how to handle this one - TCCoA Forums
 
LinkBack Thread Tools
post #1 of 21 (permalink) Old 01-28-2005, 08:28 AM Thread Starter
Geek w/Gearhead Complex
 
Fubarian's Avatar
 
Join Date: Jul 2002
Location: Georgia
Posts: 2,299
Angry how to handle this one

we got a problem with someone here at work, porn (moron) and of course, mgt is second guessing the data. Allow me to provide some background information...

Since I started, I have pressed for locking of workstations time (10-15 minutes) and time and time again. I was trumped by management stating "it inhibits work ability". Ok fine, I warned them and let them have their way. I've also pressed for a form of zero tollerance of computer abuse. By abuse I mean downloading crap, going to sites to play games for extended period of time and even going as far as disabling cd drives so they can't bring shiz in from home. Again, I was trumped saying "playing cds never hurt anyone". I warned again and I went on.

Now, we deal with a certain individual that has went to OVER 50 different porn sites during various times over the course of a few months along with 60+ viruses. Most of these are during work hours (10am-2pm seem consistent). What tipped me off was our virus scanner was going NUTS on the terminal server he was on (thats a server that allows you to work like you do on a regular PC, just doesn't do the processing locally) and immediately revoked his internet privileges. No, I did not ask (on purpose). I then proceeded to take the server offline, do a full scan to be sure it was clean (it was) and started to investigate where then I found the evidence I need.

Now, my problem is mgt is again second guessing me and my decisions. The data is there, its his account, there's no question. Yes, I understand it could've been someone else, but thats NOT MY PROBLEM. I told them repeatedly to allow locking of workstations, limit the users ability to do things, etc but they were ignored now this issue has come about, its becoming my problem that warnings were ignored. I'm dropping the hammer for the time being and the big 'told you so' will come out I'm sure, but as it sits, how would you handle it?

Might the guy be innocent? sure.
Is he the type? no, but what is?
is it possible someone else was on his machine? definitely
so who takes the blame?

96 Mark VIII [email protected] :: 03 radiator/fan - j-modded trans - BBK UD pulley kit - dual gauge pod - 28,000 B&M transcooler (w/ AN fits) - 3.73 locker (with speedo gear) - 180' thermo - 8.5mm wires - colder plugs
soon to install : "fixed" heads and a damn tune. Project snaked8 continues...
Fubarian is offline  
Sponsored Links
Advertisement
 
post #2 of 21 (permalink) Old 01-28-2005, 08:36 AM
Seasoned PostWhore
 
Join Date: Jul 2002
Location: Cullman, AL
Age: 56
Posts: 7,758
Send a message via AIM to 94 Daily Driven 4.6L
I'm with DoD, so we have hard regulations to deal with that so I can't apply that situation to my work.

But with that said, here is what I would do:

Write a professional risk analysis/threat analysis for your systems and present it to management. Include legal ramifications, and most importantly financial ramifications.

If they decide to ignore it, then it is 100% on them (and I would be looking for another job).

Unfortunately management always has the final say, right or wrong. All you can do is cover your butt by putting it in writing.

I have been in your identical position MANY times where I warned something would happen and it was ignored and then got my butt jumped when it happened. I never say a word (like "I told you so"), all I do is hand management a copy of the email that I sent them warning them of the threat AND their reply saying to ignore it. It always seems to shut them up.

Good luck!

97 Lincoln Mark VIII LSC (Chip'd, 3.73 T/L... so far... )
97 Ford Aspire (Slow, but getting 36 mpg (f'n Ethenol!! )
84 F250 Dually w/6.9L Diesel (7.3L IDI pending)
73 Mercury Cougar Convertible w/351C 4V (Partially Restored)
69 F100 LWB w/460 Engine
76 Glastron Carlson 23' Jet Boat w/460 CJ Engine
94 Daily Driven 4.6L is offline  
post #3 of 21 (permalink) Old 01-28-2005, 08:42 AM
PostWhore
 
94t-birdlx's Avatar
 
Join Date: Dec 2003
Location: Scituate, RI
Age: 36
Posts: 1,131
Send a message via AIM to 94t-birdlx Send a message via MSN to 94t-birdlx
Get it in writing and keep all related e-mails. All you can do is cover your ***.


*writing this at work*

"Technical skill is mastery of complexity while creativity is mastery of simplicity."
94t-birdlx is offline  
post #4 of 21 (permalink) Old 01-28-2005, 08:46 AM
Trumpeter Extraordinaire
 
IronChopz's Avatar
 
Join Date: Jul 2002
Location: Saturn (or SE Michigan)
Age: 57
Posts: 2,916
You are documenting this, correct? Document everything about this that you can: findings, results, actions, anything! See if you can obtain a company policy, in writing, about computer usage, etc., and show that what you're finding isn't in compliance.

"Management" is rather vague. If this is your immediate supervisor, perhaps you can take it up the chain of command, or suggest correction on an 'experimental' basis. It never hurts to ask.

The end result could be that things remain as they are. As long as you document what's happening, and you demonstrate concern and genuine effort to correct the problems, your conscience should be clear.

Heh heh...is the company large enough for you to send an anonymous letter to the president, and let him know someone's abusing the system, as it were?
IronChopz is offline  
post #5 of 21 (permalink) Old 01-28-2005, 09:10 AM
Johnny Five is Alive
TCCoAAC Member
 
WkStill's Avatar
 
Join Date: Nov 2002
Location: NPR, FL
Age: 42
Posts: 1,614
Send a message via AIM to WkStill Send a message via Yahoo to WkStill
Me = Management, When you piss me off, feel the wrath of me and purging you and your machine from my network..

.. Do this, just block words on your firewall :-) Its funny to here people calling and asking.. I can't goto webshots, or how come my icons from hotbar don't work.. Blocking these items don't effect management, and the people who go there know they sholdn't be there..

or.. Firgure out What porn sites he is going to, and simply add them to the dns server pointing them to some other site.. Most users always goto the same sites over and over..

Some people don't like being locked out.. And applying it to the low man on the pull also inforces it on the upper management, and upper management doesn't want the restrictions that the lower management has.

1984 Merc Cougar
5.0L, GT40X HEADS, E303 CAM,X303 Valvetrain
1998 4R70W Controlled by Baumannator TCS., 3.73 Track Lock Rear., Bauman Lev 3 Shift Kit.
190LPH, 67mm EGR, 65mm TB, 73mm C&L MAF, 24lb/h Inj, TwEECer RT, A3M EEC-IV
TCCoA-AHole Crew 2004
Disclaimer: The opinions expressed in my posts are my own. They are not meant to start a flame war or discourage people. Just my honest opinion and nothing more
Just great, 4 mores years of GOP crap, Im republican, and I endorse this message
WkStill is offline  
post #6 of 21 (permalink) Old 01-28-2005, 09:18 AM
Back in Black

Administrator
 
ShadowDragon's Avatar
 
Join Date: Jul 2002
Location: Charlotte NC
Age: 44
Posts: 14,204
Quote:
Originally Posted by WkStill
Firgure out What porn sites he is going to, and simply add them to the dns server pointing them to some other site.
Like a site on the local network that just says "BUSTED you sick motherf***er." okay, maybe just "BUSTED".

Or if you are really devious, write a flash that looks all official like and says something like "transfering list of sites visited to your wife".

R.I.P. Joel Bender 07/30/79 - 03/26/06
R.I.P. Johnny Langton 1975-2011

1997 Thunderbird LX 4.6 AED 349.27RWHP/391.29RWTQ Engine Build Exterior shots
2002 Thunderbird Premium Triple Black 3.9
2015 Fusion Energi SE Luxury Magnetic Gray
*SCRAPPED* 1994 LX 4.6 NA [email protected] 236.07RWHP/286.26RWTQ
ShadowDragon is offline  
post #7 of 21 (permalink) Old 01-28-2005, 10:01 AM
Seasoned PostWhore
 
Join Date: Jul 2002
Location: Cullman, AL
Age: 56
Posts: 7,758
Send a message via AIM to 94 Daily Driven 4.6L
Our "Surf Control" has a red hand that pops up that says, "You have attempted to access a restricted site. An activity report has automatically been forwarded to the Director". Scares the living beejezus out if us.

The bad thing is that sometimes a popup will trigger it even when you’re going to a legitimate site…

97 Lincoln Mark VIII LSC (Chip'd, 3.73 T/L... so far... )
97 Ford Aspire (Slow, but getting 36 mpg (f'n Ethenol!! )
84 F250 Dually w/6.9L Diesel (7.3L IDI pending)
73 Mercury Cougar Convertible w/351C 4V (Partially Restored)
69 F100 LWB w/460 Engine
76 Glastron Carlson 23' Jet Boat w/460 CJ Engine
94 Daily Driven 4.6L is offline  
post #8 of 21 (permalink) Old 01-28-2005, 10:38 AM
Moderator
Moderator
 
JustinH's Avatar
 
Join Date: Jul 2002
Location: Austin, TX
Age: 36
Posts: 8,239
Send a message via AIM to JustinH
We do a similar thing at work. I work in the IT dept for a periodical warehouse. We were having problems with people screwing around online and we had a couple of guys looking at porn not just once but over and over again.

We have it setup so that if you are visiting a site with certain keywords, then you get automatically forwarded to a "terms of service page". It says here are the terms of service, you are in violation of these terms and the network administrator will be reading this log. There is a space to override it with a network admin password, but I read the logs.

When we first implemented it, we were getting hammered with unauthorized internet usage reports. I told my boss to not worry the problem would solve itself and it did. Now nobody even attempts to do stuff that they aren't supposed to do.

Now we don't care if someone goes to espn to check a sports score, but porn/gambling/monster.com/mp3/pircacy are deffinite no no's.

About a year ago we had a guy downloading porn movies into his virtual drive, and filling it up. Most folks store text files in there, when this guy had nearly a gig of porn in there, I had to take that one to the director, and he was terminated that same week.

We drew straws who was going to go into his cube and dispose of the sticky keyboard, lol.

I'm on the admin network at work, so i do whatever I want, but I deffinitely know not to look at porn stuff at work, some people don't get it and thats shocking to me.
JustinH is offline  
post #9 of 21 (permalink) Old 01-28-2005, 12:28 PM
Johnny Five is Alive
TCCoAAC Member
 
WkStill's Avatar
 
Join Date: Nov 2002
Location: NPR, FL
Age: 42
Posts: 1,614
Send a message via AIM to WkStill Send a message via Yahoo to WkStill
Surfcontrol is actually pretty funny, it actually spoofs the server response and interjects a bogus tcp/ip packet on the network pretending to be the sending server, if you use a network sniffer, your can actually pull the correct website from the net traffic :-)

It basically is connected to the network via a mirrored port on a switch, it then monitors that traffic, if it finds a tcp/ip request to a forbiddon domain, it will inject a fake server response onto the network prior to the real server sending its reponse, it could techically feasable to create an app to do the same :-) But i am not a tcp/ip network card hacking guru.

1984 Merc Cougar
5.0L, GT40X HEADS, E303 CAM,X303 Valvetrain
1998 4R70W Controlled by Baumannator TCS., 3.73 Track Lock Rear., Bauman Lev 3 Shift Kit.
190LPH, 67mm EGR, 65mm TB, 73mm C&L MAF, 24lb/h Inj, TwEECer RT, A3M EEC-IV
TCCoA-AHole Crew 2004
Disclaimer: The opinions expressed in my posts are my own. They are not meant to start a flame war or discourage people. Just my honest opinion and nothing more
Just great, 4 mores years of GOP crap, Im republican, and I endorse this message
WkStill is offline  
post #10 of 21 (permalink) Old 01-28-2005, 12:38 PM
Seasoned PostWhore
 
Join Date: Jul 2002
Location: Cullman, AL
Age: 56
Posts: 7,758
Send a message via AIM to 94 Daily Driven 4.6L
Oh yes... well versed in "sniffing" I am...

Our security people were saying that Surf Control "blocked" the traffic. I said BS, it only "replies" faster than the "illegal" site can reply. The original site's packet still comes into the network, but just gets put into das bit bucket because the sequence number is now not right.

They argued a lot... the trace/sniff shut them up.

Sometimes I take WAY too much pleasure in proving people wrong....

97 Lincoln Mark VIII LSC (Chip'd, 3.73 T/L... so far... )
97 Ford Aspire (Slow, but getting 36 mpg (f'n Ethenol!! )
84 F250 Dually w/6.9L Diesel (7.3L IDI pending)
73 Mercury Cougar Convertible w/351C 4V (Partially Restored)
69 F100 LWB w/460 Engine
76 Glastron Carlson 23' Jet Boat w/460 CJ Engine
94 Daily Driven 4.6L is offline  
post #11 of 21 (permalink) Old 01-28-2005, 12:41 PM
Back in Black

Administrator
 
ShadowDragon's Avatar
 
Join Date: Jul 2002
Location: Charlotte NC
Age: 44
Posts: 14,204
Lets just be glad the spammers haven't figured out how to get around the legal issues surrounding doing that on the public internet versus a private lan.

You know they gotta be trying though.

R.I.P. Joel Bender 07/30/79 - 03/26/06
R.I.P. Johnny Langton 1975-2011

1997 Thunderbird LX 4.6 AED 349.27RWHP/391.29RWTQ Engine Build Exterior shots
2002 Thunderbird Premium Triple Black 3.9
2015 Fusion Energi SE Luxury Magnetic Gray
*SCRAPPED* 1994 LX 4.6 NA [email protected] 236.07RWHP/286.26RWTQ
ShadowDragon is offline  
post #12 of 21 (permalink) Old 01-28-2005, 10:57 PM
4th Gear Poster
 
MarksM's Avatar
 
Join Date: Sep 2002
Location: TX
Age: 58
Posts: 288
Send a message via AIM to MarksM
The company I work at uses Surf control. I actually assisted in setting it up but had no say over "how". Needless to say it's not set up properly and blocks everyone, including IT. Nothing more annoying than trying to research an issue and having many sites blocked. They look at the top sites daily and keep adding them to the list. TCCoA got blocked fairly quickly. Most days I wonder why they allow any Internet access.

2007 Buell XB9S
MarksM is offline  
post #13 of 21 (permalink) Old 01-29-2005, 12:21 AM Thread Starter
Geek w/Gearhead Complex
 
Fubarian's Avatar
 
Join Date: Jul 2002
Location: Georgia
Posts: 2,299
I dumped it today saying (basically) -- the user is responsible for their system, I warned you something like this would/can/will happen time and time again, so it is no longer my problem, here's the data, here's how you find it, you make your own decisions, thanks for playing.

96 Mark VIII [email protected] :: 03 radiator/fan - j-modded trans - BBK UD pulley kit - dual gauge pod - 28,000 B&M transcooler (w/ AN fits) - 3.73 locker (with speedo gear) - 180' thermo - 8.5mm wires - colder plugs
soon to install : "fixed" heads and a damn tune. Project snaked8 continues...
Fubarian is offline  
post #14 of 21 (permalink) Old 01-29-2005, 12:23 AM
Back in Black

Administrator
 
ShadowDragon's Avatar
 
Join Date: Jul 2002
Location: Charlotte NC
Age: 44
Posts: 14,204
heh

R.I.P. Joel Bender 07/30/79 - 03/26/06
R.I.P. Johnny Langton 1975-2011

1997 Thunderbird LX 4.6 AED 349.27RWHP/391.29RWTQ Engine Build Exterior shots
2002 Thunderbird Premium Triple Black 3.9
2015 Fusion Energi SE Luxury Magnetic Gray
*SCRAPPED* 1994 LX 4.6 NA [email protected] 236.07RWHP/286.26RWTQ
ShadowDragon is offline  
post #15 of 21 (permalink) Old 01-29-2005, 07:45 AM Thread Starter
Geek w/Gearhead Complex
 
Fubarian's Avatar
 
Join Date: Jul 2002
Location: Georgia
Posts: 2,299
thanks for your insightful feedback. It was really useful.

96 Mark VIII [email protected]mph :: 03 radiator/fan - j-modded trans - BBK UD pulley kit - dual gauge pod - 28,000 B&M transcooler (w/ AN fits) - 3.73 locker (with speedo gear) - 180' thermo - 8.5mm wires - colder plugs
soon to install : "fixed" heads and a damn tune. Project snaked8 continues...

Last edited by Fubarian; 01-29-2005 at 07:54 AM.
Fubarian is offline  
post #16 of 21 (permalink) Old 01-29-2005, 08:55 AM
Sweet T
 
SanDiegoLXBird's Avatar
 
Join Date: Nov 2002
Location: Over At the Frankenstein Place
Age: 35
Posts: 3,452
Send a message via AIM to SanDiegoLXBird
Honestly? All the good feedback has been given. Cover your ***, get it in writing. Posession being 9/10ths of the law, his work station is in posession of the illegal data, he is presumably the only person that accesses his workstation regularly during those hours, it's his ***.


Also.. make sure to give management a "sign." Hopefully you'll get the joke.
SanDiegoLXBird is offline  
post #17 of 21 (permalink) Old 01-29-2005, 10:07 AM Thread Starter
Geek w/Gearhead Complex
 
Fubarian's Avatar
 
Join Date: Jul 2002
Location: Georgia
Posts: 2,299
Quote:
Originally Posted by SanDiegoLXBird
Honestly? All the good feedback has been given. Cover your ***, get it in writing. Posession being 9/10ths of the law, his work station is in posession of the illegal data, he is presumably the only person that accesses his workstation regularly during those hours, it's his ***.

Also.. make sure to give management a "sign." Hopefully you'll get the joke.
it was serious to those who gave good/example feedback, such as yourself, but also highly scarcastic to those who didn't.

I'd be damned if I didn't document (used emails after I knew it was 'lost') so if it does come back, all the right people have the email ...and I have a printed copy. Documentation is everything.

96 Mark VIII [email protected] :: 03 radiator/fan - j-modded trans - BBK UD pulley kit - dual gauge pod - 28,000 B&M transcooler (w/ AN fits) - 3.73 locker (with speedo gear) - 180' thermo - 8.5mm wires - colder plugs
soon to install : "fixed" heads and a damn tune. Project snaked8 continues...
Fubarian is offline  
post #18 of 21 (permalink) Old 01-29-2005, 10:50 AM
PostWhore
 
Join Date: Dec 2004
Location: Newark, Delaware
Age: 58
Posts: 1,362
I pretty much agree with the advice. Document everything, and have copies. I'm not technical on pc's because I'm new to this stuff. This is my first computer and I'm learning more everyday. The only thing I can add is this. What type of sites is this person going to? If it's anything involving children or any way out s**t, you may have to take it further by alerting the proper authorities. I know you have sense enough to do this, I just felt the need to make the input.
Uncaged 94 is offline  
post #19 of 21 (permalink) Old 01-29-2005, 11:00 AM
CEO Red Sox Nation
 
DMcBrideBoston's Avatar
 
Join Date: Jan 2004
Location: Winthrop (SOX TOWN USA)
Age: 38
Posts: 6,361
My place is governed by the laws of the DoD also, so I cannot be of much help but, I can tell ya that my company is supposedly very strict on what you go to through our intranet, but I am on TCCoA for most of my shift, during the weekend and overnights I do everyweek. Also I get emails from my BOSS, with madd porn and naked chic pictures in them almost on a weekly basis. The oly thing my work blocks is the chat ICQ for something to that effect. I cannot use Yahoo Pool or any other games on Yahoo, but I can use any flash game and get to any porn site.

When I did a sweep of all media files on my comp so I could import them to Realplayer, I found over 70 "not work safe, 18+ videos saved on the HD.....

Ya can look at porn, but jeez, don't save it to the damn computers hard drive.

Dave

2003 Infiniti G35 Sport Package with Navigation

Best Auto Insurance | Auto Protection Today | FREE Trade-In Quote
DMcBrideBoston is offline  
post #20 of 21 (permalink) Old 01-29-2005, 12:41 PM
Resident 40th Anniversary Expert
 
Shawn40th's Avatar
 
Join Date: Jul 2002
Location: LosAngeles, CA
Age: 38
Posts: 2,983
Send a message via AIM to Shawn40th
My friend goes through similar situations. He works IT at a college. They tell him to figure out a porblem and fix it and then he does and reports to them and thy doubt his knowledge. The higher a outside party for a day and turn up the same results and then start saying how he can't do his job. They are really stupid and just don't want to listen because the head guy just has something with people under 30 being in high position jobs (it is at this college).

From his experience and solutions, he also went through things with students looking at porn and bringing viruses into the small network there, here is some thoughts:

- Block the current sites that have been logged. If possible have a warning page come up saying it is blocked because it contains virusus and that it's not suitable for work. You shouldn't even have to ask to do that. The person looking will maybe get the idea when seeing one of the blocked sites.
- Just send out a notice or make an announcement with no names involved but just stating the dangers to the network if people visit such sites. Explain it will hurt everyone there. Maybe mention that it's also against the job policies.
- You could confront him and just ask if he visits those sites. Or just tell him without saying he did it that you've had a problem with this and you are just letting people know.
- You could print out a list of the sites and just leave them on his desk. Something annymous maybe.

Well good luck.

"People should not be afraid of their governments, governments should be afraid of their people."

1997 Lincoln Mark VIII, LSC - Green/Tan Leather, Sunroof, etc. FOR SALE. Inquire within.

Current car: 1999 Corvette

The 40th Anniversary Tbird is gone. Her old website & CarDomain page

Senior Member of the 'B-Team'.
Shawn40th is offline  
post #21 of 21 (permalink) Old 01-29-2005, 01:47 PM
PostWhore
 
Drive XR7's Avatar
 
Join Date: Jul 2002
Location: Cleveland, OH
Age: 36
Posts: 1,689
Send a message via AIM to Drive XR7
I may consider Surf Control. Spyware has become an increasingly huge problem for us. We have spent countless days formatting and reinstalling because spyware/malware has become so adaptive to our measures to control it. VX2 is the bane of my existance... just can't seem to get rid of it.

Jason
2003 SVT Mustang Cobra #5364
2001 Pontiac Grand Prix GTP
1991 Mercury Cougar XR7 5.0L - SOLD!
Drive XR7 is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the TCCoA Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in











Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome