anyone know anything about MAC address

skr00ge

It doesn't say much for system security.

There should be a couple of levels of security. Firstly a network login. This gets you onto the company network. Each user should have their own id and password (not shared).

Secondly an exchange server login and password.

I would be asking how two levels of security were breached? Why was this account in question not secure? Had the user shared their login details with other people?

Can people pick up stuff remotely? If so then it could be anyone accessing the server. This may circumvent the network logins but ip addresses would be traced and it should be possible to see if they are from a public network(AOL, pipex etc) or from inside the company (using a browser).

I think the company have bigger fish to fry than you. The IT department for starters followed by the account holder who's passwords seem to be insecure.
Securing this kind of server will be very tricky and should be configured by experts, not just people sent on a training course. If they are competant at setting up an exchange server then they probably would be worth at least 30-40k pa. i.e. Not just everyday jobbing IT dept staff.

I would be asking the personnel department (in writing) how they would be protecting me and ensuring that this kind of accusation would not be made in the future, and what steps were being made to improve security and tracking of company data. I would also get a new password issued to me. The password would be issued by the IT department, who also furnish the evidence of your guilt!!!

You're in an invidious position.

Both IP addresses and MAC addresses can be spoofed. So even if they say it was such and such a MAC its worthless.

albertross_2

If you didn't do it (and I do believe you), I'd ask for a written letter of apology and total exoneration, and a guarantee that all records of the investigation are removed from your file. Put the ball in their court, put up or shut up. If you decide to leave without it cleared up, it could affect your references unless they agree to drop it completely.

As others have said, their IT system sounds like a shambles.

Lorian

albertross wrote: »

It could affect your references unless they agree to drop it completely.

If the OP is thinking of leaving as they feel their position is now untenable they might consider approaching their solicitor to see if they actually have a case for constructive dismissal. IANAL.

Blacksheep1979

superscaper wrote: »

As chippy has said the number is unique to every network card/adapter. So every single terminal would be different.

It is unique when it comes out of the factory but it is a relatively simple process to change or 'spoof' the mac address. If the login/password is the same for everyone they cannot prove anything with just the mac address as evidence as this could easily have been altered.

amcluesent

What's the difference between the IT Dept's report & a bucket of sh*t? It's the bucket; they are trying to cover up bungling and/or minimal actual expertise.

However, a MAC address is in theory unique to each network card, but can be overwritten to be any MAC address (or a copy of another address) if you have the right software.

However a MAC address is only retained when sending data over a single connection, i.e from A-B. If the data reaches router B and is then forwarded to device C, the data will be 'framed' with the MAC address of router B. Device C will NOT be able to obtain the MAC address of A.

If they claiming MAC addresses prove a machine was used, I's asked about any routers or gateways on the network which could change the MAC address as the data is passed through.

What will be passed from A to B to C is the TCP/IP address of A. On most networks, these are given out 'on request' (DHCP protocol) and can change day to day. Static allocation of TCP/IP addresses in also possible, where each machine keeps its TCP/IP.

>as all users log in under one PC account name<

This is surely enough to invalidate any disciplinary proceeding. I'd keep a copy of this. If you do leave, forward to the Information Commissioner, noting your disappointment at a company playing fast and loose with data protection legislation.

scheming_gypsy

the_prophet wrote: »

"the reports exchange server had contained times when the user was not in the office. This is because the report on the exchange server was using the MAC address of the PC even during the polling phase. When we ran a report from the main server we pulled off all logs for the two machines and this gave us all the activity (MAC Linked) We then stripped out the relevant data. This data though contained actual loggins and polled data logins. All of the data found is correct but it is not possible to tell which of the logins are polled and which are typed by the users, as all users log in under one PC account name"

This roughly translates as

We have run reports on our Exchange severs and can't find diddly squat to enable us to point the finger at anybody due to our poor security. What we do intent to do though is to throw some technical terms and jagon at you in the hope that if it was you it'll scare you into never doing it again

the_prophet

amcluesent wrote: »

What's the difference between the IT Dept's report & a bucket of sh*t? It's the bucket; they are trying to cover up bungling and/or minimal actual expertise.

However, a MAC address is in theory unique to each network card, but can be overwritten to be any MAC address (or a copy of another address) if you have the right software.

However a MAC address is only retained when sending data over a single connection, i.e from A-B. If the data reaches router B and is then forwarded to device C, the data will be 'framed' with the MAC address of router B. Device C will NOT be able to obtain the MAC address of A.

If they claiming MAC addresses prove a machine was used, I's asked about any routers or gateways on the network which could change the MAC address as the data is passed through.

What will be passed from A to B to C is the TCP/IP address of A. On most networks, these are given out 'on request' (DHCP protocol) and can change day to day. Static allocation of TCP/IP addresses in also possible, where each machine keeps its TCP/IP.

>as all users log in under one PC account name<

This is surely enough to invalidate any disciplinary proceeding. I'd keep a copy of this. If you do leave, forward to the Information Commissioner, noting your disappointment at a company playing fast and loose with data protection legislation.

Hi amcluesent. thanks very much for this it is very useful and I think the key now is to gather questions to ask back because this seems to cause further problems, even having a little bit of knowledge is better than nothing so cheers again

skr00ge

Document every meeting/conversation. If not at the time then immediately afterwards (contemperaneously is the term I think). Record everything you can think of.

If you smell a rat then get off to a solicitor.

If you haven't the money for a solicitor and you're not bothered about a reference, then consider "stress"/"depression" caused by the whole affair and get signed off by the doc. I have colleagues who seem to have extra few weeks hols each year because of work related illness (mostly when the weather has warmed up).

They'd probably consider paying you gardening leave, and give you a blemish free ref just to get rid.

ormus

although its possible to spoof a mac address, its unlikely in this case as you need admin rights to install the sw. and users on a network should not have these rights.
as been said, its easy enough to prove which machine did the deed, its quite another thing to prove who did the deed.