Is scanning employer site considered hacking?

October 28, 2010 at 11:50:17
Specs: Windows 7
We offer free wireless access at the place where I work. I used a networking scanner to see what if anything was sitting on our network for anyone to access. I found unsecured file/folders. I notified my boss. I explained how I found the information and the IT person and my boss asked me why did I hack the network. I'm the bad guy for some reason. I thought It was a good thing that I found the info before some else did.

Thanks


See More: Is scanning employer site considered hacking?

Report •

#1
October 28, 2010 at 12:12:33
The IT guy is trying to discredit you by calling you a criminal.
Try to discredit the IT guy by calling him incompetent.

How To Ask Questions The Smart Way


Report •

#2
October 28, 2010 at 12:28:43
Thanks, for the reply. That,s exactly what I think. I told him. I'm just trying to help the company. His excuse was a Microsoft update that made them unsecured.

I was like
What what ??


Report •

#3
October 28, 2010 at 17:07:10
no good deed will go unpunished. I would expect my employer to react exactly the same, and I'll bet many others would to.

larry


Report •

Related Solutions

#4
October 29, 2010 at 10:13:43
As strange as this question might sound, I'll ask anyway:

Is it within your job responsibilities to scan your company's networks?

If not, then your boss (and the IT guy) had every right to question your actions.

From your boss's perspective, if you have time to scan the networks then you must not be busy enough with your own work.

From the IT guy's perspective, you're telling him how to do his job.

I don't know what you do for this company, so let's say you are an accountant. How would you feel if the sales guy in the next office re-did one of your reports, gave it to the boss and told him that you had been doing it wrong?

There are better ways to handle these types of situations than to show up a co-worker.

If you were concerned that there were security issues with the network, you had every right to notify you boss and suggest that the network be scanned, but to actually do it may not have been the best career move.

Unfortunately, the real world ain't pretty.


Report •

#5
October 29, 2010 at 11:54:00
I think the job of the IT person is to make sure the network is secure. If the IT person was doing his job the info would not be there to find.
I did talk with IT person before I did the scan. One time a customer was having trouble connecting to our wifi. When I was helping the connect I came across files that should not be open to the public. I told the IT person several times that I saw files open to the public. He told me that know body knows that the files are there and customers are not smart enough to find them.
When I talked to my boss the first time and told them what the IT person said. They told me to keep an out for other insecure things. When I find them the IT person does nothing to fix it. So, that's why I did the scan.

Also, when the IT person is not on site. I'm the step in IT person.


Report •

#6
October 29, 2010 at 12:50:37
a ms update would not unsecure the network in fact it would do just the opposite.
the network design is wrong if it allows guest to see anything on the corp network
your IT person is incompetent and it putting the company at risk due to his ignorance.

You are in a no-win situation. Until something bad happens you should just keep quite. Do make sure the backups are consistently completed and tested [do test restores to a spare drive]. No test= no backup. The company is going to need them.


Report •

#7
October 29, 2010 at 13:38:11
Some things don't make sense here:

re: When I talked to my boss the first time and told them what the IT person said. They told me to keep an out for other insecure things.

"My boss" is singular, "them" and "they" are plural. Let's assume - for the purposes of this discussion - that your boss is one person.

So, in one case he told you "to keep an (eye) out for other insecure things" and in the other case he asked you why you were hacking the network?

Either we're not getting the full story here or your boss has a split personality.

Maybe that explains the use of the words "they" and "them"


Report •

#8
October 29, 2010 at 14:04:36
I have two people above me that are my superiors. My 2 superiors do not want to make the IT mad by taking sides. They told me that if they make him mad he might quit and they could not afford getting another IT person for what they are paying the one we have now.
The IT person tells me one thing then our bosses another.
The bosses are playing both sides of the fence. Not wanting to upset anyone. Crazy!! I know. Thanks for replying it really does help getting other peoples opinion. Its the whole story. Soon there will be more to it as it unfolds.

Report •

#9
October 30, 2010 at 15:40:50
"Soon there will be more to it as it unfolds"
what is the up side for you???

larry


Report •

#10
October 31, 2010 at 11:43:23
Not really an upside. I guess for the employees there is one. 200+ SS numbers will not be out in the open for everyone to see. Just trying to make it a safe place. That's all. It's not like this is fun for me. should I have not said or done anything. Just left everything out in the open.
If you thought your personal info was safe then found out its not. What would be the best thing. sit back and do nothing ? or try to do something ?



Report •

#11
October 31, 2010 at 12:27:46
Sell it on the black market?
Leak the local press' personal information to the local press?
Really, only try those if you don't like your employer.

How To Ask Questions The Smart Way


Report •

#12
November 1, 2010 at 01:53:54
Being the low paid somewhat uneducated IT guy for a small company myself I would have gone to him first and asked " Hey is this supposed to be like this" and explained it was found while helping a customer. If this person in my opinion was just blowing me off or talking down to me then I would have drug him to the bosses by force if need be and the four of us would discuss it. If they all want to make out that I am the bad guy then I am, and every news station in town will know before the six o'clock news that they are basically giving away customer information. Now they can hire a real IT guy at a real salary and replace me too seeing how they just fired me.

Likely


Report •

#13
November 1, 2010 at 08:13:41
re: Now they can hire a real IT guy at a real salary and replace me too seeing how they just fired me.

...once again justifying the existence of the phrase:

"Cut off your nose to spite your face."


Report •

#14
November 1, 2010 at 21:40:46
I would have likened it more to cutting off my head. It is a given that my approach would not have been the "right" thing to do but at the point when I asked the IT guy " Hey is this supposed to be like this" I had not yet confronted him. Regardless of right or wrong at that point all involved need to be brought together. Less weaseling when all those being lied about are present. I doubt it would get as far as me calling the news.

This is an issue that needs to be addressed by the people in charge. They need to know that the IT guy either can not or will not do it right. After that they know that trouble is coming and it is up to them how to pay for it beit hire someone that can do the job or pay off the lawsuit. I would think if we can get to this point without threats and fairly politely we can all keep our jobs. Well maybe the IT guy can go back to cutting the grass.

Likely


Report •

Ask Question