>>>For instance, let's get back to the fact that more than 75% of system >>>abuses in typical commcercial environments comes from insiders. Is >>>anyone looking at what is different about these insiders that can be >>>detected or monitored? >>> >>>--spaf >>> >> >>I agree that the noise level is a little high. I joined the list to learn >>more about IDS and security (I have installed crack and COPS but don't >>consider myself a security expert yet). What about sniffing inside a >>firewall. Is there any way yet of possibly detecting a sniffer? >> >>-Chris > > >Chris, >When you begin installing sniffers within your organizations, you need to >look at the issue of violation of an individuals privacy. ***Now before you >go ranting*****, allow me to explain... >Justification is the only weapon you will have when you approach your >"boss", at whatever level that might be in gaining aproval for such a tool >to be used. If prior approval is not obtained and one of the "users" finds >out...there will be hell to pay in explaining why you were not just >targeting one workstation...or any number of other questions which are bound >to pop up. > >My basis for my statement is based on the fact that I work for the DoD and >this is a CRITICAL element when we are looking at a system/site. > >Tony Tony, Are there any laws (federal or state) or cases you know of that cover this issue of monitoring users with or wihtout their permission?? -robert