ItsValium

Info needed

6 posts in this topic

Hi all,

First let me try to explain the situation a bit.

I work for a company that has 60 + technicians on the road as a supervisor. They have all been provided with laptops (with an aircard) so they can sync to the company server to get work orders and such. They usually sync once or twice a day (either in the morning or in the evening to get their work orders). When hired they all signed an agreement that prohibited them from using the laptops and the aircards for personal use. And included was an agreement that they would be monitored and such (just company policy I guess).

Up until now we never monitored anybody since we never had any problems with abuse before but the last few weeks we have noticed that some of them have been misusing their laptop and/or aircard. We noticed usage of the bandwith went up with over 300% in only a week or two and is still rising although not as fast now. After some inspection by the IT department they are not able to tell who and where they do it, it seems some of them have overridden security policies and such. Now my boss gave me the job to 'catch' the bad guys.

I was thinking about a monitoring tool to install on all those machines but my concern is how would I go and install that on all of them. Most of them are in remote areas and I don't have physical access to the machines. I do however have all rights on the servers they connect to. But offcourse the installation of the tool would need to be silent and completely stealthed. Since bluntly installing monitoring with their knowledge would stop the abuse immediately and they would never get caught for the abuse they did. Any ideas? any opinions?

Thx in advance,

Greetz

0

Share this post


Link to post
Share on other sites
I was thinking about a monitoring tool to install on all those machines but my concern is how would I go and install that on all of them. Most of them are in remote areas and I don't have physical access to the machines. I do however have all rights on the servers they connect to. But offcourse the installation of the tool would need to be silent and completely stealthed. Since bluntly installing monitoring with their knowledge would stop the abuse immediately and they would never get caught for the abuse they did. Any ideas? any opinions?

It would seem that if you're trying to STOP people from misusing their equipment, then sneaking around is not the best way to go about it. Send out a memo to all the field techs, stating that on ___ date, when they synch with the servers, new monitoring software will be installed on their systems.

In the end, it comes down to a decision as to whether you want the behavior to stop overall, or if you really want to catch the people who are doing it and subject them to disciplinary action. Depending on the nature of the offenses, either may be appropriate. (E.g... if you expect illegal activity, you may want to obtain evidence for termination and prosecution; whereas, if you suspect people are just using the equipment for personal reasons, you may not need to hand them a beatdown.)

On the network I manage, I'm more concerned with people not doing things they're not supposed to... rather than permitting it on the sly and then catching them in the act. Just easier that way.

But, YMMV.

0

Share this post


Link to post
Share on other sites
Depending on the nature of the offenses, either may be appropriate. (E.g... if you expect illegal activity, you may want to obtain evidence for termination and prosecution; whereas, if you suspect people are just using the equipment for personal reasons, you may not need to hand them a beatdown.)

This decision has allready been made by the bosses, they want to take action and fire those responsible for it. They have given me the task to catch the ones and provide the necessary proof. So the monitoring tool was the only thing I could think of.

0

Share this post


Link to post
Share on other sites
Depending on the nature of the offenses, either may be appropriate. (E.g... if you expect illegal activity, you may want to obtain evidence for termination and prosecution; whereas, if you suspect people are just using the equipment for personal reasons, you may not need to hand them a beatdown.)

This decision has allready been made by the bosses, they want to take action and fire those responsible for it. They have given me the task to catch the ones and provide the necessary proof. So the monitoring tool was the only thing I could think of.

Well since I.T was able to tell you that they were surfing more... You should be able to view the log files and track them that way. The user would be very upset if the company got a hold of there personal passwords. I know that some of our users suft the web to check there mail. But that's normal.

Good luck

0

Share this post


Link to post
Share on other sites

If you believe the traffic is web-based, you could set up a transparent proxy on your network. Then, if you have a Windows-based network, you can roll out a GPO to force the proxy address into the users' IE settings.

Not a perfect solution, but may do in a pinch and should be pretty quick to set up. No install needed on the laptops either, which is nice.

0

Share this post


Link to post
Share on other sites

Well thx for the advice but that might not be what I'm looking for.

They connect through an aircard (which connects to the cellphone network and uses dynamic ip's provide by the telcompany operating that network) so to find out who connected with what ip etc. would take a really long amount of time and legal issues since we would need some judge to order the telcompany to give out their logs of the ip's given to that particular range of aircard numbers.

About the personal mail stuff, the laptops were initialised with a corporate image of XP professional with security set pretty tight so private surfing is blocked. However it seems that by looking at the bills from the telcompagny there's no way all of them could have generated that much bandwith usage from just syncing to the corporate server and using the corporate apps. Besides that's what they all signed the agreement for, NO personal use whatsoever is allowed (since the laptops are used to connect and maintain pretty expensive hardware and confidential stuff is residing on it (like financial transactions and stuff from our clients)).

Somehow some of the techs have found a way to override the security on the laptops and finding out who did it is a top priority now.

Thx anyway any more suggestions are more than welcome.

Greetz

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now