Ask HN: How do you protect your IP when you allow employees to work from home?
Hi, I would like to take your views on how you protect your IP, when you allow your employees to work from home? How do you ensure that they do not run away with all the code? Do you allow employees to do an ssh, VPN etc? Do they need to sign some kind of agreement?
5 comments
[ 3.1 ms ] story [ 24.8 ms ] threadWhen they are working in your office, in the room next to yours, are they prevented from putting in a USB drive and copying files that way?
The trick on the login server is to have the ssh wrapper utility that will allow them SSH access and also log their SSH activity. The app I wrote: - setup one user that the app will use where the SSH keys are store and secure the home directory - has 2 set of keys - admin in normal SSH keys - users that can access with admin SSH keys are added to the configuration, their UID is checked and compared between the confiuration and system UID for their user - app then calls a the app via a "connect" - this calls the "script" binary to log the output of the SSH session
Consists of 2 scripts: First script is the "connect" script - it will check if the user is permitted to use it (using the configuration file) the it calls, via sudo -u sshkeyuser script [options] ssh root@server . The logs are stored in /var/log/ssh-session/ where you can see all that it has been done in the users shell when he had it open.
And lastly - a strong NDA and contract to protect your IP and prevent them on bragging around on the "XY" feature they're working on.