Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
User Panel

Page / 2
Next Page Arrow Left
Link Posted: 5/30/2002 8:54:48 AM EDT
[#1]
I work for a college in SC browse ar15.com forums. ClubXM.com(satellite radio) and other places. including gun manf sites. they don't seem concerned. thou I did catch one student surfing porn via a Remote Control software. Monitored him while my boss when to talk to him. used the radios to ensure he had the right guy and knew what PC it was. PCs are named for Building Room and Position. (1,2,3,etc.) the culprit was given a stern talking to by the VP of counseling services. we not only had intent but proof, I watched the screen via remote, snapped a few screen shots. next time the culprit is expelled.
VP
Link Posted: 5/30/2002 9:00:30 AM EDT
[#2]
Quoted:
LOL... NO LOGIN ID.... NO PROOF

timestamps/cookies are meaningless unless you are logged in. Even movie files and pics are worthless evidence if you are not logged in.

I personally do not surf porn at work....but if ep is not logged in and nobody is there...this should be your reply all the way to the cheese line:

IT WASNT ME

of course if its your machine in your office/cube.....My job consists of answering floor calls to fix system probs...so I dont have an office.
View Quote


this is why any company doing this intelligently used windows 2000. which forces a login, if you don't you sit and stare at the login prompt. timestamps are useful even if no login is present. because witnesses can place someone at a machine around a certain time. and if that time coincides with a cookie there is a very good chance it was that person.
Link Posted: 5/30/2002 9:05:44 AM EDT
[#3]
Quoted:
I work for a college in SC browse ar15.com forums. ClubXM.com(satellite radio) and other places. including gun manf sites. they don't seem concerned. thou I did catch one student surfing porn via a Remote Control software. Monitored him while my boss when to talk to him. used the radios to ensure he had the right guy and knew what PC it was. PCs are named for Building Room and Position. (1,2,3,etc.) the culprit was given a stern talking to by the VP of counseling services. we not only had intent but proof, I watched the screen via remote, snapped a few screen shots. next time the culprit is expelled.
View Quote


That will do it!! In my environment, PCs are identified by ip address. Your method could easily be implemented. Of course the easiest way to keep people from surfing porn is to install Windows2000 and set password option. As far as I know (which isn't much) there is no way to get around the Login screen in that particular software.

I, personally, would hate to have a job that required me to track ppl down and bust them for improper use of company equipment. The stress must be very high!!
Link Posted: 5/30/2002 9:08:26 AM EDT
[#4]
neilfj,

I agree. Their equiptment, their rules, their right. I choose not to have their rules extend to my private internet access, therefore, I purchase access with an outside ISP. No harm, no foul. I just have my own conscience to answer to.


Link Posted: 5/30/2002 10:33:18 AM EDT
[#5]
Quoted:
LOL... NO LOGIN ID.... NO PROOF

timestamps/cookies are meaningless unless you are logged in. Even movie files and pics are worthless evidence if you are not logged in.

View Quote


Not completely true. If I was actively tracing the activity of someone, I'd just wait until he connected to a prohibited site. Then either walk over to his Office/cubicle and see what's on his screen and who's sitting at his PC. A log in doesn't really prove much since many people log into the system and walk away from their desk. Anyone walking by could use the PC.
But..then again many companies are now including as part of the employment agreement that you are responsible for keeping your PC secure. So, depending on much of an ass*ole they are, they either get you for inappropriate use of company assets, or for leaving your PC unsecured.

My point in this entire discussion is, yes people are stupid..companies can be ass%oles..save your surfing till you get home. Stay away from anything that can be used against you. It is much easier to detect your network activity than most people realize.

(Now, should we discuss Keystroke Recorders that some companies are using).

Link Posted: 5/30/2002 10:42:50 AM EDT
[#6]
Quoted:

That will do it!! In my environment, PCs are identified by ip address. Your method could easily be implemented. Of course the easiest way to keep people from surfing porn is to install Windows2000 and set password option. As far as I know (which isn't much) there is no way to get around the Login screen in that particular software.

I, personally, would hate to have a job that required me to track ppl down and bust them for improper use of company equipment. The stress must be very high!!
View Quote


All networks have some type of addressing scheme that in one way or another gets assigned to a specific PC or piece of equipment.

Win2000 & XP are tighter, security wise, than previous versions. Many companies won't even permit accessing the network or internet until you have logged on to a server. That makes it easier to trace, as rather than using the address to track down a PC, the Sniffer uses the logon information to assign your name to the trace. Rather than seeing 192.168.65.1 talking to ar15.com, it would show up as Dave Smith talking to ar15.com.

As for being stressful, not really. Like I've said before, just a friendly warning to people usually stops the activity, unless they are really stupid. A lot of times I have the sniffer running at my desk and will point it out to someone when they walk by. You'd be amazed how fast word gets around.
Link Posted: 5/30/2002 12:50:41 PM EDT
[#7]
Quoted:
Quoted:

I'd say it's not as easy as YOU think -- you must not be in the "proof" business!!

In a case like this, there needs to be more than technical information, no matter how you lay it out.

There has to be a combination of the technical facts AND the demonstration of intent.

View Quote


Well, you're incorrect. It is very easy to prove intent and provide the technical documentation required.

It is simple to determine a mistake (an inadvertent click on a link, along with all the popups) from deliberate surfing. All you have to do is go thru the trace and you can reconstruct every action. You can even replay the trace and duplicate every action taken, step by step. In the case you cited, it would be very evident in the trace that all the pop ups resulted from the page that downloaded, as you'd be able to see the page code that initiated the popups as it crossed the network.

The only part that could not be determined (initially), is whether the website you originally typed was accidental or deliberate. Your subsequent actions who determine this. If you clicked on links,
View Quote

let's see, now

downloaded photos,
movies,
music,
View Quote

All these things were automatically downloaded from that accidental visit and would be in your log ....

chatted, etc. that would prove intent.
View Quote

From an employee's point of view, the chat is of course different - as it involves conscious input of a type such that the keyer would hardly be able to say they didn't understand what the computer would do as a result.


What you described shows absolutely no intent. In fact, the trace would show clearly that it was accidental and that you had no control over the popups.  
View Quote

Well, that's what I would say, too. But I think you underestimate what a manager/supervisor with an agenda will do.   Suppose I had turned the fellow in for taking an entire day off on 4/2 claiming he was on the first day of a conference that actually didn't start until 4/3.

And suppose by process of elimination that he figured that I was the one who got his ass reamed.

How would you feel about supplying him with the sniffer information, and explaining that it appeared to be accidental.  Then having him go through the information and picking out all the items like "tits.jpg", "blowjob.gif", and all those cute little animated gif's and other thumbnail 'motion graphics', and ignoring your explanation that it looks like an accident, but using the juicy parts to fire my ass?

Manager:  "So you say that Joe then clicked his mouse and the computer went to this web site, where someone is having sex with a boy dressed up as a goat?"

Neil:  "Yes, but it appears to be an acci--"

Manager:  "That's all I need to know. Thanks for your time-- I have to take this report to a meeting."

I bet you'd feel pretty shitty.

I have no problem with taking appropriate measures with intentional abusers, and I think it's best corrected at the tech level.

Once it gets out of your hands, though, the use (and misuse) of that information is out of your control.

Maybe to discourage this kind of misuse by the "suits", the computer people should have a policy of only releasing an objective report that states strictly your expert opinion, and leaves out any computer/sniffer data that could be twisted to devious ends....


.......
Neil
View Quote
Link Posted: 5/30/2002 5:18:12 PM EDT
[#8]
Quoted:
chat is of course different - as it involves conscious input of a type such that the keyer would hardly be able to say they didn't understand what the computer would do as a result.
View Quote


Yes, but so does clicking on a link. We were discussing making errors while typing and how to determine accidental vs intentional access.
Taken cumulatively, going to a site and clicking on links proves intent in most cases,
(there are always exceptions). Going to a site and having popups, downloads, auto links are not intentional and the difference between the two situations is rather easy to determine from the trace data.

But I think you underestimate what a manager/supervisor with an agenda will do.
View Quote


No, not at all.

How would you feel about supplying him with the sniffer information, and explaining that it appeared to be accidental. Then having him go through the information and picking out all the items like "tits.jpg", "blowjob.gif", and all those cute little animated gif's and other thumbnail 'motion graphics', and ignoring your explanation that it looks like an accident, but using the juicy parts to fire my ass?
View Quote


Not an issue. Most people don't want the raw data, just the results of the analysis. Most people can't decode the traffic, or can't be bothered. It is usually a written report detailing the activity. Accidental links, popups, etc. are not included in my reports for just such a reason as you state. The raw data is kept for evidence, if required.

I bet you'd feel pretty shitty.
View Quote


Nope not at all. On the other hand, anger would be another thing.

I have no problem with taking appropriate measures with intentional abusers, and I think it's best corrected at the tech level.
View Quote


Agreed! Unfortunately, some times we don't have the choice or the option to handle it.

Once it gets out of your hands, though, the use (and misuse) of that information is out of your control.


Correct, see previous response.

Maybe to discourage this kind of misuse by the "suits", the computer people should have a policy of only releasing an objective report that states strictly your expert opinion, and leaves out any computer/sniffer data that could be twisted to devious ends.
View Quote


It's not only the 'suits'. It could be my Director, VP, or it could be me with a vendetta against someone. There is no way to guarantee that the information is used correctly. The only option if it happens is to get a copy of the data and have someone decode it for you...then see your lawyer. It is rather 'self-policing though. In every case I've seen, you had to prove your conclusion in excruciating detail. The last thing any company wants is a wrongful termination suit.
Link Posted: 5/30/2002 8:13:27 PM EDT
[#9]
Quoted:
Quoted:

That will do it!! In my environment, PCs are identified by ip address. Your method could easily be implemented. Of course the easiest way to keep people from surfing porn is to install Windows2000 and set password option. As far as I know (which isn't much) there is no way to get around the Login screen in that particular software.

I, personally, would hate to have a job that required me to track ppl down and bust them for improper use of company equipment. The stress must be very high!!
View Quote


All networks have some type of addressing scheme that in one way or another gets assigned to a specific PC or piece of equipment.

Win2000 & XP are tighter, security wise, than previous versions. Many companies won't even permit accessing the network or internet until you have logged on to a server. That makes it easier to trace, as rather than using the address to track down a PC, the Sniffer uses the logon information to assign your name to the trace. Rather than seeing 192.168.65.1 talking to ar15.com, it would show up as Dave Smith talking to ar15.com.

As for being stressful, not really. Like I've said before, just a friendly warning to people usually stops the activity, unless they are really stupid. A lot of times I have the sniffer running at my desk and will point it out to someone when they walk by. You'd be amazed how fast word gets around.
View Quote


Lots of info in your posts...thanks. I think our environments are very different. This conversation could go on forever. Just out
of curiosity....what do you let go. Can an employee check out weather, news, stocks etc.......even over lunch?
Link Posted: 5/30/2002 8:21:11 PM EDT
[#10]
Quoted:
 because witnesses can place someone at a machine around a certain time. and if that time coincides with a cookie there is a very good chance it was that person.
View Quote



a very good chance is not positive proof. [:D]

I understand where you guys are coming from...just pointing out that there are holes!
I also understand that employers can terminate me(in Texas) for any reason...but unless they have video of me surfing porn logged in......


IT WASNT ME!

Page / 2
Next Page Arrow Left
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
Top Top