dsniff and the various C libraries that go with it are great for monitoring remote users (SSL and cleartext) That said, my top tools
1. tcpdump
2. ethereal (for looking at tcpdump logs)
3. ssh (with X fowarding. You can get a server for Winscum if you need to)
4. [Dare I say it] Remote Desktop. I currently work with a team of 5 IT's to maintain a nation wide network of PC's. VNC just doesn't cut it, neither does a lot of other programs. Remote Desktop is highly acceptable from my point of view, although booting into windows via VMWare is a pain.
5. perl - I use perl to script up a lot of my automation proceedures, fully 3/4's of my network is maintained by some perl script or other
6. nmap - Got those security audit's done this week? Made sure your users aren't sharing porn?
7. nc - TCP/IP swiss army knife. Just recently converted to the GNU version after spending my life with the original
8. C - Programming Language of choice. I know others, but prefer to port my apps into C for speed's sake
9. snmpd - Remote performance data on the fly
10. MySQL - Where the hell do you think I keep all my performance data, Nmap Scans, and network dumps that need further analysis?
11. Bash scripts - Learn these... they are good.
12. Cacti/MRTG - For instant snmp gui stuffs, handy when the rest of the team aren't BSD geeks.
Also for when I have to administer windows I try and maintain my knowledge of
VBScript - It is dirty, but damned handy
batch files - same reason
Remote Desktop - Mentioned above
Truth be told, I almost always have some emperor/metallica/gorgoroth/insert_your_band_here playing, so a nice MP3 player for the platform I am working on rounds off whatever I am doing.
Yes and no. We have filters in place to prevent online banking (part of the proxy system). Plus, the data is stored for a week, and then cycled out. The rest, I am sure, your imagination can follow out.
No need to post anonymously, I aint gonna do this from work anytime soon:)
We do as most sites do, and implement a security system primarily at the perimiter. We don't go full out keystroke logging and so forth, that would just be counter productive, but we do monitor outgoing and incoming emails, habitualy drop everything from yahoo and hotmail, and have a Squid Proxy System in place.
We implemented much of this without informing the users, and before contacting the HR department. Problem. So our decision was, until approval, we would just log, deny and drop users based on what they were doing. There were acl's in place, and a SARG system for watching what they were doing, but overall, we just logged. This user is pregnant, this one is cheating on his wife. Then one day, the shit hit the fan
One of the IT's was spotted with remote control of another users session, and was just watching them. This was based on instant alerts we were retrieving from the squid helpers I had hacked up to complement SARG.
IT Honestly thought we were going to bite the dust. There were only about 6 of us to some 400 users, and we were not well loved. But no, we were wrong. Management felt that it was a great idea, HR was forced to approve it by the directors, and now we do full keystroke monitoring, internet access monitoring in real time, and an email system that at least one IT has to read before any email gets sent externally.
Monitoring internal mail is done via some filtering software and some shitty hacks on what we have, but it still catches a lot... like the two managers who were syphoning money off in discrepancies and lining their own pockets.
I just checked the document which mentions this practice, and all that is said is "At any given time, your email, internet access, or computer may be monitored for non-production actions".
Barely legal? Probably, but we have been having a field day with it...
This is still rife in quite a lot of IT places. It is well known that certain types of people may be more technically adept, and people hire on that basis.
Of course, it doesn't help when company's outsource call centers...
Probably can, but I have too much trouble (as in, I don't have the time) re-configuring everything to work around the thing. The modules I can write in my own time, and they are easily updateable. Fighting with the SE just isn't something I'm up for. It probably is easier to use, but when you know something well already...
Not flaming on anyone in particular, but maybe people should try reading all of the comments. Most posts thus far have been all things like "save-tree" and so forth, indeed, before logging in, most of the posts that show up are like this.
The problems of disk/network i/o aside, the idea that "I liked the paragraph I just deleted" is moot when this save tree is in place. You deleted something, just go back to it in the version tree. Quote from earlier in the page:
1. You create your document "Great Novel".
2. You edit your novel.
3. You shut off your computer.
4. You turn on your computer.
5. You open up "Great Novel" and it takes you where you left off.
6. After editing for three hours, you decide that you really don't want to kill of your hero, so you ask for the document to be rolled back by 50 minutes.
7. You start editing from that point, which automagically creates a document branch.
8. After twenty minutes, you like what you have, and decide to label the version on this branch "best version".
9. You later decide to go back to your abandoned branch, and label it "hero dies".
10. Over the course of months, your version tree becomes extremely bushy. However at any time you can ask for the most recent "best version" or see a history of all versions in which "hero dies".
End Quote.
Sure, its a little more intensive (again, see note on disk/network io above), but it saves a lot of problems. I wrote a small program a few months ago to do this, and (whilst it still has a save button) is the best thing someone could ask for. Mine does a version save in two situations. On demand (hence the save button) and every line of text (whenever someone hits the enter key) it's not really intensive, I just don't do huge files against it.
Of course, if you wanted to do big files, we have a lovely program in the *nix world. It is called diff. Get the idea?
Slashdot Mirror
Agreed
Now who wants to take bets on how many of those 8,000 are going to be computer technicians who spent too much time playing BattleField 2???
dsniff and the various C libraries that go with it are great for monitoring remote users (SSL and cleartext)
That said, my top tools
1. tcpdump
2. ethereal (for looking at tcpdump logs)
3. ssh (with X fowarding. You can get a server for Winscum if you need to)
4. [Dare I say it] Remote Desktop. I currently work with a team of 5 IT's to maintain a nation wide network of PC's. VNC just doesn't cut it, neither does a lot of other programs. Remote Desktop is highly acceptable from my point of view, although booting into windows via VMWare is a pain.
5. perl - I use perl to script up a lot of my automation proceedures, fully 3/4's of my network is maintained by some perl script or other
6. nmap - Got those security audit's done this week? Made sure your users aren't sharing porn?
7. nc - TCP/IP swiss army knife. Just recently converted to the GNU version after spending my life with the original
8. C - Programming Language of choice. I know others, but prefer to port my apps into C for speed's sake
9. snmpd - Remote performance data on the fly
10. MySQL - Where the hell do you think I keep all my performance data, Nmap Scans, and network dumps that need further analysis?
11. Bash scripts - Learn these... they are good.
12. Cacti/MRTG - For instant snmp gui stuffs, handy when the rest of the team aren't BSD geeks.
Also for when I have to administer windows I try and maintain my knowledge of
VBScript - It is dirty, but damned handy
batch files - same reason
Remote Desktop - Mentioned above
Truth be told, I almost always have some emperor/metallica/gorgoroth/insert_your_band_here playing, so a nice MP3 player for the platform I am working on rounds off whatever I am doing.
Cheers.
Yes and no. We have filters in place to prevent online banking (part of the proxy system). Plus, the data is stored for a week, and then cycled out. The rest, I am sure, your imagination can follow out.
No need to post anonymously, I aint gonna do this from work anytime soon :)
We do as most sites do, and implement a security system primarily at the perimiter. We don't go full out keystroke logging and so forth, that would just be counter productive, but we do monitor outgoing and incoming emails, habitualy drop everything from yahoo and hotmail, and have a Squid Proxy System in place.
We implemented much of this without informing the users, and before contacting the HR department. Problem. So our decision was, until approval, we would just log, deny and drop users based on what they were doing. There were acl's in place, and a SARG system for watching what they were doing, but overall, we just logged. This user is pregnant, this one is cheating on his wife. Then one day, the shit hit the fan
One of the IT's was spotted with remote control of another users session, and was just watching them. This was based on instant alerts we were retrieving from the squid helpers I had hacked up to complement SARG.
IT Honestly thought we were going to bite the dust. There were only about 6 of us to some 400 users, and we were not well loved. But no, we were wrong. Management felt that it was a great idea, HR was forced to approve it by the directors, and now we do full keystroke monitoring, internet access monitoring in real time, and an email system that at least one IT has to read before any email gets sent externally.
Monitoring internal mail is done via some filtering software and some shitty hacks on what we have, but it still catches a lot... like the two managers who were syphoning money off in discrepancies and lining their own pockets.
I just checked the document which mentions this practice, and all that is said is "At any given time, your email, internet access, or computer may be monitored for non-production actions".
Barely legal? Probably, but we have been having a field day with it...
In all seriousness
Need a network security specialist???
This is still rife in quite a lot of IT places. It is well known that certain types of people may be more technically adept, and people hire on that basis.
Of course, it doesn't help when company's outsource call centers...
Burnout.
What is the burnout like???
Probably can, but I have too much trouble (as in, I don't have the time) re-configuring everything to work around the thing. The modules I can write in my own time, and they are easily updateable. Fighting with the SE just isn't something I'm up for. It probably is easier to use, but when you know something well already...
I usually write kernal modules that nerf certain permissions.
This way, users can do what they like, but they can't fsck anything up.
Failing that, I reckon a big man with a large knife could probably go a long way to keeping them in line.
Well, if the technology that uses the emails is exploding, surely the software/systems that archive the software are too.
A couple of BSD box's with some Oracle or similar should do it.
Not flaming on anyone in particular, but maybe people should try reading all of the comments. Most posts thus far have been all things like "save-tree" and so forth, indeed, before logging in, most of the posts that show up are like this.
The problems of disk/network i/o aside, the idea that "I liked the paragraph I just deleted" is moot when this save tree is in place. You deleted something, just go back to it in the version tree. Quote from earlier in the page:
1. You create your document "Great Novel".
2. You edit your novel.
3. You shut off your computer.
4. You turn on your computer.
5. You open up "Great Novel" and it takes you where you left off.
6. After editing for three hours, you decide that you really don't want to kill of your hero, so you ask for the document to be rolled back by 50 minutes.
7. You start editing from that point, which automagically creates a document branch.
8. After twenty minutes, you like what you have, and decide to label the version on this branch "best version".
9. You later decide to go back to your abandoned branch, and label it "hero dies".
10. Over the course of months, your version tree becomes extremely bushy. However at any time you can ask for the most recent "best version" or see a history of all versions in which "hero dies".
End Quote.
Sure, its a little more intensive (again, see note on disk/network io above), but it saves a lot of problems. I wrote a small program a few months ago to do this, and (whilst it still has a save button) is the best thing someone could ask for. Mine does a version save in two situations. On demand (hence the save button) and every line of text (whenever someone hits the enter key) it's not really intensive, I just don't do huge files against it.
Of course, if you wanted to do big files, we have a lovely program in the *nix world. It is called diff. Get the idea?
I work in tech support, and Im with the parent. bring on the chimps, they might understand that a reboot might solve the problem...