Reason Please!

[John]

Hi all,

I have one internal employee which used the hacking tool to scan our network
and change our administror account. He did not get any permision and thought
it help us to do internal assessment. Can anyone give me the reason why he
should not do it in the production network?

Thank you.

 

[David H. Lipman]

From: "John" <John@discussions.microsoft.com>

| Hi all,
|
| I have one internal employee which used the hacking tool to scan our network
| and change our administror account. He did not get any permision and thought
| it help us to do internal assessment. Can anyone give me the reason why he
| should not do it in the production network?
|
| Thank you.

He should be summarily fired ASAP.
No ifs, ands or buts !


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[Tom [Pepper] Willett]

The reason is he did not have permission. And, if he's using hacking tools,
he should be fired immediately. Make sure when he's fired he can't get near
a networked computer or the petty cash box. And change *all* the passwords
to every computer/account on your network ASAP, if not sooner.

"John" <John@discussions.microsoft.com> wrote in message
news:33E09FAE-05DA-4DF6-AAED-EE2305215362@microsoft.com...
: Hi all,
:
: I have one internal employee which used the hacking tool to scan our
network
: and change our administror account. He did not get any permision and
thought
: it help us to do internal assessment. Can anyone give me the reason why
he
: should not do it in the production network?
:
: Thank you.

 

[David H. Lipman]

From: "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com>

| The reason is he did not have permission. And, if he's using hacking tools,
| he should be fired immediately. Make sure when he's fired he can't get near
| a networked computer or the petty cash box. And change *all* the passwords
| to every computer/account on your network ASAP, if not sooner.
|

D'oh.

Yes. Passwords now should be reset ASAP!

Thanx Tom!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[Tom [Pepper] Willett]

Dave: I can't believe the OP had to ask for a reason -)
Around my office, it would be a fireable offense, no questions asked.

We also have every employee sign a network/internet usage policy that's very
tight, and in no uncertain terms lays everything out.

Tom
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OCtPyO9fIHA.5996@TK2MSFTNGP04.phx.gbl...
: From: "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com>
:
: | The reason is he did not have permission. And, if he's using hacking
tools,
: | he should be fired immediately. Make sure when he's fired he can't get
near
: | a networked computer or the petty cash box. And change *all* the
passwords
: | to every computer/account on your network ASAP, if not sooner.
: |
:
: D'oh.
:
: Yes. Passwords now should be reset ASAP!
:
: Thanx Tom!
:
: --
: Dave
: http://www.claymania.com/removal-trojan-adware.html
: Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
:
:

 

[David H. Lipman]

From: "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com>

| Dave: I can't believe the OP had to ask for a reason -)
| Around my office, it would be a fireable offense, no questions asked.
|
| We also have every employee sign a network/internet usage policy that's very
| tight, and in no uncertain terms lays everything out.
|

In my environment, it would be prosecuted.

I am total agreement for a corporate AUP. It is the "correct" way to deal with a company's
computing assets.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[Roger Abell [MVP]]

"John" <John@discussions.microsoft.com> wrote in message
news:33E09FAE-05DA-4DF6-AAED-EE2305215362@microsoft.com...
> Hi all,
>
> I have one internal employee which used the hacking tool to scan our
> network
> and change our administror account. He did not get any permision and
> thought
> it help us to do internal assessment. Can anyone give me the reason why
> he
> should not do it in the production network?
>
> Thank you.

What is the role, are the job duties of this employee?
If the scan was entirely unrelated to job, that is one thing
(and what of his job that was not getting done at the time?)
but, if his job does include some form of IT, then it may
be another thing. How trusted is the employee and of how
long a standing in the organization - I mean is it only a
well intended misstep or attempt to get given new tasks
helping with your IT infrastructure involved here?

Knowing the strengths and fixing the weaknesses of one's
infrastructure is a good thing. Finding out about needed
changes is a good thing. Usually it is very important that
the production systems meet the highest standards.
If he does not scan then it seems likely someone should
given his success on whatever non-production internal
infrastructure that was penetrated.

Roger

 

[Roger Abell [MVP]]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uGw7Q59fIHA.3940@TK2MSFTNGP05.phx.gbl...
> From: "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com>
>
> | Dave: I can't believe the OP had to ask for a reason -)
> | Around my office, it would be a fireable offense, no questions asked.
> |
> | We also have every employee sign a network/internet usage policy that's
> very
> | tight, and in no uncertain terms lays everything out.
> |
>
> In my environment, it would be prosecuted.
>
> I am total agreement for a corporate AUP. It is the "correct" way to deal
> with a company's
> computing assets.
>

In my environment there are approx. 60,000 students able and
willing to plug at any server and/or client system exposures.
Yes, there is a policy, but on a network of two class Bs, much
goes on unnoticed in all the traffic.

Roger

 

[Why Is This So Complicated]

You might want to check with an employment lawyer before you fire the guy.
You don't want to bring a lawsuit down on yourself for accidentally violating
the law. Even 'at will' employees (meaning those who aren't guaranteed
employment for x years) have rights not to be terminated in violation of the
law. Just a thought. Good luck.

"John" wrote:

> Hi all,
>
> I have one internal employee which used the hacking tool to scan our network
> and change our administror account. He did not get any permision and thought
> it help us to do internal assessment. Can anyone give me the reason why he
> should not do it in the production network?
>
> Thank you.

 

[David H. Lipman]

From: "Why Is This So Complicated" <WhyIsThisSoComplicated@discussions.microsoft.com>

| You might want to check with an employment lawyer before you fire the guy.
| You don't want to bring a lawsuit down on yourself for accidentally violating
| the law. Even 'at will' employees (meaning those who aren't guaranteed
| employment for x years) have rights not to be terminated in violation of the
| law. Just a thought. Good luck.
|


I've got news for you. Tampering with the company's assets gives an employer full rights to
terminate.
The employee has NO rights to tamper with the company computer system.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[Dobromir Todorov]

Now you need to prove that what he was doing was 'tampering'.

Here is a defintion from Wikipedia:
"Tampering involves the deliberate altering or adulteration of a product,
package, or system. Solutions may involve all phases of product production,
distribution, logistics, sale, and use."

If the law where you are uses a similar definition, do you think that what
he was doing was 'tampering'?

Regards,
Dob

--
---
HTH,
Dobromir

Visit http://www.iamechanics.com

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uWD6%23oOgIHA.3352@TK2MSFTNGP04.phx.gbl...
> From: "Why Is This So Complicated"
> <WhyIsThisSoComplicated@discussions.microsoft.com>
>
> | You might want to check with an employment lawyer before you fire the
> guy.
> | You don't want to bring a lawsuit down on yourself for accidentally
> violating
> | the law. Even 'at will' employees (meaning those who aren't guaranteed
> | employment for x years) have rights not to be terminated in violation of
> the
> | law. Just a thought. Good luck.
> |
>
>
> I've got news for you. Tampering with the company's assets gives an
> employer full rights to
> terminate.
> The employee has NO rights to tamper with the company computer system.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

 

[David H. Lipman]

From: "Dobromir Todorov" <dtodorov@msn.com>

| Now you need to prove that what he was doing was 'tampering'.
|
| Here is a defintion from Wikipedia:
| "Tampering involves the deliberate altering or adulteration of a product,
| package, or system. Solutions may involve all phases of product production,
| distribution, logistics, sale, and use."
|
| If the law where you are uses a similar definition, do you think that what
| he was doing was 'tampering'?
|
| Regards,
| Dob
|

"...used the hacking tool to scan our network and change our administror account. He did
not get any permision..."

That's tampering.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp