Reason Please!

Reason Please!
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Reason Please! John 03-06-2008
|--> Re: Reason Please! David H. Lipman03-06-2008
---> Re: Reason Please! Tom [Pepper] Wi...03-06-2008
| ---> Re: Reason Please! David H. Lipman03-06-2008
| ---> Re: Reason Please! Tom [Pepper] Wi...03-06-2008
| ---> Re: Reason Please! David H. Lipman03-06-2008
| `--> Re: Reason Please! Roger Abell [MV...03-06-2008
|--> Re: Reason Please! Roger Abell [MV...03-06-2008
---> Re: Reason Please! David H. Lipman03-08-2008
---> Re: Reason Please! Dobromir Todoro...03-14-2008
`--> Re: Reason Please! David H. Lipman03-14-2008
Posted by David H. Lipman on March 6, 2008, 6:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Dave: I can't believe the OP had to ask for a reason ;-)
| Around my office, it would be a fireable offense, no questions asked.
|
| We also have every employee sign a network/internet usage policy that's very
| tight, and in no uncertain terms lays everything out.
|

In my environment, it would be prosecuted.

I am total agreement for a corporate AUP. It is the "correct" way to deal with
a company's
computing assets.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Roger Abell [MVP] on March 6, 2008, 10:49 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>
> | Dave: I can't believe the OP had to ask for a reason ;-)
> | Around my office, it would be a fireable offense, no questions asked.
> |
> | We also have every employee sign a network/internet usage policy that's
> very
> | tight, and in no uncertain terms lays everything out.
> |
>
> In my environment, it would be prosecuted.
>
> I am total agreement for a corporate AUP. It is the "correct" way to deal
> with a company's
> computing assets.
>

In my environment there are approx. 60,000 students able and
willing to plug at any server and/or client system exposures.
Yes, there is a policy, but on a network of two class Bs, much
goes on unnoticed in all the traffic.

Roger



Posted by Roger Abell [MVP] on March 6, 2008, 10:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi all,
>
> I have one internal employee which used the hacking tool to scan our
> network
> and change our administror account. He did not get any permision and
> thought
> it help us to do internal assessment. Can anyone give me the reason why
> he
> should not do it in the production network?
>
> Thank you.

What is the role, are the job duties of this employee?
If the scan was entirely unrelated to job, that is one thing
(and what of his job that was not getting done at the time?);
but, if his job does include some form of IT, then it may
be another thing. How trusted is the employee and of how
long a standing in the organization - I mean is it only a
well intended misstep or attempt to get given new tasks
helping with your IT infrastructure involved here?

Knowing the strengths and fixing the weaknesses of one's
infrastructure is a good thing. Finding out about needed
changes is a good thing. Usually it is very important that
the production systems meet the highest standards.
If he does not scan then it seems likely someone should
given his success on whatever non-production internal
infrastructure that was penetrated.

Roger




Posted by =?Utf-8?B?V2h5IElzIFRoaXMgU28g on March 7, 2008, 11:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You might want to check with an employment lawyer before you fire the guy.
You don't want to bring a lawsuit down on yourself for accidentally violating
the law. Even 'at will' employees (meaning those who aren't guaranteed
employment for x years) have rights not to be terminated in violation of the
law. Just a thought. Good luck.

"John" wrote:

> Hi all,
>
> I have one internal employee which used the hacking tool to scan our network
> and change our administror account. He did not get any permision and thought
> it help us to do internal assessment. Can anyone give me the reason why he
> should not do it in the production network?
>
> Thank you.

Posted by David H. Lipman on March 8, 2008, 2:01 am
If you were  Registered and logged in, you could reply and use other advanced thread options
From: "Why Is This So Complicated"

| You might want to check with an employment lawyer before you fire the guy.
| You don't want to bring a lawsuit down on yourself for accidentally violating
| the law. Even 'at will' employees (meaning those who aren't guaranteed
| employment for x years) have rights not to be terminated in violation of the
| law. Just a thought. Good luck.
|


I've got news for you. Tampering with the company's assets gives an employer
full rights to
terminate.
The employee has NO rights to tamper with the company computer system.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
warning for windows reason October 31, 2007, 7:25 pm

The site map in XML format XML site map

Contact Us | Privacy Policy