[Snort-users] Legal Form Advice
michael.boman at ...4162...
Fri Oct 25 20:37:01 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Saturday 26 October 2002 06:45, Jacob Redding wrote:
> I have a general question that I was hoping could be answered in this
> group. I have recently switched jobs from a consulting position to a
> permanent position as a systems analyst/administrator. As you can probably
> guess (from inclusion on this list) I use products such as Snort often
> (ethereal, tcpdump, ntop, etc. etc.). When I was working as a consultant I
> was legally convered by proxy of my employer. I no longer have said luxury.
> So my question is "How do I write (or copy) a legal document that will
> make it clear to my manager(s) what type of information I will be able to
> view and also protect me from firing or prosecution".
> This is a scenario that I am worried about.
> My immediate manager is very technically adept, she understands networks
> and there inherent insecurity. The manager above her does not however. If
> that person perceived my network analysis actions as "hacking" or "invasion
> of privacy" I could be fired for such reasons or even prosecuted (it is a
> Here are the facts, just so that this is clear.
> 1.) I do work for this company.
> 2.) My Immediate manager does understand what I am doing
> 3.) My title is Information Systems Analyst / System's Administrator
> 4.) I do have security clearance into the building (physical keycard)
> 5.) I am a trusted member of the faculty.(just looking to cover my butt a
> little more)
> 6.) I am not specifically looking for passwords, but I can see them (pop
> account, http web logins, ftp, etc. etc.)
So what you want is a 'Get Out Of Jail' card. Those are best written by real
lawers, but if you want to roll out one of your own you need it to say
In the course of your work you are allowed to intercept and record network
traffic for intrusion detection/policy violation purposes. In the course of
this there will be a certain 'waste', ie it is very possible that you would
intercept allowed/permitted traffic - including username and passwords of
ligimite users. You want the signers (basicly top managment) to understand
these issues and permit you to do this traffic recording and analysis.
I also advice you NOT to run any kind of IDS etc if you are declined approval.
Also check how your IDS monitoring clashes with HR deparment rules + laws in
But the best is to hire a lawer for a couple of hours to write the whole lot
up so you are covered at all bases.
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users