Who foots the bill for intruder lockouts?

0 Likes
Well... I survived Novell REDucation. This a local Novell conference held every year. Its main focus is on its partners and selling Novell solutions. So what, may you ask, is a Techie like me doing at a sales conference?
Well, it's all about networking. There are several new faces in our Novell country office including a new country manager and it was good to get to know all the new faces, see many familiar ones, and just catch up with everybody and find out where they are at in terms of Novell solutions.

A big thank you to Lauren Castelyn and all at the local Novell office for an awesome conference

The burning question on my mind today deals with "hack" attempts on e-mail accounts. Over the weekend one of my customers had their GroupWise account locked (Intruder lockout). From the log files we can track that it was done via GroupWise WebAccess and the external IP address that it came from is registered to the public APN of one of the biggest mobile data providers in South Africa. A call to the service providers support line reveals that their staff don't even know what an IP address is! Going a little further up the chain of command and they want a police case number and court order before they even start entertaining our queries regarding which customer was issued that IP address on that particular date and time. At this point I'm assuming that they even have the ability to provide that information should I get the police involved and get a court order telling them to give us that information.

The question is how far should we take this? This is one intruder lockout, probably from a disgruntled employee. Do we have the time and resources to take this through the legal system to reveal that one poor, misguided individual tried to look at his boss's e-mail? And, at the end of the day, who foots the bill?

What do you guys think and how do things work in your companies/countries?

Labels:

How To-Best Practice
Comment List
Anonymous
Parents
  • Well I find that most serious intrusion attempts come from China & Korea, less so from japan and even less so from Australia or Malaysia. So what I did was a quick Google search and found a very nicely predefined script to block China & Korea and my security file got much smaller, very quickly.

    As to the poor misguided individual trying to peek at his bosses e-mail, I think you do have to make the effort. The easy thing and nice thing to do is take him to lunch and quietly let them know the jig is up, but the problem with that is it sets precedent, and if the behavior repeats and it come time to take action, then legal problems start happening, so in my opinion, as an IT person you have to send it up the chain.
Comment
  • Well I find that most serious intrusion attempts come from China & Korea, less so from japan and even less so from Australia or Malaysia. So what I did was a quick Google search and found a very nicely predefined script to block China & Korea and my security file got much smaller, very quickly.

    As to the poor misguided individual trying to peek at his bosses e-mail, I think you do have to make the effort. The easy thing and nice thing to do is take him to lunch and quietly let them know the jig is up, but the problem with that is it sets precedent, and if the behavior repeats and it come time to take action, then legal problems start happening, so in my opinion, as an IT person you have to send it up the chain.
Children
No Data
Related Discussions
Recommended