I have an employee in our IT department I suspect of using dameware to look over the shoulder of users with sensitive information (GM, HR, etc). Is there a way to detect it when it happens? Is there something I can install that will alert me when a dameware connection is established? I'd like to catch him and terminate him if he's doing this.
Furthermore, if I can't catch him, is there a way to block it? I'm sure there are common ports that I could block with a firewall, but are there other methods?