Writing Permission Forms for Network Analysis? 21
Jacob asks: " I have recently left a consulting/training firm to work in the public sector as a contractor. Part of my job functionality includes analyzing network traffic and security. This of course includes using products such as ethereal, snort, ntop and other network sniffers/analyzers. While working as a consultant I was legally covered by the company in which I worked for. Since I am no longer working for that company I do not have that same protection and I am worried about the possibility of being accused of 'sniffing passwords' or 'viewing confidential data' as a result of a normal network analysis. What is your experience in creating a legally binding contract or permission forms to perform network analysis and/or security audits?"
Re:Good idea. Randall got burned. (Score:3, Interesting)
This is completely different from the story submitter who will have permission to test these networks but just wants a firm legal agreement in place before he performs any work.
Re:--More Information--- (Score:2, Interesting)
Re:Good idea. Randall got burned. (Score:3, Interesting)
Now if Randall had asked permission to do what he did and received the approval to do so, then that would have been a different story and he wouldn't be in the situation that he found himself in. But Randall didn't ask permission. He assumed authority and responsibility for something to which he was not given and got burned when he was caught.
In other words, Randal did something really stupid up and paid the price.