You can't secure what you don't acknowledge.SM

Tuesday, December 6, 2011

School staff members and porn - Why you should care

Here's an interesting read on government employees trying to make an extra buck by serving up pornography on their high school-issued computers. What a lovely story.

Don't think this kind of behavior is random. I've seen this very thing at the university level during a security assessment I did early on in my information security consulting venture.

You see, one thing I do during my internal security assessments is connect a network analyzer just inside the firewall for a few hours to look at general traffic patterns, protocols and the like. Interestingly, during this assessment I found a workstation that was the top talker on the network. No, it wasn't the email server, or the Web server or the high-traffic FTP server but, instead, a workstation.

After further review it was determined that a staff member was hosting porn on his computer...right on the school network. He was apparently doing pretty well as his workstation was sending and receiving literally 10 times the traffic of any other system on the network.

Folks, just because an employee passed a background check, had good references and seems to be a reasonable person doesn't mean s/he can be trusted to always do the right thing.

You've got to know your network...As I wrote about a network analyzer is a cheap and easy way to get rolling to make sure your network - and your users - are kept in check.

No comments:

Post a Comment