Dealing with people who bypass security measures

Discussion in 'other security issues & news' started by AshG, Feb 6, 2006.

Thread Status:
Not open for further replies.
  1. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN
    I could use some advice.

    I administer a couple small networks around town. I have them locked down nice and tight but not to the point that I probably should. One computer in particular is run by someone who defeats my countermeasures at every turn.

    My standard loadout is NOD32 and MS Antispyware (hardware firewalls in place), with weekly runs of Ewido. For the non-profit budgets of these groups, that's fine and there are rarely if ever any problems. But, as I said, there's one user who turns off the protection or clicks "Allow" any time they see a cute screensaver or a rotating wallpaper program.

    I'm tired of going in and cleaning this computer out every week, especially since I'm maintaining that network gratis. What can I do to deter this one person from making my life a living hell? If I have to remove one more toolbar or get rid of another trojan, I'm going to push the keyboard somewhere it doesn't belong.

    Your help and advice is appreciated.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Just tell this person that if they persist in doing what they are doing they will have to find another IT person.
     
  3. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Definitely. This wouldn't be one of those problems that I'd try to solve with software. If someone is deliberately being obtuse, then deal with that person or have someone above him deal with it.
     
  4. AshG

    AshG Registered Member

    Joined:
    May 7, 2005
    Posts:
    206
    Location:
    East TN
    Believe me, I wish it were that simple.

    The affected computer is at my church. It's a rural community without much in the way of tech support. If it weren't for the fact that dropping that job has major repercussions that could result in nastiness and me possibly having to leave the church, then I would have dropped it a while ago.

    The secretary has basicly said that since she's the only person who uses her workstation, she can install on it whatever she wants. She's been around a lot longer than I have, and it's made setting up a Acceptable Use Policy beyond difficult.

    Ergh, the things I get myself into.
     
  5. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    Indeed. Or charge them at $80 per hour for rectifying anything that could have been avoided had your security measures been left fully operative and unabused. Otherwise thay are just taking the p*** and getting away with it.
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The secretary needs to feel the repercussions of her actions. When her computer is no longer functional and she needs it, and you, you can negotiate from a position of strength. Also you might want to discuss it with the minister/pastor/priest. Do you physically go to the site? There is remote administration software you can use.
     
    Last edited: Feb 6, 2006
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Her attitude reflects a prideful and rebellous attitude. Very different from the way of a true Christian.
    You are doing her a favor by keeping the system operational. If it were me, and I belong to a church, I would tell her and the pastor that if she persist in the way she is operating, then the church is on its own as far as its computer is concerned.

    When she has a problem that is likely a result of her way of operating in contradiction to what you have told her, then tell her to find someone else to fix it.

    Now if you do not desire to take such a course of action, just fix it when it breaks and don't complain.

    Jerry
     
  8. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
  9. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Don't drop the job because you're frustrated (even though you are). Drop it because it's become too much work for you to do (which is also true). Don't turn it into an issue. If the secretary wants to turn it into an issue, that will reflect on her, not you.
     
  10. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I am missing something because it is too simple of an answer . Actually , a couple of options . One , of course , is to charge her $$$$ for having to clean up her crap . The other is , you have already cleaned it up and now , when it gets screwed again , tell her you are sorry but , you cannot work on her part of the network anymore . Besides , you say you do it for free . I DO NOT EVEN THINK SO !!!!!! She has an attitude . Soooo , charge the B%$#@ !! Simple . Any questions , explain the deal .
     
  11. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    My friend is head of IT at a small firm, the way he has gotten around such issues is telling them that if they do such things then they are on their own, that he will not help. So far it has worked quite well for a number of years.

    I would write it out how much she is putting at risk by doing this (such as the CWS identity theft ring).. that the primary motivation for malware is money, and they will not have any problem using any information they get from that computer. I would make a write-up of all the risks and all the acceptable use policy.

    I think the most important part of this would be yoru presentation. When presenting the idea that you won't be there to clean it up, I would put it in terms that you simply do not have the resources to continually clean up a compromised machine, that malware is extremely difficult and time-consuming to deal with, and that the guidelines put forth are in the best interests of everyone involved. It will take everyone to make the systems work smoothly.. and that means not treating it as a personal machine, however does not exclude some personalization (maybe bring in some disks with screensavers and such, or offer some safe download sites). I think if you present it that way, a call to "pull together" so that no one person is put upon too heavily, that you should be able to make some headway while gently pointing out the selfishness of her actions without having to address them directly.

    If all else fails, you could put together some gateway content filtering. This can be done cheaply with an old machine and a free or low-cost proxy. If you don't already have this, it may be something to consider anyway. Unfortunately I don't know of any off hand, but if you really need it I could try to help you hunt some down. I would also definitely password protect NOD32.. if you need a reason, say that it's to protect it against malware.
     
    Last edited: Feb 6, 2006
  12. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Set her up with a limited user account on WinXP and/or configure NOD32 with password protection. Configure her email such that it restricts the execution/opening of attachments, if possible (some allow this such as Outlook and Outlook Express). There are definitely some technical steps that you can take. Most aren't necessarily 100% foolproof, but many would at least force her to be as knowledgeable as you... and she doesn't sound too bright if she continues to neglect your advice and get socked with malware on a weekly basis.

    If technical solutions aren't of any use for whatever reason, and dumping her as a client is out, and charging her fees for your time is also out... then at least document every minute you work on her machine and clean it out. You may also want to save results of your malware scans and result logs. Also, and this is VERY important, make her sit there with you for the entire time that you work on her machine. Don't let her go drink coffee, go out to lunch, or go shopping. Make it her time she is wasting as well, not just yours. Invent some excuse if you have to. Tell her you are just trying to educate her or something. But, do not let her leave. In fact, make it as painful as possible, tell her boring stories about computer viruses and lecture her on the various forms of spyware. :ouch:
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I forgot about that, you could set up software restriction policies with XP SP2 so that those things won't even run.
     
  14. GUI_Tex

    GUI_Tex Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    189
    how notok?
     
  15. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    There are tools especially for this.

    Tools that are used in schools and InternetCafe's.

    Take a look at tools like:

    Deepfreeze
    Shadowuser
    Illusion
    Watch-IT

    They all are made for students.

    They work all like this.
    You install the computer the way it should be.
    Then you 'freeze' the current situation and let the student work
    (he may even remove windows files)

    After the usage, you switch back to the original state.
    Data can be stored in one directory or more that is excluded.
    But is no Windows System Directory.

    If you need more info, pm me.
     
  16. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  17. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Good suggestions. Now that you mention these utilities, I might also add the Microsoft Shared Computer Toolkit to the list. I haven't really used it, and I suspect it's not as thorough as some of the programs and utilities you mentioned; but it's an option for those that might prefer to stick with a Microsoft sanctioned utility.
     
Loading...
Thread Status:
Not open for further replies.