Thanks for nothing PineRidge.....LOL

[riptides]

Information Systems security is a pretty broad area of coverage. I find that "administrators" are usually clued into product sets that "monitor" web based access.

The real issue here is undeniable proof, "non-repudiation" that YOU, were in FACT logged into your computer at a PROVEN point in time, and that YOU, were pressing keys or clicking the mouse, going to some "unclean" web-site.

It opens up a major can of worms, by saying prove it was me on my computer.

-Mike Z. /forums/images/graemlins/grin.gif

 

[HuckBB62]

Fair enough, anyone that labels weapons as illegal or illicit is an idiot. I got ruffled up by the lunacy of this situation.

By the by, if you believe that guns are just fine, you're not a liberal as you might think. By her response, I highly doubt she's voting on the republican ticket. /forums/images/graemlins/wink.gif

 

[Inspector507]

Mike,
I accept the fact that is was me that looked at "something" on this supossed weapons website. Mike links to pictures and areas of his site that pertain to his tractor mods all the time. No one else in my office would probably look at his site anyway. Besides, it's my butt if I get up from my desk without locking the computer.
What I'm asking for is the EXACT and COMPLETE URL of all 6 hits and when. If the hits were more than 4 weeks ago...moot point. If the hits were of tractor pics.....moot point. If they won't give me the log, case dropped, retraction letter for my files expected. Actually, I don't feel it's too far out of line to expect the employee who falsely accused me to face discipline.
I'm really trying to protect everyone that I work with from false persecution.

 

[Junkman]

</font><font color="blue" class="small">( ...................
I'm really trying to protect everyone that I work with from false persecution. )</font>

Don't you mean "prosecution"???????? /forums/images/graemlins/grin.gif

 

[riptides]

And I am telling you to not accept anything they give you as fact unless they have non-repudiation.

</font><font color="blue" class="small">( accept the fact that is was me that looked at "something" on this supossed weapons website. )</font>

And exactly how is this accomplished? Do you lock your computer down yourself? What about remote control programs I am sure your administrators have?

</font><font color="blue" class="small">( Besides, it's my butt if I get up from my desk without locking the computer. )</font>

And computer names, network addresses, times, processes, programs running at those times. etc. etc.

</font><font color="blue" class="small">( What I'm asking for is the EXACT and COMPLETE URL of all 6 hits and when. )</font>


I find it, putting it bluntly, highly repulsive, when so called "monitoring" of resources or URLs are presented to end users in certain instances. There are far to many ways to redirect, present, infect, place, control, copy, run, etc. etc. sessions and programs in todays IT environment.

I don't feel comfortable knowing someone is looking at "logs" or "programs" and then "presenting" this information to someone of authority without the acused present. Computers were personal at one point in time, were they not?

Good luck.
-Mike Z. /forums/images/graemlins/grin.gif

 

[getut]

Well.. I agree that companies have to do it. And even as much of a stickler as I am on "rights" issues, users really have none on company owned computers.

I do think that reviewers of logs MUST take into account the usage patterns. A good IT person can look at logs and determine very many things just from time stamps. Also a good IT policy keeps systems secured. If a good IT policy is in place, the "someone else did it on my system" is not a valid defense. A good policy spells out the human side of what is expected also, and that includes the fact that "NO ONE gets your password". It should be spelled out in the policy that if an employee has given out a password, anything done with that password is the responsibility of the user." If a password is suspected of being compromised, the users responsibility is to change it immediately and then notify IT. The user is to either lock the PC or log off before walking away. Not even the president of the company should know anyone elses password but his own.

There is also protection for me being the security administrator. I can change the password for a user who has forgotten theirs. I CANNOT see what it was previously set to. That protects me, because it is impossible for someone to accuse me of doing something and making it look in the logs like someone else did it. It is impossible, because although I can change a users password to something I know, I cannot set it back to what it was previously set to (because I do not know) when I am done "framing" someone.

I AM a stickler for rights. I despise it when a corporation decides what you can and can't do with your OWN computer in your own home (with Digital Rights Management and the like), but on the flip side, I also think a company has every right to set any rule they desire for the usage of their computers.

 

[Junkman]

</font><font color="blue" class="small">( ................. I despise it when a corporation decides what you can and can't do with your OWN computer in your own home (with Digital Rights Management and the like), but on the flip side, I also think a company has every right to set any rule they desire for the usage of their computers. )</font>

Could you please expand on this subject? I had no idea that companies could prevent what you do on your own computer on your own time in your own home.
A... how would they know????
B... how could they legally enforce such a restriction???
C... Is this even legal ????????

Inquiring minds need to know...... thanks Junk.......

 

[Spiffy]

After it got straightened out, as I'm sure yours will, I now laugh about it, but your ordeal reminds me of how I inadvertantly triggered the "corporate snoops" several years ago; even at that I still hate the fact that monitoring info [which I don't like anyway, but can understand companies using it in this CYA society] can be so easily misinterpreted.

Anyway, I was searching for specs on a ball screw and ball nut; a few days latter, I was looking for specs on a chip that had a fan tail configuration. The next week I got some serious scrutinity from the powers that be: the types of things they suspected I was looking at had nothing to do with either linear motion or electronics [or anything for that matter I'd print on a public forum]! I was lucky that the local management knew both my work habits, and the nature of the projects I was involved in, well enough to laugh with me when I made the connection, but for a split second it made me confused, mad, and sweat, all at the same time! /forums/images/graemlins/tongue.gif

 

[getut]

Digital Rights Management refers to a new take on an old idea.

Trusted computing is what they are calling it. It means nothing of the user trusting what can run on his computer. It really amounts to the corporation trusting that you can't use software in a way that they havn't envisioned (and received payment for). It will open the door for expiring software (forced obselescence) and pay per use like you've nightmared about (if you're me). It will basically make the "fair use" argument for any type of media a mute point.



Here is a good article. It is not really that bad, but the bad part is (and the reason that people need to be aware of what is coming) is because it CAN be as bad as they say in that article. There is no protection for the consumer against DRM being abused by companies simply as nothing more than another money making scheme. DRM can be good, but there is wayyy too much potential for it to be misused, and there are definitely no safeguards in place yet, technical or legal, against it being misused. And we ALL know if there is a legal way for corps to wring us for more money, they sure will.

 

[Inspector507]

Here is the response I got from our HR Officer today.

<font color="blue"> Your request for additional information will be forwarded to the Director. He will in turn make a request to the Director of the Department of Technology. I do not know how soon the turnaround will be. In the meantime, I would encourage you to keep a log of when you visit an internet site that may make your computer vulnerable to the issues you mention below. You will be advised of Technology's response to your request. Please let me know if you have any other questions. </font>

I find this statement to be unacceptable, to say the least.
<font color="blue"> You will be advised of Technology's response to your request. </font>

Anyone can request the same information according to Ohio's Public Records law. But they could deny my request because I'm an employee?