >to commit the company to blocking. Explain why (and it's not just
    >Messenger you need to block) you feel that blocking is a good solution.
    >(It is, but it's only part of the solution. Policy is also needed.)
    >
    >Second, configure the firewall to block access to/from IP blocks - I
    >mentioned 66.163.160.0/19, 66.94.224.0/19, and 216.155.192.0/20 as a
    >start - then put connection logging in place, and see what else is
    >going on. Investigate the addresses involved ON BOTH ENDS and take
    >further actions.
    >
    > Old guy

    Old Guy:
    Many thanks for thaking the time to give me so much infromation. I
    will put our exchanges on his desk for his attention.

    Could you maybe give me a goolge type search suggestion to look for
    info from the Feds and states for info on making policies, or any
    other type of good sources that come to mind.

    I am in Calofornia. We have about 75 computers online on the network,
    but only about 25 of them are users that would be using the Internet.
    The rest run scientific equipment, collect data and anylisis that
    data. I am a scientist, but have always been interested in computers
    as a hobby till I started working here. They hired me because of my
    computer knowledge along with my scientific experience. But it was my
    computer knowledge that seperated me fro the crowd. Then after awhile
    I was in charge of the network. I am getting mt certs now.

    Thanks agian... and google suggestions for policy ideas??

    NaCN
    NâCN, Nov 22, 2005
    #9
  10. NaCN

    Ken Ward Guest

    On Mon, 21 Nov 2005 20:27:56 -0800, NâCN <Nâ> wrote:

    >On Mon, 21 Nov 2005 13:45:39 -0600,
    >(Moe Trin) wrote:
    >
    >>In the Usenet newsgroup alt.computer.security, in article
    >><>, NâCN wrote:
    >>
    >>>Thanks for reply, and this is for a small company. We have a
    >>>SonicWall , but looking around on there site all I could find was them
    >>>wanting to sell a subscription service to go with the firewall. My
    >>>opinion... what we paid for that I sould be able to do it with out
    >>>futher costs.

    >>
    >>Blocking network address blocks should be child's play
    >>
    >>>When I started there and after a few months I approached Mr. Big about
    >>>setting up some policies and he responded... "We aren't that draconion
    >>>here". I have never drawn up policies or even read a copy of a
    >>>companies policies.

    >>
    >>You haven't mentioned what jurisdiction you are in - I'm in the USA, and
    >>there have been some rather costly law suites over company actions to
    >>employees. A disgruntled employee (or even ex-employee) can file a
    >>complaint with state or Federal authorities (such as the Department of
    >>Labor), and the cost to answer the query (never mind if this goes to
    >>trial) can be significant. The fed's and most states have substantial
    >>information on-line about how to avoid problems - it's not Draconian at
    >>all. Just because a company has a "company car" doesn't mean that it can
    >>be used for joy-riding, or going shopping downtown during lunch. The same
    >>is true of computers and computer networks.
    >>
    >>>I would like to stop the Messenger because of virus threats.

    >>
    >>This is where policy comes in. By restricting access except for work
    >>related stuff, by not giving users administrative access to the hardware
    >>and by explaining to the employees that malware doesn't magically appear
    >>on a computer as a result of the Virus Fairy waving a wand, you reduce
    >>the need of hardware filters.
    >>
    >>By the same token, blocking unneeded access to sites (using a proxy
    >>server can help here), you also reduce your exposure. Normally, a
    >>firewall is used to block access from outside. This isn't needed for
    >>everything - try connecting to any computer in your company on port 70
    >>and see what happens. (Port 70/tcp is 'gopher' an information service
    >>that predates the web - and virtually no one uses it any more.)
    >>
    >>[compton ~]$ telnet localhost 70
    >>Trying 127.0.0.1...
    >>telnet: Unable to connect to remote host: Connection refused
    >>[compton ~]$
    >>
    >>Thus, you don't need to specifically block port 70, as anyone attempting
    >>to connect from anywhere would get the same result. Does that mean you
    >>don't need a firewall? Don't be silly. Simple firewall setups are set
    >>BY DEFAULT to block all that is not allowed. This means you don't block
    >>port 70, or port 71, or 72, or... you block all, and then set rules to
    >>allow certain services or certain addresses. Basically, block all, then
    >>look in the logs and see what is being blocked - do you need to allow
    >>this or that? If so, add the most restrictive rule you can devise to
    >>allow it, and repeat. Yes, you need access to your ISP's DNS servers, and
    >>perhaps their mail servers, but do you need to knock a hole for the game
    >>server in Aruba?
    >>
    >>>The closest I saw to a solution was blocking the login servers by name,
    >>>but you have to monitor for Yahoo adding new server names to the list.

    >>
    >>Contradictions - blocking by name does no good if your bad user knows to
    >>use the IP address (or sticks an entry into the hosts file on his computer).
    >>Blocking by specific IP address does not good, because there are more than
    >>one - in fact there are currently something like 2.21e9 (2.21 billion) IP
    >>addresses in use on the Internet. You can't make a Yes/No decision on each
    >>one of those, you need to use blocks or addresses.
    >>
    >>First - get clearance from Mr. Big. You probably don't have the authority
    >>to commit the company to blocking. Explain why (and it's not just
    >>Messenger you need to block) you feel that blocking is a good solution.
    >>(It is, but it's only part of the solution. Policy is also needed.)
    >>
    >>Second, configure the firewall to block access to/from IP blocks - I
    >>mentioned 66.163.160.0/19, 66.94.224.0/19, and 216.155.192.0/20 as a
    >>start - then put connection logging in place, and see what else is
    >>going on. Investigate the addresses involved ON BOTH ENDS and take
    >>further actions.
    >>
    >> Old guy

    > Old Guy:
    > Many thanks for thaking the time to give me so much infromation. I
    >will put our exchanges on his desk for his attention.
    >
    >Could you maybe give me a goolge type search suggestion to look for
    >info from the Feds and states for info on making policies, or any
    >other type of good sources that come to mind.
    >
    >I am in Calofornia. We have about 75 computers online on the network,
    >but only about 25 of them are users that would be using the Internet.
    >The rest run scientific equipment, collect data and anylisis that
    >data. I am a scientist, but have always been interested in computers
    >as a hobby till I started working here. They hired me because of my
    >computer knowledge along with my scientific experience. But it was my
    >computer knowledge that seperated me fro the crowd. Then after awhile
    >I was in charge of the network. I am getting mt certs now.
    >
    >Thanks agian... and google suggestions for policy ideas??
    >
    >NaCN

    Go to www.sans.org & search there. There is a heading Sample Policies
    which will give you plenty to look at.
    Ken Ward, Nov 22, 2005
    #10
  11. NaCN

    Moe Trin Guest

    On Mon, 21 Nov 2005, in the Usenet newsgroup alt.computer.security, in article
    <>, NâCN wrote:

    >Could you maybe give me a goolge type search suggestion to look for
    >info from the Feds and states for info on making policies, or any
    >other type of good sources that come to mind.
    >
    >I am in Calofornia.


    Oh, Je****! California probably has more lawyers per capita than any
    state, and that means... Yeah, you REALLY want some policies in place.
    As for hints,

    Web Results 1 - 10 of about 15,400,000 for California labor relations.
    (0.41 seconds)

    California Department of Industrial Relations Home Page

    First hit. That will get you started. The University of California
    also has some good stuff - probably started as class materials.

    >We have about 75 computers online on the network, but only about 25 of
    >them are users that would be using the Internet.


    It's hard to make specifics - you (rightly) can't tell me about your
    network setup details any more than I can tell you mine (and I'm also
    under an NDA, such that you don't see me mentioning companies or
    products). We'll come back to those 25 in a moment. Can the users
    get Internet access from those 50? That is, do users have physical
    access, or even user accounts on them? Do those 50 need access to the
    Internet? I've got two process lines with about 40 systems on each, and
    they need to share some data with users on our main networks, but that's
    it. The lines are therefore set on a separate subnet, and the routers that
    connect them to the main networks don't allow the lines to send/receive
    packets from anywhere except the subnet where the authorized users are.
    Not only do the lines not have access to the Internet, they don't even
    have access to the rest of the company network, never mind unauthorized
    subnets locally.

    Now, as for your users on those 25, does the world (or even some part of
    it) need access to those 25? By this, I mean are they serving anything to
    the Internet. No? Firewall prevents incoming access. Yes? They _really_
    should be segregated onto a DMZ, so that you can protect the rest of the
    internal systems. What kind of access do your 25 need to the world? Are
    they grabbing data from some site in China, or Costa Rica, or Costa Mesa?
    As part of the business, do they need any access at all? What kind? How
    much traffic? How many bucks (which also means time) are you willing to
    throw at the problem? Policy (and user training) can often solve the
    problem at a lower total cost, and improve productivity. Filtering net
    access by IP address can be easiest. For example, do you need access to
    Asia/Pacific or Central/South America? If no, then 7 ranges blocked
    (58/7, 60/7, 124/6. 200/6, 210/7, 218/7 and 220/6) will block 95%. Need
    to block Europe? Six rules blocks a lot. HOWEVER those are just general
    concepts that may or may not do anything. Blocking port number outbound
    is another technique. Generally, you look in your logs to see what
    traffic exists, and then tailor rules based on that. Pain in the butt,
    which is why policy is usually a better choice.

    >They hired me because of my computer knowledge along with my scientific
    >experience. But it was my computer knowledge that seperated me fro the
    >crowd. Then after awhile I was in charge of the network.


    Oh, fun. Well, TCP/IP has been around for twenty plus years, and the base
    concepts haven't changed that much. Of course, what was acceptable from
    a security standpoint in 1985 would horrify a modern net-admin, but it's
    still building on the basic operation of computers by humans.

    >I am getting mt certs now.


    Certification may or may not be a good deal. If it's learning by rote
    some manufacturers training scheme (Cisco, Microsoft, Novell, what-ever),
    these tend to be next to useless. They present material needed to pass
    a test, but is may be irrelevant, misleading, or down-right wrong. I
    took a Novell class, where we were taught that the old thick Ethernet
    used RG-8 or RG-11 50 Ohm coax. This was wrong on two points - RG-11 is
    75 Ohm, and the Ethernet specifications require plenum rated cable (the
    jacket material prohibits those specific cables). The Microsoft classes
    had similar gaffes - a few that were even more blatant.

    >Thanks agian... and google suggestions for policy ideas??


    Hopefully, my response (and Ken Ward's suggestion of SANS) will point
    you in the right directions.

    Old guy
    Moe Trin, Nov 22, 2005
    #11
  12. NaCN

    NâCN Guest

    On Tue, 22 Nov 2005 13:57:16 -0600,
    (Moe Trin) wrote:

    >On Mon, 21 Nov 2005, in the Usenet newsgroup alt.computer.security, in article
    ><>, NâCN wrote:
    >
    >>Could you maybe give me a goolge type search suggestion to look for
    >>info from the Feds and states for info on making policies, or any
    >>other type of good sources that come to mind.
    >>
    >>I am in Calofornia.

    >
    >Oh, Je****! California probably has more lawyers per capita than any
    >state, and that means... Yeah, you REALLY want some policies in place.
    >As for hints,
    >
    > Web Results 1 - 10 of about 15,400,000 for California labor relations.
    > (0.41 seconds)
    >
    > California Department of Industrial Relations Home Page
    >
    >First hit. That will get you started. The University of California
    >also has some good stuff - probably started as class materials.
    >
    >>We have about 75 computers online on the network, but only about 25 of
    >>them are users that would be using the Internet.

    >
    >It's hard to make specifics - you (rightly) can't tell me about your
    >network setup details any more than I can tell you mine (and I'm also
    >under an NDA, such that you don't see me mentioning companies or
    >products). We'll come back to those 25 in a moment. Can the users
    >get Internet access from those 50? That is, do users have physical
    >access, or even user accounts on them? Do those 50 need access to the
    >Internet? I've got two process lines with about 40 systems on each, and
    >they need to share some data with users on our main networks, but that's
    >it. The lines are therefore set on a separate subnet, and the routers that
    >connect them to the main networks don't allow the lines to send/receive
    >packets from anywhere except the subnet where the authorized users are.
    >Not only do the lines not have access to the Internet, they don't even
    >have access to the rest of the company network, never mind unauthorized
    >subnets locally.
    >
    >Now, as for your users on those 25, does the world (or even some part of
    >it) need access to those 25? By this, I mean are they serving anything to
    >the Internet. No? Firewall prevents incoming access. Yes? They _really_
    >should be segregated onto a DMZ, so that you can protect the rest of the
    >internal systems. What kind of access do your 25 need to the world? Are
    >they grabbing data from some site in China, or Costa Rica, or Costa Mesa?
    >As part of the business, do they need any access at all? What kind? How
    >much traffic? How many bucks (which also means time) are you willing to
    >throw at the problem? Policy (and user training) can often solve the
    >problem at a lower total cost, and improve productivity. Filtering net
    >access by IP address can be easiest. For example, do you need access to
    >Asia/Pacific or Central/South America? If no, then 7 ranges blocked
    >(58/7, 60/7, 124/6. 200/6, 210/7, 218/7 and 220/6) will block 95%. Need
    >to block Europe? Six rules blocks a lot. HOWEVER those are just general
    >concepts that may or may not do anything. Blocking port number outbound
    >is another technique. Generally, you look in your logs to see what
    >traffic exists, and then tailor rules based on that. Pain in the butt,
    >which is why policy is usually a better choice.
    >
    >>They hired me because of my computer knowledge along with my scientific
    >>experience. But it was my computer knowledge that seperated me fro the
    >>crowd. Then after awhile I was in charge of the network.

    >
    >Oh, fun. Well, TCP/IP has been around for twenty plus years, and the base
    >concepts haven't changed that much. Of course, what was acceptable from
    >a security standpoint in 1985 would horrify a modern net-admin, but it's
    >still building on the basic operation of computers by humans.
    >
    >>I am getting mt certs now.

    >
    >Certification may or may not be a good deal. If it's learning by rote
    >some manufacturers training scheme (Cisco, Microsoft, Novell, what-ever),
    >these tend to be next to useless. They present material needed to pass
    >a test, but is may be irrelevant, misleading, or down-right wrong. I
    >took a Novell class, where we were taught that the old thick Ethernet
    >used RG-8 or RG-11 50 Ohm coax. This was wrong on two points - RG-11 is
    >75 Ohm, and the Ethernet specifications require plenum rated cable (the
    >jacket material prohibits those specific cables). The Microsoft classes
    >had similar gaffes - a few that were even more blatant.
    >
    >>Thanks agian... and google suggestions for policy ideas??

    >
    >Hopefully, my response (and Ken Ward's suggestion of SANS) will point
    >you in the right directions.
    >
    > Old guy

    Old Guy & Ken:
    Thanks for the input!!

    On the machines with the instumentation, I use the Sonicwall and block
    access to the Internet by MAC addresses, so someone can't just change
    the IP on the machine and get out.
    Most or I should say all know how critical our data is and use the
    Internet with the respect and knowledge that some bad things are out
    there. But they use Yahoo messenger to stay in contact with their
    spouses and boyfriends during the day. With the increased threat of
    stuff coming in on Messenger I would like to just remove it from the
    possible threat list. They, in their minds see it as a 'private link
    to the other' and don't use scrunity when using it. I guess more
    education on my part is in order, but my choice is to just remove it.
    It is not critical for bussiness.


    On the Certs... It is a way for me to get more information on the
    workings of the software, and the rules that apply on how it works.
    There by giving more information to be able to solve problems and have
    a set up that will prevent problems. Many tmes now when I have a
    situtation I have to jump on the Internet and Google to get stuff to
    read so I can understand how to resolve the issue. I feel that being
    exposed to information in the Cert process will provide me with more
    information inheriently and also help me in forming my seraches on
    Google.

    Thanks agian for the input and the time you have given me.

    Got some reading to do thanks to you guys!!

    NaCN
    NâCN, Nov 23, 2005
    #12
  13. NaCN

    Moe Trin Guest

    On Wed, 23 Nov 2005, in the Usenet newsgroup alt.computer.security, in article
    <>, NâCN wrote:

    >On the machines with the instumentation, I use the Sonicwall and block
    >access to the Internet by MAC addresses, so someone can't just change
    >the IP on the machine and get out.


    [compton ~]$ whatis ifconfig macchanger
    ifconfig (8) - configure a network interface
    macchanger (1) - macchanger - MAC Changer
    [compton ~]$

    >Most or I should say all know how critical our data is and use the
    >Internet with the respect and knowledge that some bad things are out
    >there.


    which is good, but

    >But they use Yahoo messenger to stay in contact with their spouses and
    >boyfriends during the day.


    I *really*, *really*, *REALLY* need to find a supplier of soft brick
    walls. Fast.

    >With the increased threat of stuff coming in on Messenger I would like
    >to just remove it from the possible threat list. They, in their minds see
    >it as a 'private link to the other' and don't use scrunity when using it.
    >I guess more education on my part is in order, but my choice is to just
    >remove it. It is not critical for bussiness.


    Just removing it _may_ cause problems - it was available, and now you are
    removing that perk. Grievance! Grievance! Mumble, grumble, mumble. Training
    or education may help, but you've got an uphill fight.

    >On the Certs... It is a way for me to get more information on the
    >workings of the software, and the rules that apply on how it works.


    I understand, and agree whole-heartedly. This stuff isn't simple (I started
    with ARPA Net almost 33 years ago, and am still learning), but the on-going
    training helps. My last 'Continuing Education' class on networking was
    last Spring, and the last seminar was in August. You never stop learning.

    >Many tmes now when I have a situtation I have to jump on the Internet and
    >Google to get stuff to read so I can understand how to resolve the issue.


    News Flash for you - I spent an hour and a half last night on google,
    researching a system configuration problem. That was the third time this
    week I was sitting there, trying to come up with the correct keywords to
    figure out what's going on _this_ time. ;-)

    >I feel that being exposed to information in the Cert process will provide
    >me with more information inheriently and also help me in forming my
    >seraches on Google.


    True.

    >Thanks agian for the input and the time you have given me.


    Hey, have a happy holiday, and hope you didn't eat to much!

    Old guy
    Moe Trin, Nov 24, 2005
    #13
  14. NaCN

    Winged Guest

    Moe Trin wrote:
    > On Wed, 23 Nov 2005, in the Usenet newsgroup alt.computer.security, in article
    > <>, NâCN wrote:
    >
    >
    >>On the machines with the instumentation, I use the Sonicwall and block
    >>access to the Internet by MAC addresses, so someone can't just change
    >>the IP on the machine and get out.

    >
    >
    > [compton ~]$ whatis ifconfig macchanger
    > ifconfig (8) - configure a network interface
    > macchanger (1) - macchanger - MAC Changer
    > [compton ~]$
    >
    >
    >>Most or I should say all know how critical our data is and use the
    >>Internet with the respect and knowledge that some bad things are out
    >>there.

    >
    >
    > which is good, but
    >
    >
    >>But they use Yahoo messenger to stay in contact with their spouses and
    >>boyfriends during the day.

    >
    >
    > I *really*, *really*, *REALLY* need to find a supplier of soft brick
    > walls. Fast.
    >
    >
    >>With the increased threat of stuff coming in on Messenger I would like
    >>to just remove it from the possible threat list. They, in their minds see
    >>it as a 'private link to the other' and don't use scrunity when using it.
    >>I guess more education on my part is in order, but my choice is to just
    >>remove it. It is not critical for bussiness.

    >
    >
    > Just removing it _may_ cause problems - it was available, and now you are
    > removing that perk. Grievance! Grievance! Mumble, grumble, mumble. Training
    > or education may help, but you've got an uphill fight.
    >
    >
    >>On the Certs... It is a way for me to get more information on the
    >>workings of the software, and the rules that apply on how it works.

    >
    >
    > I understand, and agree whole-heartedly. This stuff isn't simple (I started
    > with ARPA Net almost 33 years ago, and am still learning), but the on-going
    > training helps. My last 'Continuing Education' class on networking was
    > last Spring, and the last seminar was in August. You never stop learning.
    >
    >
    >>Many tmes now when I have a situtation I have to jump on the Internet and
    >>Google to get stuff to read so I can understand how to resolve the issue.

    >
    >
    > News Flash for you - I spent an hour and a half last night on google,
    > researching a system configuration problem. That was the third time this
    > week I was sitting there, trying to come up with the correct keywords to
    > figure out what's going on _this_ time. ;-)
    >
    >
    >>I feel that being exposed to information in the Cert process will provide
    >>me with more information inheriently and also help me in forming my
    >>seraches on Google.

    >
    >
    > True.
    >
    >
    >>Thanks agian for the input and the time you have given me.

    >
    >
    > Hey, have a happy holiday, and hope you didn't eat to much!
    >
    > Old guy

    Thinks if my users are happy, I am missing something.

    Winged
    Winged, Nov 28, 2005
    #14
  15. NaCN

    Jim Seavey Guest

    Please pardon my lateness on posting to this thread. Some of us don't
    have time to look at things like this daily...

    Moe Trin wrote:

    > In the Usenet newsgroup alt.computer.security, in article
    > <dlbsif$>, winged wrote:
    >
    > > Concur, Users are creative, they will just use a different chat
    > > tool, or possibly worse unless policy makes it clear and then
    > > enforced. Once you shoot a couple users the problem disappears.

    >
    > A friend who admins at a nearby community college tells new users that
    > the line of flag poles along the walkway to the Computer Center (short
    > poles, normally used for banners) are there so they can impale the
    > severed heads of "creative" users who violate policy. I point out that
    > this is messy and probably a biohazard - the better way is to follow
    > Iosif Stalin's example, and just make them disappear.
    >
    > > We had one user get creative and route a ssh connector through home
    > > broadband connection...."had" being the definitive word here.

    >
    > I always have to laugh at people who post about doing this, because
    > the ssh datastream is encrypted, and no one will be able to see what
    > they are doing. They seem to forget that the very presence of an
    > encrypted data stream is like waving a huge flag with the legend "I'm
    > a fool - make an example of me, please!!!". Sometimes, they get
    > their wish.
    >
    > Old guy


    Mr. Old Guy, Sir:

    I would like an opportunity to be employed by your company.

    But before I do this I would like to verify that the company does not
    prevent me from using ssh in its policies. Is this correct?

    If it is correct, the first thing I will do on my second week on of the
    job is run an ssh tunnel just so you can have me fired.

    When we go to court the following will be the line of question my
    attorney will take:

    My Attorney: Mr. Old Guy, Am I correct in stating that the reason you
    recommended that my client be fired is because he was running a program
    called ssh?

    Mr. Old Guy: Yes, BUT we know that people who run this program "forget
    that the very presence of an encrypted data stream is like waving a
    huge flag with the legend "I'm a fool - make an example of me,
    please!!!"

    My Attorney: Mr. Old Guy, please tell us what my client was doing that
    was in violation of company policies.

    Mr. Old Guy: Well, we don't know exactly what he was doing because it
    was an encrypted connection. But we know that the computer he connected
    to has an IP address that is registered to him. So he was in violation
    of company policy by accessing his own computer.

    My Attorney: Mr. Old Guy, please tell the court what my client was
    doing while he was connected to his computer that was in violation of
    company policy.

    Mr. Old Guy: He was connected to his computer using an encrypted data
    stream so we know he was trying to hide what he was doing.

    My Attorney: Mr. Old Guy, is it a violation of company policy to
    connect to other computers in the course of completing work for the
    company?

    Mr. Old Guy: Uh, no.

    My Attorney: Mr. Old Guy, ssh, is a program that encrypts data, so that
    no one can see what is being done, is that correct?

    Mr. Old Guy: Yes.

    My Attorney: So, you really have no idea what my client was doing with
    the ssh connection he had made to his computer at home do you?

    Mr. Old Guy: Uh, no, but...

    My Attorney: Mr. Old Guy, is it possible that my client was accessing
    data on his home computer that he had worked on the previous night and
    forgot to load onto his USB portable disk when he left for work this
    morning?

    Mr. Old Guy, Yes, but...

    My Attorney: So, it could be that my client was not in violation of
    company policy when using ssh to access his home computer because you
    really have no way of knowing what he was doing.

    Mr. Old Guy: Yes, but...

    My Attorney: Your honour, as the testimony given clearly demonstrates
    my client was dismissed as a direct result of the negligence of Mr. Old
    Guy. He had no grounds to recommend my client be dismissed. We ask at
    this time that you make a preliminary ruling in favour of the plaintiff
    and grant the damages asked for in our suit which are nothing more than
    the money my client would have earned had he been able to complete his
    intended 30 years of employment at "Thanks For the Retirement Gift Mr.
    Old Guy" in the amount of $30,000,000.

    Mr: Old Guy: But, but, but....

    Just between us and the fence post, I do not understand how any
    employer would be willing to take the risk of dismissing someone when
    they do not know exactly what the person is doing.

    Now, are you capturing keystrokes on every computer in the company? I
    am curious as to how you KNOW what an individual running ssh was doing
    that would allow you to state that he/she was in violation of company
    policy.

    Enquiring minds want to know....

    --
    Remove the .spam in my E-Mail address should you want to reply by
    E-Mail.

    NorSea Odyssey
    Around The World by BMW Motorcycle
    http://www.norseaodyssey.com
    "Yeah, I have a hair stylist. His name's helmet."
    "If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
    he does!"
    Jim Seavey, Nov 30, 2005
    #15
  16. NaCN

    Winged Guest

    Jim Seavey wrote:
    > Please pardon my lateness on posting to this thread. Some of us don't
    > have time to look at things like this daily...
    >
    > Moe Trin wrote:
    >
    >
    >>In the Usenet newsgroup alt.computer.security, in article
    >><dlbsif$>, winged wrote:
    >>
    >>
    >>>Concur, Users are creative, they will just use a different chat
    >>>tool, or possibly worse unless policy makes it clear and then
    >>>enforced. Once you shoot a couple users the problem disappears.

    >>
    >>A friend who admins at a nearby community college tells new users that
    >>the line of flag poles along the walkway to the Computer Center (short
    >>poles, normally used for banners) are there so they can impale the
    >>severed heads of "creative" users who violate policy. I point out that
    >>this is messy and probably a biohazard - the better way is to follow
    >>Iosif Stalin's example, and just make them disappear.
    >>
    >>
    >>>We had one user get creative and route a ssh connector through home
    >>>broadband connection...."had" being the definitive word here.

    >>
    >>I always have to laugh at people who post about doing this, because
    >>the ssh datastream is encrypted, and no one will be able to see what
    >>they are doing. They seem to forget that the very presence of an
    >>encrypted data stream is like waving a huge flag with the legend "I'm
    >>a fool - make an example of me, please!!!". Sometimes, they get
    >>their wish.
    >>
    >> Old guy

    >
    >
    > Mr. Old Guy, Sir:
    >
    > I would like an opportunity to be employed by your company.
    >
    > But before I do this I would like to verify that the company does not
    > prevent me from using ssh in its policies. Is this correct?
    >
    > If it is correct, the first thing I will do on my second week on of the
    > job is run an ssh tunnel just so you can have me fired.
    >
    > When we go to court the following will be the line of question my
    > attorney will take:
    >
    > My Attorney: Mr. Old Guy, Am I correct in stating that the reason you
    > recommended that my client be fired is because he was running a program
    > called ssh?
    >
    > Mr. Old Guy: Yes, BUT we know that people who run this program "forget
    > that the very presence of an encrypted data stream is like waving a
    > huge flag with the legend "I'm a fool - make an example of me,
    > please!!!"
    >
    > My Attorney: Mr. Old Guy, please tell us what my client was doing that
    > was in violation of company policies.
    >
    > Mr. Old Guy: Well, we don't know exactly what he was doing because it
    > was an encrypted connection. But we know that the computer he connected
    > to has an IP address that is registered to him. So he was in violation
    > of company policy by accessing his own computer.
    >
    > My Attorney: Mr. Old Guy, please tell the court what my client was
    > doing while he was connected to his computer that was in violation of
    > company policy.
    >
    > Mr. Old Guy: He was connected to his computer using an encrypted data
    > stream so we know he was trying to hide what he was doing.
    >
    > My Attorney: Mr. Old Guy, is it a violation of company policy to
    > connect to other computers in the course of completing work for the
    > company?
    >
    > Mr. Old Guy: Uh, no.
    >
    > My Attorney: Mr. Old Guy, ssh, is a program that encrypts data, so that
    > no one can see what is being done, is that correct?
    >
    > Mr. Old Guy: Yes.
    >
    > My Attorney: So, you really have no idea what my client was doing with
    > the ssh connection he had made to his computer at home do you?
    >
    > Mr. Old Guy: Uh, no, but...
    >
    > My Attorney: Mr. Old Guy, is it possible that my client was accessing
    > data on his home computer that he had worked on the previous night and
    > forgot to load onto his USB portable disk when he left for work this
    > morning?
    >
    > Mr. Old Guy, Yes, but...
    >
    > My Attorney: So, it could be that my client was not in violation of
    > company policy when using ssh to access his home computer because you
    > really have no way of knowing what he was doing.
    >
    > Mr. Old Guy: Yes, but...
    >
    > My Attorney: Your honour, as the testimony given clearly demonstrates
    > my client was dismissed as a direct result of the negligence of Mr. Old
    > Guy. He had no grounds to recommend my client be dismissed. We ask at
    > this time that you make a preliminary ruling in favour of the plaintiff
    > and grant the damages asked for in our suit which are nothing more than
    > the money my client would have earned had he been able to complete his
    > intended 30 years of employment at "Thanks For the Retirement Gift Mr.
    > Old Guy" in the amount of $30,000,000.
    >
    > Mr: Old Guy: But, but, but....
    >
    > Just between us and the fence post, I do not understand how any
    > employer would be willing to take the risk of dismissing someone when
    > they do not know exactly what the person is doing.
    >
    > Now, are you capturing keystrokes on every computer in the company? I
    > am curious as to how you KNOW what an individual running ssh was doing
    > that would allow you to state that he/she was in violation of company
    > policy.
    >
    > Enquiring minds want to know....
    >

    I don't know about old guys policies however I can validate this user
    would have had to break at least one policy provision. Our policies are
    a signed agreement with a statement of dismissal for willful violation.

    The employee would have to not only load software that was not
    authorized (violation) on their device and would have "had" to escalate
    perms (violation) on the local machine to install or run the software to
    make ssh connection. If a company allows employees to freely load
    software, they have no security, nor can IT keep the systems secure.

    Additionally the employee would have had to alias to different port
    numbers for SSH or hacked the network to make a connection. Either of
    these actions would also have been against policy and again something
    the employee signed an agreement not to do.

    Yes, we have fired people who tried using unauthorized tunnels, and they
    stayed fired in spite of legal protest with the employee picking up the
    tab for litigation.

    What our employees can do is clearly defined by signed policy. The
    policy clearly states the consequences of knowingly violating the policy
    in clear English.

    But we would not have you fired immediately. You see our policy that
    our employees sign also state the have no expectation of privacy for
    company or private files on their system and file space and that
    authorized personnel may monitor or inspect activities at anytime. We
    have tools at my disposal, that would monitor all aspects of your
    activity. Unless you physically disassembled computer (also
    prohibited), you would never know. We would monitor all of your
    activity, if you had been successful for possible criminal prosecution.
    We would know exactly what you were doing and even have screen shots
    and video of you at the terminal. We would have every keystroke
    recorded and full logs of your activity that occurred before we even
    escorted you out the door.

    Yes, we have sent people to jail for criminal activity, several who are
    still serving time (child porn).

    So beware, your attorney might be great, however our team of attorneys
    spent many hours writing our policy, the personnel office and our Union
    and employees have signed policy to be employed. Our policy is contract
    and witnessed.

    All assets on our network are company assets or alarm bells ring.

    If the security guy does his job thoroughly, the employee will hang and
    we will know very precisely what was occurring. People who we have
    fired, and there have been several have stayed fired and have lost all
    litigation attempts, some even went to jail.

    You would not be the first employee to underestimate our abilities.

    Regards,
    Winged
    Winged, Dec 1, 2005
    #16
  17. NaCN

    John Hyde Guest

    on 11/30/2005 11:05 AM Jim Seavey said the following:
    > Please pardon my lateness on posting to this thread. Some of us don't
    > have time to look at things like this daily...
    >
    > Moe Trin wrote:
    >
    >
    >>In the Usenet newsgroup alt.computer.security, in article
    >><dlbsif$>, winged wrote:
    >>
    >>
    >>>Concur, Users are creative, they will just use a different chat
    >>>tool, or possibly worse unless policy makes it clear and then
    >>>enforced. Once you shoot a couple users the problem disappears.

    >>
    >>A friend who admins at a nearby community college tells new users that
    >>the line of flag poles along the walkway to the Computer Center (short
    >>poles, normally used for banners) are there so they can impale the
    >>severed heads of "creative" users who violate policy. I point out that
    >>this is messy and probably a biohazard - the better way is to follow
    >>Iosif Stalin's example, and just make them disappear.
    >>
    >>
    >>>We had one user get creative and route a ssh connector through home
    >>>broadband connection...."had" being the definitive word here.

    >>
    >>I always have to laugh at people who post about doing this, because
    >>the ssh datastream is encrypted, and no one will be able to see what
    >>they are doing. They seem to forget that the very presence of an
    >>encrypted data stream is like waving a huge flag with the legend "I'm
    >>a fool - make an example of me, please!!!". Sometimes, they get
    >>their wish.
    >>
    >> Old guy

    >
    >
    > Mr. Old Guy, Sir:
    >
    > I would like an opportunity to be employed by your company.
    >
    > But before I do this I would like to verify that the company does not
    > prevent me from using ssh in its policies. Is this correct?


    This is a HUGE assumption. See the post by Winged. My guess is that
    *any* decently drafted policy will prohibit unauthorized programs of
    *any* kind.

    >
    > If it is correct, the first thing I will do on my second week on of the
    > job is run an ssh tunnel just so you can have me fired.
    >

    Non sequitor. If it is not prohibited, why would anyone fire someone.
    If there is no written policy then see below . . .

    > When we go to court the following will be the line of question my
    > attorney will take:
    >
    > My Attorney: Mr. Old Guy, Am I correct in stating that the reason you
    > recommended that my client be fired is because he was running a program
    > called ssh?


    Old Guy's Attorney: Objection your honor, Irrelevant. It is
    uncontroverted in this case that there is no written policy or
    employment contract. That being the case, the employee is at will and
    may be fired for any or no reason.

    Judge: Sustained

    > My Attorney: Mr. Old Guy, please tell us what my client was doing that
    > was in violation of company policies.
    >


    OG's Attorney: Objection, Irrelvant.

    Judge: Sustained. Counsel, unless you are able to offer some testimony
    that Employee is "at will" then this line of questioning is over.

    My Attorney: Thank you your honor.

    Judge: Anything else . . .?

    Objection>
    > My Attorney: Mr. Old Guy, please tell the court what my client was
    > doing while he was connected to his computer that was in violation of
    > company policy.
    >
    > Mr. Old Guy: He was connected to his computer using an encrypted data
    > stream so we know he was trying to hide what he was doing.
    >
    > My Attorney: Mr. Old Guy, is it a violation of company policy to
    > connect to other computers in the course of completing work for the
    > company?
    >
    > Mr. Old Guy: Uh, no.
    >
    > My Attorney: Mr. Old Guy, ssh, is a program that encrypts data, so that
    > no one can see what is being done, is that correct?
    >
    > Mr. Old Guy: Yes.
    >
    > My Attorney: So, you really have no idea what my client was doing with
    > the ssh connection he had made to his computer at home do you?
    >
    > Mr. Old Guy: Uh, no, but...
    >
    > My Attorney: Mr. Old Guy, is it possible that my client was accessing
    > data on his home computer that he had worked on the previous night and
    > forgot to load onto his USB portable disk when he left for work this
    > morning?
    >
    > Mr. Old Guy, Yes, but...
    >
    > My Attorney: So, it could be that my client was not in violation of
    > company policy when using ssh to access his home computer because you
    > really have no way of knowing what he was doing.
    >
    > Mr. Old Guy: Yes, but...
    >
    > My Attorney: Your honour, as the testimony given clearly demonstrates
    > my client was dismissed as a direct result of the negligence of Mr. Old
    > Guy. He had no grounds to recommend my client be dismissed. We ask at
    > this time that you make a preliminary ruling in favour of the plaintiff
    > and grant the damages asked for in our suit which are nothing more than
    > the money my client would have earned had he been able to complete his
    > intended 30 years of employment at "Thanks For the Retirement Gift Mr.
    > Old Guy" in the amount of $30,000,000.
    >
    > Mr: Old Guy: But, but, but....
    >
    > Just between us and the fence post, I do not understand how any
    > employer would be willing to take the risk of dismissing someone when
    > they do not know exactly what the person is doing.
    >
    > Now, are you capturing keystrokes on every computer in the company? I
    > am curious as to how you KNOW what an individual running ssh was doing
    > that would allow you to state that he/she was in violation of company
    > policy.
    >
    > Enquiring minds want to know....
    >
    John Hyde, Dec 1, 2005
    #17
  18. NaCN

    Moe Trin Guest

    On 30 Nov 2005 in the Usenet newsgroup alt.computer.security, in article
    <>, Jim Seavey wrote:

    >I would like an opportunity to be employed by your company.


    We're an R&D facility here, but my understanding of the company setup
    is the same. When you arrive at a company facility, and sign the
    visitor log, the receptionist also hands you are three page document
    to sign - basically an NDA and a short version of the company policies.
    After verifying your identity (two photo IDs required), she will sign it
    as a witness to your signature. That document goes into controlled
    storage - I think for seven years. The security cameras probably also
    caught you reading and signing the document, but I think they only
    keep the tapes for a short period. Oh, and each time you as a non-employee
    visit the facility, you go through the same procedure. Can't read? I
    know it's probably against the Americans With Disability act, but I rather
    doubt you'd be hired.

    >But before I do this I would like to verify that the company does not
    >prevent me from using ssh in its policies. Is this correct?


    You _did_ read the company policies that you were given as part of your
    employment offer - you will have to sign each (in front of two witnesses)
    to that effect. SSH is about the only way you can do some things, but
    non-company-business use of the computer is not one of them. If you
    really have to check your private e-mail to check your winnings with
    your bookie, there are several systems in employee break areas (not
    connected to our network) provided. They have no floppies, no CDs, and
    I don't believe they have tunneling software - did I mention you aren't
    allowed to install software on them? The user account you use has almost
    no permission/access.

    >If it is correct, the first thing I will do on my second week on of the
    >job is run an ssh tunnel just so you can have me fired.


    Yeah - a two week hole on your resume won't look bad. Remember we don't
    use windoze, and we don't give out the "root" (windoze = administrator)
    password. We also do not allow any non-company computers into the facilities
    so if you managed to get a tunnel, you've violated so many OTHER policies
    that the act of establishing the tunnel is going to be down a bit on the
    list of reasons you're history.

    >When we go to court


    Won't happen. No attorney will take your case, no matter how much you
    pay them. Repeat after me, "signed policies". You will have copies, and
    the attorney would need to see them. Failing to disclose their existence
    to your attorney would likely make him/her all frowny, especially if you
    actually made it to a pre-trial hearing. You may wish to google for the
    term "frivolous lawsuit" and see what happens to the attorney involved.
    You can fantasize all you want, but this gambit has been tried. Policies
    that you signed and the warning signs all over hell and gone preclude your
    legal action. Lest you think this company is unique, you could also go
    the extra mile and try this at a company in a controlled facility as
    defined under government (almost always military) contract. Then you may
    be staring at federal espionage charges in addition to mis-use of
    government resources. Great fun.

    >My Attorney: Mr. Old Guy, please tell us what my client was doing that
    >was in violation of company policies.


    I think the response from "Winged <>" addresses your
    misunderstanding. The current version of the company policies have been
    around for at least ten years. I actually doubt they explicitly
    prohibit SSH or VPN tunnels by name though they do list several services
    as examples, but you see - the needed software isn't on the computer, so
    the software fairy would have to come around to install it - and that
    gets recorded. If unauthorized software is discovered on your system,
    you'd better be wearing a survival suite with those ice skates. Did I
    mention... no I'm probably not allowed to... ;-)

    >Just between us and the fence post, I do not understand how any
    >employer would be willing to take the risk of dismissing someone when
    >they do not know exactly what the person is doing.


    Contact your attorney and ask.

    >Now, are you capturing keystrokes on every computer in the company?


    The software that is running on the company computers is the company's
    decision. Like I said, do read that policy that you signed, there are
    some important paragraphs in there in "common" English, not just legalese.

    >I am curious as to how you KNOW what an individual running ssh was doing
    >that would allow you to state that he/she was in violation of company
    >policy.


    Your .sig infers that you drive a motorcycle. If you've been doing so
    for any length of time, you are no doubt more aware of your surroundings
    on the road than the average car driver. The same concept is true of network
    administrators.

    Old guy
    Moe Trin, Dec 1, 2005
    #18
  19. NaCN

    Jim Seavey Guest

    So, what you are saying is that it is against your company policy to
    use ssh.

    You could have just said that and that is why I asked that before I
    wrote anything.

    I have never worked anywhere that did not allow ssh to be used.

    And, you never did respond about how you would know what someone was
    doing? In my example, I did not even suggest the use of a tunnel but
    that is what you chose to reply.And, my example was associated with
    company business, nothing else. My example was simply using ssh to
    access a remote computer to get access to data that was associated with
    work.

    So, please tell me how you would know what I was doing with ssh? How
    would you know if I was doing company business or something else?

    I did not see much of a response to this. I have never worked anywhere
    that prevented people from working on company business at home. Yes, we
    can go into proprietary issue but for the sake of this discussion lets
    just say that it is not an issue.

    As for my attorney, this case has already been won.Any good attorney
    can look at the document that is signed at the time of employment and
    view the grounds for dismissal and make a determination as to the
    validity of the grounds in relation to the agreement.

    Until you can tell me that you can determine what I was doing with ssh
    you have no way of knowing if I was violating one of the company
    policies or not, unless the use of the application itself is a
    violation - but if this were the case why would the company have it on
    the computer in the first place?

    So, I'm still waiting for a response to my question...

    Thanks,

    Jim

    Moe Trin wrote:

    > On 30 Nov 2005 in the Usenet newsgroup alt.computer.security, in
    > article <>, Jim Seavey wrote:
    >
    > > I would like an opportunity to be employed by your company.

    >
    > We're an R&D facility here, but my understanding of the company setup
    > is the same. When you arrive at a company facility, and sign the
    > visitor log, the receptionist also hands you are three page document
    > to sign - basically an NDA and a short version of the company
    > policies. After verifying your identity (two photo IDs required),
    > she will sign it as a witness to your signature. That document goes
    > into controlled storage - I think for seven years. The security
    > cameras probably also caught you reading and signing the document,
    > but I think they only keep the tapes for a short period. Oh, and
    > each time you as a non-employee visit the facility, you go through
    > the same procedure. Can't read? I know it's probably against the
    > Americans With Disability act, but I rather doubt you'd be hired.
    >
    > > But before I do this I would like to verify that the company does
    > > not prevent me from using ssh in its policies. Is this correct?

    >
    > You did read the company policies that you were given as part of your
    > employment offer - you will have to sign each (in front of two
    > witnesses) to that effect. SSH is about the only way you can do
    > some things, but non-company-business use of the computer is not one
    > of them. If you really have to check your private e-mail to check
    > your winnings with your bookie, there are several systems in employee
    > break areas (not connected to our network) provided. They have no
    > floppies, no CDs, and I don't believe they have tunneling software -
    > did I mention you aren't allowed to install software on them? The
    > user account you use has almost no permission/access.
    >
    > > If it is correct, the first thing I will do on my second week on of
    > > the job is run an ssh tunnel just so you can have me fired.

    >
    > Yeah - a two week hole on your resume won't look bad. Remember we
    > don't use windoze, and we don't give out the "root" (windoze =
    > administrator) password. We also do not allow any non-company
    > computers into the facilities so if you managed to get a tunnel,
    > you've violated so many OTHER policies that the act of establishing
    > the tunnel is going to be down a bit on the list of reasons you're
    > history.
    >
    > > When we go to court

    >
    > Won't happen. No attorney will take your case, no matter how much you
    > pay them. Repeat after me, "signed policies". You will have copies,
    > and the attorney would need to see them. Failing to disclose their
    > existence to your attorney would likely make him/her all frowny,
    > especially if you actually made it to a pre-trial hearing. You may
    > wish to google for the term "frivolous lawsuit" and see what happens
    > to the attorney involved. You can fantasize all you want, but this
    > gambit has been tried. Policies that you signed and the warning signs
    > all over hell and gone preclude your legal action. Lest you think
    > this company is unique, you could also go the extra mile and try this
    > at a company in a controlled facility as defined under government
    > (almost always military) contract. Then you may be staring at federal
    > espionage charges in addition to mis-use of government resources.
    > Great fun.
    >
    > > My Attorney: Mr. Old Guy, please tell us what my client was doing
    > > that was in violation of company policies.

    >
    > I think the response from "Winged <>" addresses
    > your misunderstanding. The current version of the company policies
    > have been around for at least ten years. I actually doubt they
    > explicitly prohibit SSH or VPN tunnels by name though they do list
    > several services as examples, but you see - the needed software isn't
    > on the computer, so the software fairy would have to come around to
    > install it - and that gets recorded. If unauthorized software is
    > discovered on your system, you'd better be wearing a survival suite
    > with those ice skates. Did I mention... no I'm probably not allowed
    > to... ;-)
    >
    > > Just between us and the fence post, I do not understand how any
    > > employer would be willing to take the risk of dismissing someone
    > > when they do not know exactly what the person is doing.

    >
    > Contact your attorney and ask.
    >
    > > Now, are you capturing keystrokes on every computer in the company?

    >
    > The software that is running on the company computers is the company's
    > decision. Like I said, do read that policy that you signed, there are
    > some important paragraphs in there in "common" English, not just
    > legalese.
    >
    > > I am curious as to how you KNOW what an individual running ssh was
    > > doing that would allow you to state that he/she was in violation of
    > > company policy.

    >
    > Your .sig infers that you drive a motorcycle. If you've been doing so
    > for any length of time, you are no doubt more aware of your
    > surroundings on the road than the average car driver. The same
    > concept is true of network administrators.
    >
    > Old guy




    --
    Remove the .spam in my E-Mail address should you want to reply by
    E-Mail.

    NorSea Odyssey
    Around The World by BMW Motorcycle
    http://www.norseaodyssey.com
    "Yeah, I have a hair stylist. His name's helmet."
    "If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
    he does!"
    Jim Seavey, Dec 2, 2005
    #19
  20. NaCN

    Moe Trin Guest

    On 2 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
    <>, Jim Seavey wrote:

    >So, what you are saying is that it is against your company policy to
    >use ssh.


    No

    >And, you never did respond about how you would know what someone was
    >doing? In my example, I did not even suggest the use of a tunnel but
    >that is what you chose to reply.


    Great - give an example. Include a brief description of the persons's
    job, what their normal contacts are, and why this _new_ use of SSH (or
    any other encrypted traffic) is needed.

    >So, please tell me how you would know what I was doing with ssh? How
    >would you know if I was doing company business or something else?


    Please tell me how you know that the driver of that parked car ahead
    is going to open the door without seeing you in the mirror.

    >I did not see much of a response to this. I have never worked anywhere
    >that prevented people from working on company business at home.


    Actually that is a very common requirement of government contracts. This
    is NOT relating to security, but paid hours and specifics relating to
    place of performance. There are also insurance and possibly tax issues.

    Working from home is one thing - and it may or may not be allowed by your
    company. Other SSH traffic may be controlled depending on why it might be
    needed. Talking to a vendor (or prospective vendor) site? That's one end
    of the spectrum - the other might be connecting to a proxy in a third
    country (How would that be know? Guess). It depends on what is "normal".

    >Yes, we can go into proprietary issue but for the sake of this discussion
    >lets just say that it is not an issue.


    At _this_ facility - remember, we're R&D - that killed it right there. I
    know there are similar restrictions at several of the other facilities
    within the company that I've worked at/with.

    >As for my attorney, this case has already been won.


    Glad to hear it.

    >Until you can tell me that you can determine what I was doing with ssh
    >you have no way of knowing if I was violating one of the company
    >policies or not, unless the use of the application itself is a
    >violation - but if this were the case why would the company have it on
    >the computer in the first place?


    There used to be a MS-DOS game that had a hot-key arrangement that suspended
    the game, and popped up a shot of a Lotus 123 spread sheet - and damned if
    Lotus hadn't wedged - none of the "normal" keys worked, and you had to
    reboot to get the computer running. If the "intruder" went away, there was
    a hot-key combination that restored the game. I imagine it fooled a few
    bosses, until the boss ragged on the IT guy to fix this constant crashing.
    (We'll ignore the idiot who was using it at a place that didn't have 123
    installed on that computer.)

    I won't say what would be going on here, but perhaps you shouldn't be
    waving that red flag trying to attract attention to the traffic from your
    computer. Remember, it belongs to the company, and is provided for company
    use, with company provided software. If that's different from where you
    work, well, good for you.

    Old guy
    Moe Trin, Dec 2, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Donald Oldag
    Replies:
    0
    Views:
    941
    Donald Oldag
    Mar 7, 2004
  2. Sseaott

    Yahoo Messenger/Yahoo Chat Rooms!

    Sseaott, Jun 15, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    5,304
    Sseaott
    Jun 15, 2004
  3. Bun Mui
    Replies:
    2
    Views:
    6,664
    WormWood
    Nov 10, 2004
  4. Jones

    MSN Messenger, Yahoo! Messenger and ....?

    Jones, Oct 22, 2003, in forum: Computer Information
    Replies:
    2
    Views:
    463
    Bobby
    Oct 24, 2003
  5. anthonyberet
    Replies:
    0
    Views:
    886
    anthonyberet
    Oct 8, 2006
Loading...

Share This Page