Home page logo
/

basics logo Security Basics mailing list archives

Re: How to stop Admins from sniffing ?
From: cc <cc () belfordhk com>
Date: Sat, 29 Jul 2006 09:22:30 +0800

Didn't you write?:

hi, there
   Skype connection is encrypted, so it can keep your chat message and
call.

The question isn't whether you can encrypt traffic.  Clearly, anyone
can.  The question is whether or not it will jeopardize the integrity
and security of the network.   Another question is why is there a
necessity to use Skype?

A couple of years ago, my co-workers had a 3rd party member install
Skype on two company systems without informing me before hand.
As the systems admin at the company, I considered that both
a breach of conduct and a breach of security.   In essence, I was
livid.

How did I know?  I monitor the firewall system regularly and
even at night and when I noticed at 1am that traffic was going
in and out of the system, it raised an alarm.  I blocked
the ports.  The next day, I uninstalled Skype on both systems
and gave the two an earful.  I then fired off an email to
the director, cc'ing the others.


   SMTPs, IMAPs and POP3s are encrypted email service, while https is
encrypted web service. you can you them to prevent system
administrators from monitoring you. But if you do that, you must take
care for internet attack by yourself, like phishing, spam, exploit in
email and etc.

Does the email server the OP uses support these protocols?  If so,
and the admins have approved, then he can use those.  For other
items, it's better to go to the sys admins and get a clarification
from them.  As for taking care of any possible 'internet attack',
since he isn't a Sys admin, it isn't his job.  Suggesting users to
do this undermines the sys admin's ability to keep things in
check.

The bottom line is.  The company owns the computer.  It dictates
the underlying policies what the users can or cannot use the
computers for.   Doing something that counteracts these policies
may be considered a breach of conduct, security or integrity of
information and might even be a reason for termination and/or
financial reparations.

Just my $0.02.   But like all, I'm here to learn more so if
someone can correct me if I'm wrong, I'd be much appreciated.

Edmund


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]