[Wolves] Consultancy work thingie for union office. (fwd)

Sun Jan 11 00:48:44 GMT 2004

I wish to understand the oranisation's structure.

Where are management physically? What are you allowed to do
to the boxes? Who pays for the equipment? Does everyone who
has to use the PCs want in on your dirty little scheme (:-)?

Do management use the same machines for anything? Are there
any services that the boxes supply that management will
notice missing?

The ideal is to take over the PCs, and understand each and
every one of the surveillance mechanisms, then control them
to always give benign results. Local files can be easily
secured using pgp disk, scram disk or other related tool
with a usb dongle stored key and secret passphrase to keep
in case the dongle is stolen, however these measures are
very rarely needed.

I need to know more before I can best advise...

bambam
-- 
Cry 'Socket(),' and let slip the packets of war;

On Thu, 8 Jan 2004, Old Dan wrote:

> Hi all
>
> I've been asked to do a security consultancy thingie for a union buddy
> of mine who works as a part-time union official in a particularly
> bolshie union office.
>
> They have this problem - they believe their computers are being spied on
> by management.  I think I concur - I looked at the machines a few months
> ago and found WinVNC running on them.  The computers belong to the union
> office, not the organisation, but they have a service agreement with
> them which restricts what they can do.
>
> Now I've got rid of WinVNC from their machines but they still are
> paranoid management are nicking off with their files when they aren't
> there.  What they want is unmonitored (at least by management) internet
> access and a way to secure their files so management don't get a
> look-see.  I was thinking smoothie for the internet access and maybe the
> use of an external hosting service running tikiwiki or somesuch for the
> files - it will slow them down I know but at least they'd be sure there
> is no snooping going on, and they'd have external access.  (I'll give
> them a crash course in secure passwords... :) )  They are running XP.
>
> Another alternative I was considering was installing cygwin on their
> machines and running X over XDMCP(in SSH of course) - but then I've been
> obsessed with that lately and the more I think about it the more it
> seems like a bad idea as the files would still be stored locally.  I
> suppose we could use an encrypted filesystem or something on their
> machines, but that probably breaks the terms of their support contract.
>
> Has anyone had any experience of anything like this?
>
> --
> Dan
>
>
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: http://mailman.lug.org.uk/mailman/listinfo/wolves
>