[Snort-users] Legal Form Advice

Jacob Redding Jacob at ...7322...
Fri Oct 25 15:46:02 EDT 2002


  I have a general question that I was hoping could be answered in this
group. I have recently switched jobs from a consulting position to a
permanent position as a systems analyst/administrator. As you can probably
guess (from inclusion on this list) I use products such as Snort often
(ethereal, tcpdump, ntop, etc. etc.). When I was working as a consultant I
was legally convered by proxy of my employer. I no longer have said luxury.

   So my question is "How do I write (or copy) a legal document that will
make it clear to my manager(s) what type of information I will be able to
view and also protect me from firing or prosecution".

  This is a scenario that I am worried about.
My immediate manager is very technically adept, she understands networks
and there inherent insecurity. The manager above her does not however. If
that person perceived my network analysis actions as "hacking" or "invasion
of privacy" I could be fired for such reasons or even prosecuted (it is a
possibility).


Here are the facts, just so that this is clear.
1.) I do work for this company.
2.) My Immediate manager does understand what I am doing
3.) My title is Information Systems Analyst / System's Administrator
4.) I do have security clearance into the building (physical keycard)
5.) I am a trusted member of the faculty.(just looking to cover my butt a
little more)
6.) I am not specifically looking for passwords, but I can see them (pop
account, http web logins, ftp, etc. etc.)








More information about the Snort-users mailing list