I have a co-worker who is “Extra curious” and has been caught breaking into other IT staff computers and running snooping programs on the network. The issue was brought to management which wasn’t interested in the problem.
Where would you start in dealing with this?
I was told I can’t target any paticular individual due to legal concerns. I have to do anything dept wide or not at all.
I’m working on the switches – getting them hardened, but is that the right place to start?
This person was recently given the green light on deploying Snort at all our offices.
I don’t have any experience with that tool – but having this person in charge of a system which monitors all the packets on the network gives me the creeps.
Can Snort be used as an evesdropping tool? This person’s hobby is stealing logons and passwords.
Encrypting all the data point to point on the routers won’t do anything – so VPN and trunk everything?
I realize this is the perfect storm: a nightmare situation = and I want to protect my users.
Any experience in this matter (or anything similar) or ideas would be greatly appreciated.
Thanks for your input.
M
