LBC
asked on
security breach!
i have recently had somone illegally come onto my network to create a firewall rule to allow them to have unauthorised access to a personal nas drive that sits on the netword.
i grant contractors access to the network allowing them to create a firewall rule . however, i was looking at the rules and seen that someone had created a rule to allow them access in and out - i have a suspiion who it might be but how do i get the evidence to sack them ?
we use watchguard and a admin account
how could i find out when they logged in/out to do this ?
i grant contractors access to the network allowing them to create a firewall rule . however, i was looking at the rules and seen that someone had created a rule to allow them access in and out - i have a suspiion who it might be but how do i get the evidence to sack them ?
we use watchguard and a admin account
how could i find out when they logged in/out to do this ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i have created my own account - thanks for your help
My suggestion, don't delete the rule or stop it. just change something simple like the protocol or port it uses. Also, don't change your admin password YET.
Monitor the logs over the next few days to see who logs in and makes changes.