Surfing at Work

Discussion in 'Computer Security' started by HB2, Sep 28, 2004.

  1. Ouch... that's bad, very bad. We used to update our clients (McAfee)
    when running the login script (so the window would be 1 day at the
    worst), but by now we use ePolicy Orchestrator, which cuts down the
    window to about 1 hour :)
    Unfortunately, users soon discover that you can stick executables into
    word documents, and we can't block those :-(

    Juergen Nieveler
     
    Juergen Nieveler, Oct 17, 2004
    #41
    1. Advertisements

  2. HB2

    Leythos Guest

    And my point was, that it's just as easy to determine that you, or
    anyone else is doing it, if the security admin/person cares.
     
    Leythos, Oct 17, 2004
    #42
    1. Advertisements

  3. HB2

    Leythos Guest

    But as soon as it goes into memory, or as soon as it hits the temp
    storage space, a quality av scanner will catch it. I know that Symantec
    Corporate edition will catch scripts/trojans/viruses through SSL web
    connections.
     
    Leythos, Oct 17, 2004
    #43
  4. HB2

    Leythos Guest

    Symantec Corporate edition, running on any server, polls Symantec in
    real time for updates, can set the frequency to your desired time frame,
    then pushed them from your server to the desktops as soon as they are on
    your server. About as close to real-time and without effort as you can
    get.
     
    Leythos, Oct 17, 2004
    #44
  5. HB2

    Ant Guest

    ...
    I fail to see any benefit to an employee in not been given a reason.
    Suppose a new manager came in and fired someone because he didn't like
    the colour of their skin? Without a reason, the employee has no
    redress for discrimination.

    [snip]
    What's that if it's not relaxation while at work?
    Of course not.

    [...]
    They don't, but I was commenting on your apparent position of the
    company owing you nothing. It's a two-way thing. Both sides have their
    responsibilities towards each other.
     
    Ant, Oct 17, 2004
    #45
  6. HB2

    Ant Guest

    Heh! :)
     
    Ant, Oct 17, 2004
    #46
  7. HB2

    Leythos Guest

    That's the very reason that some idiot created the laws that let you
    fire people without reason in some states. I personally think that you
    should have to have a reason, backed with documentation, to fire
    someone.
    During your break, walking outside does not impact the resources that
    other workers use. Stretching, walking outside, etc... has nothing to do
    with utilization of company resources for purposes that violate company
    policy.
    I understand your position, but in the UK you also get 30 days holiday
    if I remember what some of my friends said. I, on the other hand, have
    not had 30 days off in the last 10 years. Some of that is my own fault,
    I started an IT company about two years ago after resigning my position
    as a director of another IT company. Even then, I was on the road or
    working 12+ hour days, for 50+ weeks a year.

    Don't get me wrong, I was also a UAW member, a Teamster, and a Union
    Steward too. I have worked as an hourly most of my life, and see both
    sides. The idea that the company owes me anything more than what's in my
    contract, benefits, and wages, and a safe place to work, is just wishful
    thinking. While it would be nice if they owed me 2 hours per 8 hour day
    to relax, a nice Cuban cigar at lunch, and all the tea I can drink for
    free, it's not something I'm going to expect out of them. The same goes
    for their resources, just because they have resources doesn't mean I'm
    entitled to use them in any capacity other than as directed.

    The last company I worked for, as a Director, provided free Beer and
    drinks after 4:00 PM most days of the week, but I don't expect to see
    that many places :) And no, I don't offer that to my team either.
     
    Leythos, Oct 18, 2004
    #47
  8. HB2

    nemo outis Guest


    In a nutshell, you're wrong - it isn't easy for the sysadmins. If
    it were, the problems would have disappeared years ago. And they
    haven't!

    You are left hand-waving while trying to explain away why the
    problems continue to happen - even growing in frequency and
    severity! I suppose, if it amuses you, you can argue that the
    breaches occur from lethargy, inattention, and indifference
    rather than incompetence or incapability - the fact remains that,
    in company after company, year after year, it is regularly
    possible to penetrate or compromise the system undetected,
    despite sysadmins' vociferous claims that it is next to
    impossible to do and impossible to get away with. And this is in
    systems with all the firewalls, sniffers, scanners, loggers,
    intrusion detection, and other bells and whistles.

    There are always gaps; there are always undocumented interfaces,
    there are always strange interactions, there are always
    exploitable holes. And, as companies install ever more and more
    and newer and different bits and pieces, and as the complexity of
    the system grows beyond anyone's comprehension, the number of
    ways through, under, behind or around increases factorially. I
    love the fancy systems - they're the easiest.

    Regards,
     
    nemo outis, Oct 18, 2004
    #48
  9. HB2

    Leythos Guest

    Nope, I'm right. The problem is not that it's hard to detect, since it's
    not, it's that there are more an more people in positions they should
    not be in. Many people that are in positions of Network Administrators
    are just people that lucked into the position since they were willing to
    take less money than the qualified administrator. I see it all over the
    country, companies, fortune 100, that have a bunch of unqualified people
    maintaining their networks. Don't get me wrong, they have fully
    qualified people, but they are doing something else while the chap
    monitoring the firewall presents and image of knowing something.

    If you had ever looked at the real-time traffic monitors, logs, phone
    records, and understood what you were looking at, you would know that
    it's easy to detect/spot the things you claim to use.
     
    Leythos, Oct 18, 2004
    #49
  10. HB2

    Leythos Guest

    Strangely people here seem to think that using the company network is
    somehow also private - not.
     
    Leythos, Oct 19, 2004
    #50
  11. HB2

    nemo outis Guest

    Are you only getting around now to reading my previous posts in
    which I said most sysadmins were ill-trained, overworked, and
    underfunded, and that this made network compromise child's play
    in most cases?

    You dismissed the phenomenon when I spoke of it just a few short
    posts ago - are you conceding its near-universality now?

    Yes, I've looked at them, and, yes, I understood what I was
    looking at. Not on all of the systems I penetrated, of course,
    (they weren't quite that lax :) but often enough. And, of
    course, I looked at the output of the tools from my own
    simulations of the networks I penetrated. I would never try to
    compromise a system I didn't understand ten times better than the
    sysadmins running it :)

    Of course, in principle, for every exploit there is a counter
    [remeber my cowboy aphorism?]. And you can foolishly say -
    after the fact - that if you had been there you would have
    implemented exactly that counter. But that is patent bullshit -
    while you can cover any particular exploit (once you've been told
    about it!) you cannot know about nor cover them all. Not without
    resources beyond those granted to all but the tightest of
    organizations (Yeah, I'll grant the NSA would be tough to crack
    :)

    Ross Anderson in Security Engineering develops the same theme in
    a slightly different context when talking about bugs. Condensing
    and simplifying greatly, the exploiter need only find one usable
    bug, but the bug-swatters must try to exterminate them all.
    Contrary to expectations, the lone exploiter has a huge advantage
    even over hundreds of swatters!

    Nor do most sysadmins think of the strange interactions and
    multiple uses of a specific technology, or interface, or feature,
    etc. For instance, here's another simple throwaway.

    Now, just as a conjurer's trick no longer amazes once it has been
    explained, I'm sure you will bluster, "Yeah, I knew about that."
    But the overwhelming likelihood is that while you may have had
    some passing acquaintance with specific ingredients of the
    recipe, such as ADS, you hadn't thought about how to use it this
    particular way, and therefore, all the moreso, hadn't ever
    thought how to prevent it.

    In a nutshell: I have used alternate data streams, inter alia, in
    order to bypass disk quotas on shared network drives.

    Now, having been told the trick, you could easily check for and
    stop it. But, even in situations where sysadmins had some
    knowledge of alternate data streams (coming to the party a decade
    or more late, I might add!) they had never thought how to use
    them in this specific way. Or how to prevent it! I have NEVER
    encountered an organization that was aware of this specific trick
    (unless and until I told them).

    And I could regale you with the many tricks that can be done
    using reparse points to break security, but I'm sure there's no
    need - a hotshot like you already knows them all, right?

    No, a sysadmins lot is not a happy one, happy one [acks to G&S].

    Just as locks only help to keep honest people honest, all a
    sysadmin's monitoring does is raise the threshold to keep
    triflers out. But there are those who can crack, not just any
    lock, but any safe. And similarly, there are those to whom
    network security - an oxymoron if there ever was one - is a joke!

    Regards,
     
    nemo outis, Oct 19, 2004
    #51
  12. HB2

    Ant Guest

    When you said "This is what makes it great..." above, you gave me the
    impression that dismissal without reason was a good thing!

    [...]
    I think the norm is 20 to 25. Some organizations give more for long
    service, or seniority. I'm one of the lucky ones. I've heard it's two
    weeks in the US - far too short!
    I wouldn't want the hassle of that sort of job, but it probably pays
    well. The question is, when would you have time to spend your earnings?
    I enjoy my work (software development), most of the time, but I value
    my time off.
    All I expect is that they treat their employees decently. I'm not much
    interested in perks.
    But we do get that!
    I'm not in disagreement. In my company we have two separate networks.
    One is internal, with highly controlled and very limited access to the
    outside world. This is the "business" network. The other is much less
    controlled and mainly for Internet usage. We are free to use it more or
    less as we want, within reason, and as long as no sensitive company
    information is stored on it.
    Nice, but I'd rather have the money to spend in a tavern of my choice
    than hang around after work.
     
    Ant, Oct 19, 2004
    #52
  13. Depends. If the company ALLOWS you to use Internet privately, then at
    least in some countries by default they HAVE to respect your privacy
    unless they make you sign a paper saying that they can monitor you.

    But since the original poster said that he IS allowed private
    Internet use, the flamewar was just a waste of bandwidth... all he
    wanted to know was a technical answer.


    Juergen Nieveler
     
    Juergen Nieveler, Oct 19, 2004
    #53
  14. HB2

    Leythos Guest

    You see it as a flame-war, I don't think that either myself or the other
    chap did.
     
    Leythos, Oct 19, 2004
    #54
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.