TCCoA Forums banner

1 - 20 of 21 Posts

·
Geek w/Gearhead Complex
Joined
·
2,299 Posts
Discussion Starter #1
we got a problem with someone here at work, porn (moron) and of course, mgt is second guessing the data. Allow me to provide some background information...

Since I started, I have pressed for locking of workstations time (10-15 minutes) and time and time again. I was trumped by management stating "it inhibits work ability". Ok fine, I warned them and let them have their way. I've also pressed for a form of zero tollerance of computer abuse. By abuse I mean downloading crap, going to sites to play games for extended period of time and even going as far as disabling cd drives so they can't bring shiz in from home. Again, I was trumped saying "playing cds never hurt anyone". I warned again and I went on.

Now, we deal with a certain individual that has went to OVER 50 different porn sites during various times over the course of a few months along with 60+ viruses. Most of these are during work hours (10am-2pm seem consistent). What tipped me off was our virus scanner was going NUTS on the terminal server he was on (thats a server that allows you to work like you do on a regular PC, just doesn't do the processing locally) and immediately revoked his internet privileges. No, I did not ask (on purpose). I then proceeded to take the server offline, do a full scan to be sure it was clean (it was) and started to investigate where then I found the evidence I need.

Now, my problem is mgt is again second guessing me and my decisions. The data is there, its his account, there's no question. Yes, I understand it could've been someone else, but thats NOT MY PROBLEM. I told them repeatedly to allow locking of workstations, limit the users ability to do things, etc but they were ignored now this issue has come about, its becoming my problem that warnings were ignored. I'm dropping the hammer for the time being and the big 'told you so' will come out I'm sure, but as it sits, how would you handle it?

Might the guy be innocent? sure.
Is he the type? no, but what is?
is it possible someone else was on his machine? definitely
so who takes the blame?
 

·
Registered
Joined
·
7,758 Posts
I'm with DoD, so we have hard regulations to deal with that so I can't apply that situation to my work.

But with that said, here is what I would do:

Write a professional risk analysis/threat analysis for your systems and present it to management. Include legal ramifications, and most importantly financial ramifications.

If they decide to ignore it, then it is 100% on them (and I would be looking for another job).

Unfortunately management always has the final say, right or wrong. All you can do is cover your butt by putting it in writing.

I have been in your identical position MANY times where I warned something would happen and it was ignored and then got my butt jumped when it happened. I never say a word (like "I told you so"), all I do is hand management a copy of the email that I sent them warning them of the threat AND their reply saying to ignore it. It always seems to shut them up. :D

Good luck! :thumbsup:
 

·
Registered
Joined
·
1,131 Posts
:zwthstpd: Get it in writing and keep all related e-mails. All you can do is cover your ***.


*writing this at work* :eek:
 

·
Trumpeter Extraordinaire
Joined
·
2,917 Posts
You are documenting this, correct? Document everything about this that you can: findings, results, actions, anything! See if you can obtain a company policy, in writing, about computer usage, etc., and show that what you're finding isn't in compliance.

"Management" is rather vague. If this is your immediate supervisor, perhaps you can take it up the chain of command, or suggest correction on an 'experimental' basis. It never hurts to ask.

The end result could be that things remain as they are. As long as you document what's happening, and you demonstrate concern and genuine effort to correct the problems, your conscience should be clear.

Heh heh...is the company large enough for you to send an anonymous letter to the president, and let him know someone's abusing the system, as it were?
 

·
Johnny Five is Alive, TCCoAAC Member
Joined
·
1,614 Posts
Me = Management, When you piss me off, feel the wrath of me and purging you and your machine from my network..

.. Do this, just block words on your firewall :) Its funny to here people calling and asking.. I can't goto webshots, or how come my icons from hotbar don't work.. Blocking these items don't effect management, and the people who go there know they sholdn't be there..

or.. Firgure out What porn sites he is going to, and simply add them to the dns server pointing them to some other site.. Most users always goto the same sites over and over..

Some people don't like being locked out.. And applying it to the low man on the pull also inforces it on the upper management, and upper management doesn't want the restrictions that the lower management has.
 

·
Administrator
Joined
·
14,208 Posts
WkStill said:
Firgure out What porn sites he is going to, and simply add them to the dns server pointing them to some other site.
:zwthstpd: Like a site on the local network that just says "BUSTED you sick motherf***er." okay, maybe just "BUSTED". ;)

Or if you are really devious, write a flash that looks all official like and says something like "transfering list of sites visited to your wife".
 

·
Registered
Joined
·
7,758 Posts
Our "Surf Control" has a red hand that pops up that says, "You have attempted to access a restricted site. An activity report has automatically been forwarded to the Director". Scares the living beejezus out if us. :beek:

The bad thing is that sometimes a popup will trigger it even when you’re going to a legitimate site… :mad:
 

·
Moderator
Joined
·
8,239 Posts
We do a similar thing at work. I work in the IT dept for a periodical warehouse. We were having problems with people screwing around online and we had a couple of guys looking at porn not just once but over and over again.

We have it setup so that if you are visiting a site with certain keywords, then you get automatically forwarded to a "terms of service page". It says here are the terms of service, you are in violation of these terms and the network administrator will be reading this log. There is a space to override it with a network admin password, but I read the logs.

When we first implemented it, we were getting hammered with unauthorized internet usage reports. I told my boss to not worry the problem would solve itself and it did. Now nobody even attempts to do stuff that they aren't supposed to do.

Now we don't care if someone goes to espn to check a sports score, but porn/gambling/monster.com/mp3/pircacy are deffinite no no's.

About a year ago we had a guy downloading porn movies into his virtual drive, and filling it up. Most folks store text files in there, when this guy had nearly a gig of porn in there, I had to take that one to the director, and he was terminated that same week.

We drew straws who was going to go into his cube and dispose of the sticky keyboard, lol.

I'm on the admin network at work, so i do whatever I want, but I deffinitely know not to look at porn stuff at work, some people don't get it and thats shocking to me.
 

·
Johnny Five is Alive, TCCoAAC Member
Joined
·
1,614 Posts
Surfcontrol is actually pretty funny, it actually spoofs the server response and interjects a bogus tcp/ip packet on the network pretending to be the sending server, if you use a network sniffer, your can actually pull the correct website from the net traffic :)

It basically is connected to the network via a mirrored port on a switch, it then monitors that traffic, if it finds a tcp/ip request to a forbiddon domain, it will inject a fake server response onto the network prior to the real server sending its reponse, it could techically feasable to create an app to do the same :) But i am not a tcp/ip network card hacking guru.
 

·
Registered
Joined
·
7,758 Posts
Oh yes... well versed in "sniffing" I am... :D

Our security people were saying that Surf Control "blocked" the traffic. I said BS, it only "replies" faster than the "illegal" site can reply. The original site's packet still comes into the network, but just gets put into das bit bucket because the sequence number is now not right.

They argued a lot... the trace/sniff shut them up. :D

Sometimes I take WAY too much pleasure in proving people wrong.... :rofl: :leftright
 

·
Administrator
Joined
·
14,208 Posts
Lets just be glad the spammers haven't figured out how to get around the legal issues surrounding doing that on the public internet versus a private lan.

You know they gotta be trying though.
 

·
Registered
Joined
·
288 Posts
The company I work at uses Surf control. I actually assisted in setting it up but had no say over "how". Needless to say it's not set up properly and blocks everyone, including IT. Nothing more annoying than trying to research an issue and having many sites blocked. They look at the top sites daily and keep adding them to the list. TCCoA got blocked fairly quickly. Most days I wonder why they allow any Internet access.
 

·
Geek w/Gearhead Complex
Joined
·
2,299 Posts
Discussion Starter #13
I dumped it today saying (basically) -- the user is responsible for their system, I warned you something like this would/can/will happen time and time again, so it is no longer my problem, here's the data, here's how you find it, you make your own decisions, thanks for playing.
 

·
Geek w/Gearhead Complex
Joined
·
2,299 Posts
Discussion Starter #15 (Edited)
thanks for your insightful feedback. It was really useful.
 

·
Sweet T
Joined
·
3,452 Posts
Honestly? All the good feedback has been given. Cover your ***, get it in writing. Posession being 9/10ths of the law, his work station is in posession of the illegal data, he is presumably the only person that accesses his workstation regularly during those hours, it's his ***.


Also.. make sure to give management a "sign." Hopefully you'll get the joke.
 

·
Geek w/Gearhead Complex
Joined
·
2,299 Posts
Discussion Starter #17
SanDiegoLXBird said:
Honestly? All the good feedback has been given. Cover your ***, get it in writing. Posession being 9/10ths of the law, his work station is in posession of the illegal data, he is presumably the only person that accesses his workstation regularly during those hours, it's his ***.

Also.. make sure to give management a "sign." Hopefully you'll get the joke.
it was serious to those who gave good/example feedback, such as yourself, but also highly scarcastic to those who didn't.

I'd be damned if I didn't document (used emails after I knew it was 'lost') so if it does come back, all the right people have the email ...and I have a printed copy. Documentation is everything.
 

·
Premium Member
Joined
·
1,362 Posts
I pretty much agree with the advice. Document everything, and have copies. I'm not technical on pc's because I'm new to this stuff. This is my first computer and I'm learning more everyday. The only thing I can add is this. What type of sites is this person going to? If it's anything involving children or any way out s**t, you may have to take it further by alerting the proper authorities. I know you have sense enough to do this, I just felt the need to make the input.
 

·
Registered
Joined
·
6,361 Posts
My place is governed by the laws of the DoD also, so I cannot be of much help but, I can tell ya that my company is supposedly very strict on what you go to through our intranet, but I am on TCCoA for most of my shift, during the weekend and overnights I do everyweek. Also I get emails from my BOSS, with madd porn and naked chic pictures in them almost on a weekly basis. The oly thing my work blocks is the chat ICQ for something to that effect. I cannot use Yahoo Pool or any other games on Yahoo, but I can use any flash game and get to any porn site.

When I did a sweep of all media files on my comp so I could import them to Realplayer, I found over 70 "not work safe, 18+ videos saved on the HD.....

Ya can look at porn, but jeez, don't save it to the damn computers hard drive.

Dave :eek:
 

·
Registered
Joined
·
2,983 Posts
My friend goes through similar situations. He works IT at a college. They tell him to figure out a porblem and fix it and then he does and reports to them and thy doubt his knowledge. The higher a outside party for a day and turn up the same results and then start saying how he can't do his job. They are really stupid and just don't want to listen because the head guy just has something with people under 30 being in high position jobs (it is at this college).

From his experience and solutions, he also went through things with students looking at porn and bringing viruses into the small network there, here is some thoughts:

- Block the current sites that have been logged. If possible have a warning page come up saying it is blocked because it contains virusus and that it's not suitable for work. You shouldn't even have to ask to do that. The person looking will maybe get the idea when seeing one of the blocked sites.
- Just send out a notice or make an announcement with no names involved but just stating the dangers to the network if people visit such sites. Explain it will hurt everyone there. Maybe mention that it's also against the job policies.
- You could confront him and just ask if he visits those sites. Or just tell him without saying he did it that you've had a problem with this and you are just letting people know.
- You could print out a list of the sites and just leave them on his desk. Something annymous maybe.

Well good luck.
 
1 - 20 of 21 Posts
Top