Posted on 09/20/2007 6:13:50 AM PDT by decimon
Jeffrey W. Keener is a corporate keymasterone of a rapidly growing number of security professionals who can unlock all your office secrets. Whether youre on a PC in the next room or a Mac in Madagascar, Keener is just a few keystrokes away from watching the contents of strangers hard drives whiz by. It may seem Orwellian, but this constant monitoring is a crucial cog in the well-oiled machine of business investigationand one more inevitable tick on the countdown to a surveillance society. I saw it in action last week at the fourth-floor New York satellite office of California-based Guidance Software (which boasts Halliburton, Lowes and many Fortune 500 companies among its clients), as Keener called up one of his surveillance programs.
(Excerpt) Read more at popularmechanics.com ...
In most cases when an installed update causes problems, it is because the user has infected the machines with viruses/spyware, etc. This is particularly true for notebook computers that go home with the employee and spend time off our network.
You betcha - it even mentions it in the article.
Lurking’
You betcha - it even mentions it in the article.
Lurking’
Hate to say it, but a company has a right to do this, it’s their property you’re using for other than needs of the business.
Now that isn’t to say that everything should be held against you and the networks Nazi’s should come knocking as soon as you open FR, a majority of companies aren’t going to waste their time with minor things, they’re looking for evidence of improper use, such as porn, job hunting, and such
Just remember, don’t do anything on your computer you wouldn’t want put on the front page of the NYT. ;)
I wasn't aware that smaller companies still had IT Directors. Seven or eight years ago it appeared to me they were being phased out and HR or finance was taking over the task.
You point to problems that should indeed be addressed. To open the company system to malware is beyond irresponsible.
But, in my experience, few people are responsible when it comes to anything computer. The current system pits employer against employee so, IMO, a whole new approach to telecommunications is needed. Not that I know what that approach should be but I think the need for it is clear.
How about minimizing the potential? Conducting business on the internet is like holding meetings in town square.
What if the connection to the site is SSL-encrypted? I’m thinking the IT department will know I’m connected to the site. However, will they be able to see the unencrypted packets?
I've re-read the three page article again and I still don't see the mention. Just the carpenter with the cell phone/GPS.
Hope you haven't shredded my cache! :-)
I use a really great utility called "Window Washer 6.0" from Webroot (the same providers of SpySweeper). It has a cleaning and bleaching function for the cache.
Fortunately, our policy isn't as harsh as this, otherwise I wouldn't have done it. We support several different OS's, Linux being one of them.
In most cases when an installed update causes problems, it is because the user has infected the machines with viruses/spyware, etc.
Possible, I guess, but I was pretty careful about this. The IT department never told me I was infected with anything.
I kept my old Win2k drive fully patched and up-to-date. This was required for windows computers by the government agency I work for. Recently they changed the requirements to include operating as a regular user, not admin, as our windows computers had been set up to do. Win2k doesn't do this very well (at least not my computer). Also, some sort of defrag utility was set up to run at every startup. These two 'updates' alone (there were others), while maybe the right thing to do for security, were enough to kill my productivity. It was simply easier for me to switch to another (supported) OS. And since I spend half my time on deployment, attached to other networks, I'll bet I'm better off using Linux anyway.
Everybody, all together, “If you’ve got nothing to hide...!”
Well...it is different when we're talking private business. They can fire you but not jail you. My problem with this is an utter lack of faith in policy being applied across the board.
I worked at Lockheed in Burbank, both plants, back in the early 1960s; they inspected your lunchbox on the way out the door; saw a guy get fired on the spot one morning because he refused a work assignment with a fellow with whom he had a mutual dislike.
Had to have a security clearance to work there; when you got watched, it was by the man on the floor.
Everyone knew the policy.
If your company uses a proxy server to access the internet, they can access your SSL session data under certain circumstances.
It is possible to intercept an SSL connection at a corporate proxy server. The company would have to install its own security certificates on the workstation, which would allow it to make a secure connection to the proxy server, which would then make a secure connection to the bank.
Essentially, the connection is decrypted at the firewall, then re-encrypted and sent to your workstation.
Don’t do anything at work that you aren’t 100% comfortable having the IT guys see.
The problems you mention with IT control reminds me of a funny one my work tried. But leading up to that tale...
After years of quiet, faithful service, my employer’s Intranet was enhanced with an “urgent news” popup alert, similar to an IM greeting, for messages deemed especially urgent to the company’s business: Major ups/downs in shares, critical court judgments, retirement/hiring announcements for corporate bigwigs, things of that nature. You clicked OK to make the popup go away, but after a set number of minutes it would popup again - and keep doing that until you actually clicked the link on the popup or opened your browser as if to go read the full msg. That practice stopped once the company disallowed users changing the browser homepage.
Eventually the company installed a net nanny, which by the way blocks websites of pro- 2nd Amendment PACs and any URL that includes “gun” or “firearm.” In my experience, it intermittently checks the page you’re viewing for certain words, but nobody is revealing what the words are that may result in forever banning access to that *domain*. (FReepers who spell sh#t correctly make me nervous. I just don’t know...)
Then came the day that the Intranet update popup appeared onscreen. I was at someone else’s work station at the time and thought he’d set me up for a prank. Update popups came on several times throughout the day. Like the previous popups for company-sensitive announcements, it aggravated the user into opening the Intranet homepage. Once I was back at my desk, I realised *uh-oh*. Every single time a manager altered an Intranet entry, well, everyone knew about it. That annoyance lasted less than a week, thank ye gods! I’d already disabled mine and printed out the instructions for others - I can’t help wondering how that bright idea made it past the “hey ya’ll why don’t we try this?” stage.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.