>We have talked to him and he just figured out the passwords to a few >accounts of people that are not computer literate and don't change >their passwords.
I would keep an eye on all traffic from this guys computer (and user account)for a while regardless, also monitor your traffic to look at times when you know a user shouldnt be there but has traffic. This may or may not still be a security breach as he wouldn't tell you if he was breaking this system if he thought he was getting caught. I would also let this user know that what he done was just as illegal as actually hacking the system. If corporate user, I would also make this an official write up so that you may fire this guy if he strikes again without problems. If he is testing passwords he is trying to illegally obtain other users information or even worse corporate data which he may not need access to. If he goes without some form of discipline I am afraid you will send out the message that you dont mind if they illegally attempt or access your system. Again from what you said you did it was like you were punishing the users of your system and not the person that was doing the illegal activity. If he would have been straight with you in the beginning and came to the IT department in private and said I think I found a problem with the system and if you would like I will show you the issue. He didnt do that, he played games with your department and you may or may not have gotten the whole story. Did he come to you or was this talk that came back to you from other users? Allen ---------- Original Message ---------------------------------- From: "David Allred" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Mon, 16 Sep 2002 14:27:53 -0700 . Things have been fixed and we are forcing everyone in the >company to change passwords. Very simple for the computer user and not so >simple for the upper management to remember passwords. > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Sanford >Whiteman >Sent: Monday, September 16, 2002 12:33 PM >To: David Allred >Subject: Re: [IMail Forum] access to mail via web > > >> I have a user that says he can access all email accounts via the web >> and read the mail. I have yet not been able to duplicate the issue >> and he will not tell us what he is doing. > >A corporate user? If he's not forthcoming about his tactics, sounds >like grounds for dismissal. It's one thing--a good thing--to inform IT >of potential breaches, another to extort or be in any way secretive >about the actions taken to uncover the breach. IT is your province, >and you are required to have this information. As Scott said, he's >probably trying to fake you out into divulging more of your topology, >passwords, et al...if there's a known human behind this, it's time for >him to go, IMO. > >If the user's human identity is not known, lock out the account, like >everyone else said, and stay cool...audit your non-IMail security and >see if anything has changed, start planning your IDS implementation, >etc. > >-Sandy > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >--- >[This email has been prescanned for viruses by Declude and F-Prot] > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
