Ethical Hacker Community Forums

hello everybody,
I just lose my job because i introduced the ECCouncil qualification form to pass the CEH cert
i sent it by the hierarchical way and three days later they came and took my pc for  analysis
they found the metasploit installer, a rar of cain, and the exam prep guide that i just finished to download to sent them back to my storage mail

i won't stop studying security for this because it's more of a passion for me

what dou you think of it? am i a total ass or just unlucky?

i'm gonna say unlucky

Sorry to hear about the loss of your job but based on your email it sounds like a reasonably large firm and so probably has policies and procedures in place covering personal/private use of your workstation and more. Any good policy will cover what can or cannot be installed on that machine too.

Today with the media getting all hyped up about the latest compromise, most companies do not take kindly to finding those sorts of tools on a company computer. Their liability, depending on the industry and country, can be huge regardless of your intentions they are required to show due diligence and take action.

Then again if there are no policies in place and the country laws are non specific you might have grounds to dispute your dismissal.

That's very unfortunate, but as Dean pointed out, it may just be policy. And if not, by all means you should contest it.

they  said it was policy
they were very nice anyway i had the possibility to explain myself,
i told them i am studying security they also had a copy of the ceh form i introduced. they said that they have to dismiss me  due to the policy and i can understand, there is topics (even in here) that discuss about some risk like that

anyway thanks for all your reply
i feel a little bit less alone in the freaky part of computing loll

never had that feeling? speaking in the desert while giving a simple answer about computing?

it happens to me a lot these days specially when i speak about some project of mine with ex colleagues or nerdy friends

i m kinda computer addict loll
 

well you always have to be conscious of your company's security policy.  when you become a security person you'll be wanting to flame/fire people for not following YOUR security policy.

i've also run into, alot, that employees treat work computers as their personal computers which they are not and that is usually where issues and violation of policy come into play.

I understand your pain dean, I happen to work for a rather security paranoid (and rightfully so) organization with pages and pages of rules regarding computer use and installed programs.  All installed programs have to be OKed from my boss, her boss.. then Wash DC.  First thing I did, before I even hinted at installing anything, was to talk with my bosses boss, and with my boss and explain what programs I would like to install and their purpose.  I also explained my desire to gain the CEH and to work on security learning in general as a future focus of my career. 

After going through all the hoops, I have basically been given free reign to do as I like within proper bounds.  If I am going to do any scans I of course have to let the proper levels of boss-hood know, and get consent etc.  You just have to remember to cover your own 4ss first and foremost.  If you happen to scan something, and find a vulnerability.. you don't say a thing until you have gotten written or emailed permission to scan.  Heck, I had to get rid of Putty the other day, because a new policy regarding that specific program was implemented after a compromised machine was found using port 22 to connect out.  Not all policies make perfect sense, but remember your first priority is keeping a paycheck comming. 

It's a sad thing hearing you got canned over it, but I think it is a good reminder to the rest of us to watch out for our organization's policies as well.

g00d_4sh, I think you meant amede0 and not me. :)

I'm sorry for the outcome but on the other hand it is good to see that a company is enforcing it's policies. Most don't or do so selectively.

/dean

Dean its ok...

keep studying and you'll pass that CEH  :P

Ooops!  You're right, I ment Amede0... >>  Sorry, I'm rather tired.  Been studying for my CCNA.

hey people
just to keep you informed, i found a new job
as a service engineer in a NOC for the international division of the main ISP of Belgium.

That roxx

Congrats!  Have you started yet?  If so, how is it so far?

Congrats Dude!!

Brian

That is good to hear.  And I'm sure you know your companies policies inside and out now eh? :P  I'm glad to hear things worked out for you.

Good to hear and thanks for the follow-up. Congrats! :)

Congrats and good luck on the CEH!  ;D

I used to manage shifts at the NOC of a very large ISP. It was great fun when everything worked fine (and really scary when things didn't). I learned loads and was responsible for monitoring the backbone, the ISP's servers such as mail, DNS and RADIUS servers, and also the hosting/co-location server farm.

I learned so much, specifically about networking and UNIX. I'm sure you'll learn loads too.

Good luck for your CEH.