[Snort-users] Legal Form Advice

Michael Boman michael.boman at ...4162...
Fri Oct 25 20:37:01 EDT 2002

Hash: SHA1

On Saturday 26 October 2002 06:45, Jacob Redding wrote:
>   I have a general question that I was hoping could be answered in this
> group. I have recently switched jobs from a consulting position to a
> permanent position as a systems analyst/administrator. As you can probably
> guess (from inclusion on this list) I use products such as Snort often
> (ethereal, tcpdump, ntop, etc. etc.). When I was working as a consultant I
> was legally convered by proxy of my employer. I no longer have said luxury.
>    So my question is "How do I write (or copy) a legal document that will
> make it clear to my manager(s) what type of information I will be able to
> view and also protect me from firing or prosecution".
>   This is a scenario that I am worried about.
> My immediate manager is very technically adept, she understands networks
> and there inherent insecurity. The manager above her does not however. If
> that person perceived my network analysis actions as "hacking" or "invasion
> of privacy" I could be fired for such reasons or even prosecuted (it is a
> possibility).
> Here are the facts, just so that this is clear.
> 1.) I do work for this company.
> 2.) My Immediate manager does understand what I am doing
> 3.) My title is Information Systems Analyst / System's Administrator
> 4.) I do have security clearance into the building (physical keycard)
> 5.) I am a trusted member of the faculty.(just looking to cover my butt a
> little more)
> 6.) I am not specifically looking for passwords, but I can see them (pop
> account, http web logins, ftp, etc. etc.)

So what you want is a 'Get Out Of Jail' card. Those are best written by real 
lawers, but if you want to roll out one of your own you need it to say 
something like:

In the course of your work you are allowed to intercept and record network 
traffic for intrusion detection/policy violation purposes. In the course of 
this there will be a certain 'waste', ie it is very possible that you would 
intercept allowed/permitted traffic - including username and passwords of 
ligimite users. You want the signers (basicly top managment) to understand 
these issues and permit you to do this traffic recording and analysis.

I also advice you NOT to run any kind of IDS etc if you are declined approval. 
Also check how your IDS monitoring clashes with HR deparment rules + laws in 
the country.

But the best is to hire a lawer for a couple of hours to write the whole lot 
up so you are covered at all bases.

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the Snort-users mailing list