NONDISCLOSURE indicates a clandestine effort, and is the critical word in my post ... There may well be a business case for it, but if anyone wants to put packet capture software on my network for a business use, they damn well better tell me about it before hand.
It's not just the WHAT Ben, it's the HOW and the WHY that bother me about this. I use network sniffers/packet captures on a regular basis to troubleshoot. But I NEVER put one in place without letting the owner know. Erik Goldoff IT Consultant Systems, Networks, & Security -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, October 28, 2009 3:08 PM To: NT System Admin Issues Subject: Re: Dell vendor rant! On Wed, Oct 28, 2009 at 12:32 PM, Erik Goldoff <[email protected]> wrote: >> "Another thing I did notice is that it has wireshark and winpcap installed." > > From a security standpoint, nondisclosure of that software being > preinstalled by the vendor is an extreme violation of trust and tantamount ... You're accepting a computer with software pre-installed by someone else, most of which you cannot view the code to, and you're okay with that. But they load a sniffer and you're calling the FBI? As a guy who frequently has to wear a "network admin" hat, I wouldn't want to try and diagnose a network trouble without a sniffer, any more than I would want to not be able to use ping or traceroute. FYI, a network sniffer (tcpdump) is a standard tool with many *nix systems. But then again, there are people who call abuse desks when someone pings them. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
