This may seem inappropriate but my butt is on the line, so please read on.
I have 2 developers who have domain admin rights in a windows 2000 environment. I discovered on Friday that these 2 have been creating a VPN tunnel to another companies network and having several machines on that network interact with one of our machines on the internal network.
I escalated this issue to our collective supervisor. I know what his response was and I also know what mine was.
I can guarantee that there is going to be a big turf war over this one and so I seek your oppinions.
Does this have the potential to become a large security issue?
Let me first make sure I understand you correctly.
You are saying that two users inside your network who you have assigned administration privileges to windows 2000 servers inside your network, have initiated a VPN tunnel between your server(s) and outside unauthorized server(s). Am I correct?
Well, first of all. If you don't trust these users, how come giving them administration rights in your servers in the first place? There is nothing technically you can do except deleting their rights and then, your boss or whomever in charge, can question them legally. They may have done other stuff to the servers.
Your problem I see here is not a technical problem as much as a policy problem. Why giving them admin rights in the first place?
What I would suggest you to do is to revise all users rights on the server and strip whatever rights you see unnecessary from users who are not supposed to have them. And make sure you audit the changes and other activities taking place in the network to protect yourself.
If they were given the admin rights voluntarily by you without proper authorization. So, be prepared to answer questions on why you did that. If not, then, its not your fault, and you have only given them what you were asked (by your manager or whomever) to give.
1. Do these developers need domain admin rights to do their job? If not, take them away.
2. Why are they creating the VPN tunnels? Is this to do their job effectively or for some other reason (i.e. gaming)? Make them justify it with a detailed technical explanation and explain why there is no other alternative.
3. Do you trust the other company?
4. Could your company's intellectual property or other sensitive data be compromised?
5. Do you have an IT policy in place that forbids this kind of activity? If not, write one and do your best to make sure it has teeth.
How to deal with the political issues in your company is another story. You should develop a thorough, _documented_ explanation of why this is no good along with an action plan and escalate this to your management or higher if necessary. You should also find some way to force these developers to explain themselves. Once you've escalated it, if you don't get the necessary support, at least you've done your due diligence.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...