Home page logo
/

basics logo Security Basics mailing list archives

RE: How to stop Admins from sniffing ?
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Mon, 31 Jul 2006 13:46:09 +1000



If they're doing as much sniffing as you think then they'd prob pickup that
your traffic is encrypted and start sniffing further. Encrypted traffic
looks different to normal traffic. If they can't decode it\'read' it with
ethereal then they will wonder why etc...and if it's part of their job then
well, that's what they're meant to do...switches are one way of minimizing
sniffing but even then spanning ports can get round this.
-----Original Message-----
From: cc [mailto:cc () belfordhk com] 
Sent: Friday, July 28, 2006 12:29 PM
To: security-basics () securityfocus com
Subject: Re: How to stop Admins from sniffing ?

Didn't you write?:
I work in a small organisation and the system and network administrators
here are constantly monitoring all data in the network. I have seen them
running Etherreal on their systems and from their talks i am sure that they
know who is doing what. I m using windows XP and i have a personal firewall
installed which pop's up every few minutes saying that there is a port scan
attack going on. And when i looked up that IP address it belongs to tbe
system being used by the administrator. I have tried talking to my bosses
about this but not happened ( maybe the admins convinced them that they are
not doing anything like that or its happening by bosses permisson).  i know
since they are in same network as me its easy for them to sniff all traffic
and everything.


This all depends entirely on your company's policies (computer or
otherwise).  Are  the Sys and Net admins sanctioned by the management
to administer these monitors?

You are, after all, working in a company and not at home and thusly,
you'd have to follow the rules and regulations as dictated by
your company.  I am assuming that the computer you are using is
company property.  In my company,  employees are not told they
can't bring their own notebooks; but they are strictly prohibited
in plugging it into the company network.  The moment they do
that, it is a breach in the network.

Also, by encrypting your traffic, and knowing your sys/net admins are
watching, would you not think they'd suspect something is wrong and
take it as their job to investigate the reasons for your secrecy?
You are doing company-work, are you not?  They know your job nature.
If you feel that your job requires encrypted traffic, then it is
in your best interest to talk to the sys/net admins and the
management.

What i want to know from you ppl is that is there is anyway way to stop
this ? 
is it possible for me to encrypt all traffic going out from my system ? 

Take it up with the management and the sys/net admins.  It really
isn't our place to circumvent whatever computer system policies
and protections you have going in your company.


Edmund



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]