Network security help - Sportbike Forum: Sportbike Motorcycle Forums
 
LinkBack Thread Tools Display Modes
post #1 of 7 (permalink) Old 05-23-2006, 03:39 PM Thread Starter
 
Join Date: Oct 2005
Posts: 2,442
Network security help

I know this is a Sportbike forum, but I also know that alot of the member here are pretty computer savi so I figured I give it a shot here to.

Here's whats going on. My dad called me earlier today and said that someone in his works IT department remotely logged into his computer and acessed his personal files. Who ever did this wasn't to bright, my dad is completly computer illiterate, but was able to tell what happened because he checked the user log in's and saw that his computer was accessed as well as what files were viewed. He asked me to come up and secure his files so that this couldn't happen again. I'm trying to think of possible ways to do this. I don't think he has full administrative rights, but he can install programs and such. His boss agrees fully that this needs to be adressed, so I can get administrative rights if necessary but I would prefer to bypass the IT department since thats where the problem seems to lie.

These are my thoughts so far, first would be to create a folder that is only accesible by a particular user, that being my dad. But from my knowledge of Windows Server 2003 an administrator can take ownership of folders fairly easily. If their is a way to make this method work and prevent unauthorized viewing of the data, this would be my prefered route.

My second thought was to move the data to a thumb drive, but I fear my father would forget to remove it and we would be back to square one. If thier is a way to make a restricted partition on the HD or secure the thumb drive, I would be interested in this route. It's simple and seems fairly secure. I'm not worried about loss of the acutual thumb drive or theft of it since his office is behind lock and key, and the IT department does not have access.

My third thought was to encrypt all the files with a 256bit or larger encryption system. This seems like the most secure way to do it, the only problem would be if he forgets his password or someone places a key logger onto his PC. But then again, if the person was dumb enough not to delete their log in from the reccord, I don't think this will be an issue.

Those are my only thoughts thus far. His work is trying to do this without making a big deal out of it, or paying for it, so naturally they went for a semi-computer savi son of a worker lol. I know their is no way to make this 100% secure, because as long as their is a desire, someone can get it, it just comes down to how much they want to. I'm looking to make it very very inconvientent for whom ever is causing this problem. Any suggestions or ideas would be appreciated greatly.

Thanks alot,
Sepias
SepiasSoul is offline  
Sponsored Links
Advertisement
 
post #2 of 7 (permalink) Old 05-23-2006, 05:32 PM
Strength and Honor
 
kanwisch's Avatar
 
Join Date: Oct 2002
Location: Central IN
Posts: 6,144
If your dad is fighting the IT department, I think the data stored on his workstation should be at the bottom of the list of issues. He IS the client, isn't he? IT in all cases I can think of should have access to his system and if there's a reason they shouldn't, then he should have one built within his own domain, thus preventing all others from accessing it. But somebody's gotta setup the domain. This is just a weird comment.

Yeah, USB drive or desktop encryption are the best bets but include overhead issues.

SportbikeWorld Supermoderator

Dragging knee is for the track, and dragging tail is for the lot. --Kane Friesen

When you're in a car, you're watching a movie; when you're on a bike, you're in the movie. --Robert Pirsig

Identity theft is not Fun
kanwisch is offline  
post #3 of 7 (permalink) Old 05-23-2006, 05:56 PM Thread Starter
 
Join Date: Oct 2005
Posts: 2,442
I'm not worried about the cost, so long as the solution is simple. The main problem with it all is, the IT guys got into some sensative data about certain officials within the organization he works with and they may leak it to the press... I'm not sure what they got into, but that is what I've been told. I'm not sure why they don't want to go with a professional, but for some reason he and his boss would rather I deal with it. He is the client, but he is also the vice president of his work, unfortunatly the way the organization is laid out, he can't directly get rid of the IT guy that did this, and the president has loyalties to him and won't fire him. It's a really F'ed up situation. If you can think of any other simple solutions that would be effective, let me know.

Thanks,
Sepias
SepiasSoul is offline  
 
post #4 of 7 (permalink) Old 05-23-2006, 07:26 PM
 
Join Date: Jun 2000
Posts: 1,991
Hi SepiasSoul-

If your father is at the VP level can he simply opt to work from home on a machine not connected to the corporate network? All of his work can be saved to a thumb drive that he will need to ensure is safely in his pocket whenever he steps away from the machine. With all of the Sarbanes-Oxley accounting and financial regulations out there everything on one's work computer must be squeaky-clean.

Is this something personal or professional in nature? Either way, the horse seems as if it is already out of the barn. Wouldn't the IT department be on the hook for releasing private corporate information if it is related specifically to work? I'm inclined to think if he boosted the physical security of his office and relied on a thumb drive for his work he could resolve most of these issues.

~ Blue Jays ~
Blue Jays is offline  
post #5 of 7 (permalink) Old 05-23-2006, 09:10 PM Thread Starter
 
Join Date: Oct 2005
Posts: 2,442
It probably would, but he is computer iliterate, old, and senile so he would most likely forget to remove the thumb drive and it would be back to square one. It was a sort of a work related file, I beleive it was from his past job that he still does freelance work for. It apparently increminated someone from his last job who is already facing some charges of some sort. I'm not sure wether they will need me or not, he might be resigning (my dad not the guy in the file). He and his boss had been having some disagreements latley, and not firing the IT guy might be the last straw. We will see. Thanks for your input though. If you come up with any more ideas, let me know. I'm also looking for ways to secure my server 2003 at home. I've been "loosing" files since I gave my mom access to some of my externals.

Sepias
SepiasSoul is offline  
post #6 of 7 (permalink) Old 05-24-2006, 04:27 AM
Strength and Honor
 
kanwisch's Avatar
 
Join Date: Oct 2002
Location: Central IN
Posts: 6,144
Jays has a good suggestion of working from home. Alternatively, he could get a laptop and work from that at the expense of the company.

In the mid and large orgs I've worked in, IT signs off on being fully responsible for working with all institutionally sensitive data and therefore are highly trusted members of the staff. Regular audits ensure that everyone is in line, too. Its always sad to hear of someone of our ilk perhaps abusing their position but it wouldn't be the first time its happened.

I think PGP is going to be the way to go for you. If remembering passwords is a problem, there are many options to securely store passwords on workstations and only require the user to remember one password. You or his boss could even serve as the backup keeper of the password in case your dad forgets it.

SportbikeWorld Supermoderator

Dragging knee is for the track, and dragging tail is for the lot. --Kane Friesen

When you're in a car, you're watching a movie; when you're on a bike, you're in the movie. --Robert Pirsig

Identity theft is not Fun
kanwisch is offline  
post #7 of 7 (permalink) Old 05-24-2006, 08:44 AM Thread Starter
 
Join Date: Oct 2005
Posts: 2,442
That might be the way to go. I'll have to find out if he is still there or not. He was really pissed last night and might have quite, I wouldn't put it past him. Thanks for your help Kanwisch and Blue. I don't think the guy that did this is a trained IT guy, he seems to be way to clumsy for that, but you never know.

Sepias
SepiasSoul is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Sportbike Forum: Sportbike Motorcycle Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome