Posted on 2012-09-18
i have recently had somone illegally come onto my network to create a firewall rule to allow them to have unauthorised access to a personal nas drive that sits on the netword.
i grant contractors access to the network allowing them to create a firewall rule . however, i was looking at the rules and seen that someone had created a rule to allow them access in and out - i have a suspiion who it might be but how do i get the evidence to sack them ?
we use watchguard and a admin account
how could i find out when they logged in/out to do this ?