Networks , access and the law

archangel

archangel

Suspended / Banned
Messages
5,024
Name
Mike
Edit My Images
No
Howdie techie TPers......

I have a network with 3 members of staff with access to all files and emails. They also have remote access......

Is there a easy program with an easy user interface that would allow me to control their access and allow be to block their access if they were to leave.....

Also if one of them were to remove data or clients details for there own personal use, who would be held responsible under data protection....

Sorry if it sounds stupid but me and networking just don't get on.....
 
You would need to detail more of your infrastructure realistically, such as how is authentication currently being processed i.e. Windows Server Active Directory, other Directory Access mechanism or local users? Also, how is remote access achieved? VPN, Remote Desktop, Logmein-based?

I'm happy to advise but really need a bit more info before anyone can go further...
 
Neilc28 said:
You would need to detail more of your infrastructure realistically, such as how is authentication currently being processed i.e. Windows Server Active Directory, other Directory Access mechanism or local users? Also, how is remote access achieved? VPN, Remote Desktop, Logmein-based?

I'm happy to advise but really need a bit more info before anyone can go further...
Click to expand...


That has gone has gone straight over my head.......lol

We run Windows 7 over 4 desktops.....it is apparently through Windows server....

No idea how remote access is gained as the girl who used to work for us set it up and she has now buggered off........


One of my clients had suggested a user friendly program but I cannot remember the name of it but it give me full control of all the desktops, email accounts and remote stations......
 
neil_g said:
You must have user accounts set up somewhere.

How do you normally initiate the remote connection from off site?
Click to expand...

I personally don't access off site but the office girl has just informed me she does it by ftp
 
Does she use her own password or is it generic that everyone uses?

Same for email, is it a single email or per user?

(I think after this you need someone in to look at setting your systems up better)
 
Her own password......

We once had pure networks as a software for networking........it's there something similar?
 
Then she should have a user account probably set up on the windows server. Depending on how it's set up it could be in a couple of locations.

What version of sever is it ? And what email server (or is it direct to your ISP) is it?

Shouldn't need any 3rd party apps, just needs sorting out and documenting for you.
 
Will check in the morning which version it is.... thanks
 
From the legal side it's the Computer Misuse Act that would likely cover any unauthorised access by any former employees. You're responsible under Data Protection Act to safe guard any personal data that you hold.
 
archangel said:
Also if one of them were to remove data or clients details for there own personal use, who would be held responsible under data protection....
Click to expand...

If it's your company, it's your responsibility under the DPA. How do you encrypt the personal data you hold on people?
 
To be honest as an IT professional myself, if you do not know the answers to your own questions you have no control on your access to your business.
Seek professional advice and get someone in .
 
Well I would've replied earlier, but I got distracted by the pub, so sorry about that. Looks like the others have answered your query though and I completely agree with Mr Bump at this point, quite simply there are too many unknowns or variables for anyone to give sound advice, especially where there are legal implications.
 
st599 said:
If it's your company, it's your responsibility under the DPA. How do you encrypt the personal data you hold on people?
Click to expand...
I don't believe there is a specific requirement for encrypting the data unless it's payment details? Even then most opt to have the data hosted on a pci compliant 3rd party to avoid the hassle.
 
neil_g said:
I don't believe there is a specific requirement for encrypting the data unless it's payment details? Even then most opt to have the data hosted on a pci compliant 3rd party to avoid the hassle.
Click to expand...
When I looked into the DPA for a society I am secretary of I found no requirement to encrypt personal data.

Credit card data is a whole other thing as you say. We don't store any, everything is processed via a 3rd party site and we never see the card details of online transactions.
 
onomatopoeia said:
When I looked into the DPA for a society I am secretary of I found no requirement to encrypt personal data.

Credit card data is a whole other thing as you say. We don't store any, everything is processed via a 3rd party site and we never see the card details of online transactions.
Click to expand...
thought that was the case. we hold customer details but transactional/payment data is off site PCI compliant etc.
 
It's not as cut and dried as customer details vs payment data though. If anyone has high profile clients or shots of unreleased products or any number of other non-PCI data scenarios they would be wise to consider encryption. DPA is important but it's also a reputational thing - not only that but a lost/stolen laptop is likely to contain your own financial records.
 
wise? maybe (depending how confident you are nobody could get to the unencrypted data, why would you let users take physical copies of data off site when you can remote access).

required? no.
 
neil_g said:
why would you let users take physical copies of data off site when you can remote access
Click to expand...
One reason is offline working when out of the office.

What is the comparison of security of a remote login password versus security of a Windows (other operating systems are available) login password? Not being an IT person, I don't know the answer to this one.
 
onomatopoeia said:
One reason is offline working when out of the office.
Click to expand...

indeed. its a trade off, flexible working or security.

What is the comparison of security of a remote login password versus security of a Windows (other operating systems are available) login password? Not being an IT person, I don't know the answer to this one.
Click to expand...

depends on the remote access, whether the VPN password is encrypted etc. but often the VPN/remote access pass will auth against an AD/radius server which will have the same logon creds as the laptop anyway.
 
pk42 said:
They are not mutually exclusive.
Click to expand...
a machine taken off site containing physical copies of sensitive data is never going to be 100% foolproof. i.e. in the event of the machine being lost as we see in the media sometimes.

accessing the data remotely over a VPN for example where no data is stored on the device would be better, although like above does not allow for offline use.
 
a machine taken off site containing physical copies of sensitive data is never going to be 100% foolproof.
Click to expand...

But its data would be more secure if the machine is encrypted. Hence my comment that anyone with various types of data (not just PCI) would be wise to consider encryption.
 
pk42 said:
But its data would be more secure if the machine is encrypted. Hence my comment that anyone with various types of data (not just PCI) would be wise to consider encryption.
Click to expand...
maybe. depends on what was used i.e. the ones suffering with the old hibernate vulnerability etc, and whether the user left the data unlocked etc etc. its still not foolproof.

anyway. we'll have to agree to disagree, the OP thread is getting cluttered :)
 
Depending on what version of Windows Server you are using it may be an idea to look at implementation of the Rights Management (ADRM), that would help alleviate a lot of your concerns, but please note that not just any technician will be able to successfully implement it as it takes a good understanding of not just security and IT, but also business processes to an extent.
 
Off on a tangent here........ I was discussing this my landlady today when collecting the post.......she has similar concerns.......she wants to employ a company to take care of her network/computer needs but wants some recommendations.......... any suggestions of a good company etc......
 
archangel said:
She lives outside Reading.....
Click to expand...
Well Bristol is outside Reading.. :)
Back to the OP though...
This
Mr Bump said:
To be honest as an IT professional myself, if you do not know the answers to your own questions you have no control on your access to your business.
Seek professional advice and get someone in .
Click to expand...
In spades.
 
You must log in or register to reply here.
Back
Top