Related Articles

4 Comments

  1. 1

    AV Security Xpert

    It is funny that you mention about never questioning the tech engineers who come in to revive broken computers. I know of a close acquanitance who is a manager and doubted on one of his IT employees being non-productive by surfing the net all day. The employee denied any such allegation but later the manager installed a Trojan which provided all the log data. The employee got hacked the next day. Should i trust that I am not being caught responding to this blog?????????? Watch Out…

    Like or Dislike: Thumb up 0 Thumb down 0

    1. 1.1

      R Sachin

      Hi,

      Reg: Tech Engineers – “Normally computer-users, never question the tech engineers who come in at their place to revive their broken down computer systems.”

      This was an observation which is self explanatory.

      Secondly, there is a method to be followed prior to leveling allegations on employees.
      Method:
      A: Collect Proof
      B: Ensure all passwords and access rights are changed.
      C: Then question the employee – cause this is a highly sensitive issue, as the employee in question has access to your data and access logins, the questioning is done in a subtle manner or using a direct approach – incase point B has been deployed and a decision whether to retain the employee or not has been arrived at.

      Ever wondered why pink-slips are given on Weekends? There is an interesting theory towards it.
      Article 1: These links do not discuss about the weekend theory
      http://daytonasun.com/Articles/Local-News/Pink-Slips-Greet-The-Holiday-Weekend-For-Thousands-Of-Government-Employees.html
      Article 2:
      http://beniciaherald.wordpress.com/2011/03/11/busd-pink-slips-begin-going-out-friday/

      “Should i trust that I am not being caught responding to this blog?????????? Watch Out…”

      Usage of non-intrusive methods is highly recommended – eg. Firewall / Proxy logs instead of trojans. This reminds me of an incident from my distant past – wherein we had received a call from a stranger abusing us and when we went to the root of the matter , it was amply clear that someone from the organization had been pestering that poor guy. So, the next logical step was to go through the EPABX logs , finding the exact extension and the time and compare them with the attendance sheet and finally , we sat though the Thursday night to revoke all the rights, change all the passwords and then in the morning management confronted him.

      Last but not the least – to evade firewalls, use anon services, loads of them are available, but the moment these kind of packets arrive at the gateway – the red flag will be raised.

      So, the question of you getting caught accessing this blog is eminent unless and until you are browsing through a phone or some other network which is not a part of the corporate LAN. :) or you have setup a free webserver with a domain re-direction.

      Regards
      Sachin R

      Like or Dislike: Thumb up 0 Thumb down 0

  2. 2

    AV Security Xpert

    Thanks for all the good ideas to go about doing what one wants to do, while being in a corporate network.
    “you have setup a free webserver with a domain re-direction”, this is the best one, and quite easy to achieve.

    Like or Dislike: Thumb up 0 Thumb down 0

    1. 2.1

      R Sachin

      Hi,

      Good to hear – but as a word of caution – Corporate LANs are worse than ISPs, cause if you are caught then your daily bread and butter is at stake. In my entire career, I have seen very few networks which are completely locked down, they go at the granular level of shaping up the packets, their source and destinations.

      But 100% data / network security is still a distant dream.

      Regards
      Sachin R

      Like or Dislike: Thumb up 0 Thumb down 0

Comments are closed.

Copyright © 2017 MicroWorld Technologies Inc. - Anti-Virus escanav.com