Dameware Connection - Security Breach
I have an employee in our IT department I suspect of using dameware to look over the shoulder of users with sensitive information (GM, HR, etc). Is there a way to detect it when it happens? Is there something I can install that will alert me when a dameware connection is established? I'd like to catch him and terminate him if he's doing this.
Furthermore, if I can't catch him, is there a way to block it? I'm sure there are common ports that I could block with a firewall, but are there other methods?
Furthermore, if I can't catch him, is there a way to block it? I'm sure there are common ports that I could block with a firewall, but are there other methods?
Check the Security Log for logons with his userid, on the target machines in question. Cant hide those, without clearing the log. Then the log will ahve an entry saying it was cleared by user x.....
ASKER
The problem with Dameware, is that you can install the client and services remotely and silently, and remove them when you log off, so unless you catch the monitoring while it's going on, you won't see any trace of their monitoring.
I know I can install a Dameware server that enforces certain security measures, like insisting users are notified before Dameware can connect, but we don't have that in place today.
I'm wondering if there's some software like little snitch for mac, that can monitor all incoming and outgoing connections, maybe. I just don't want the overhead of every connection, but if that's the solution, I'll look for a little snitch type app.
I know I can install a Dameware server that enforces certain security measures, like insisting users are notified before Dameware can connect, but we don't have that in place today.
I'm wondering if there's some software like little snitch for mac, that can monitor all incoming and outgoing connections, maybe. I just don't want the overhead of every connection, but if that's the solution, I'll look for a little snitch type app.
Windows Firewall has logging as well. Might be worth looking to see if it catches the connections...
Wont have any excess overhead from an app running in the background....In the firewall properties, go to the Advanced Tab, and you will see the logging....
Wont have any excess overhead from an app running in the background....In the firewall properties, go to the Advanced Tab, and you will see the logging....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I like the idea of installing it and disabling mrc thanks.
Perhaps look for the services?
http://www.dameware.com/support/kb/article.aspx?ID=100000
Regards,
RobMobility.