Slashdot Mirror
Don't Network Administrators Require Privacy?
An anonymous reader writes to tell us that Recently their company has decided to move the IT staff out of their offices to make room for the Service Department. The move has placed the IT staff in cubicles that all face inward and lack, obviously, the ability to lock their doors at night. This is, to them, an obvious breach in security and privacy for what may be sensitive network information. Have any other Slashdot readers dealt with this sort of problem before? If so, what specific information was best suited to rectify these security concerns?
No, of course not. Just secure your computer and don't let people stand there looking over your shoulder. Get over it.
And hack your computer to display everything in ROT-13.
get a safe
Quit trying to make up bogus reasons as to why you don't want to be in a cube and just tell your boss, "I don't want to be in a cube." If it's a dealbreaker for you, resign. Next they'll be moving you down into the basement and taking away your red stapler.
You can mitigate the problem by demanding hardware locks to keep your equipment from walking away, and locking cabinets for storing sensitive information.
The obvious answer is simply to wage war against any other units in the business that oppose your using that private space, or plans for world domination for instance. I saw it in a dilbert comic once, they have never steered me wrong before.
Happy Noodle Boy says "F###ing doughnut! Mock me? You fried cyclops!!"
Maybe the Administrators should lock or logout from their computers when they are away.
Problem solved.
Dumbest Ask Slashdot EVER.
We ran into a similar issue at work. Our argument to keep our locked office was that since we have access to all the files on the network, under the HIPPA laws we're required to keep our workstations in a secured area like HR since confidential employee information could potentially be displayed on our screens. Don't know if it's true or not, but it let us keep our office.
This just sickens me, how can all these companies keep treating IT like this. We will revolt and without us the worlds infrastructure will collapse!!!
Wow, you didn't even get Fristage Postage.
A good IT admin should be able to secure the PC on their desk and therefore everything else that they access. Help your company cut costs and keep you, it is much better than the alternative.
Where I am now til the buildout was finished for our offices (cubes in a lockable room), my desk was at the end of a hallway in a little nook area across from the CFO's office. I got really sick of being mistaken for his secretary, and I had to have my workstation lock after a minute of idle time because it was so public. Blech.
So, poster, it could ALWAYS be worse.
If you behave well, i.e. no sensitive information on your workstation (it shouldn't be there), and lock or turn off your workstation, the danger is a large as having any active network port accesible.
If some manages to break into your desktop office, they most likey can break into your server room as well. If thieves are looking to steal the information (and not just the hardware) they'd go for the server room directly. A common thief would probably steal some desktops and run.
:-)
Logging out of your servers before closing down at night would suffice i'd say. Or use a solution such as the Sunray, just unplug your card and you're home free
Dont get me wrong, cubes are crap for a thousand reasons, but I dont think it's more of a security risk than sitting in your own room.
Probable impossibilities are to be preferred to improbable possibilities.
Aristotele
This sounds like a flimsy excuse to ask for a private office. If your network administrator needs to work in a locked room all day, your network is not secure enough!
Passwords should not be found on post-it notes stuck to your monitor, nor should they be saved on your computer, anywhere. Don't keep them in text files, emails, IM history, cookies, etc. Passwords should be memorized or written down in your wallet, or better yet, your company should implement a security token system and do away with static passwords. Any sensitive data which has to be stored should be encrypted. Any workstations or servers at your desk should be locked when you walk away.
Shoulder-surfing for passwords is extremely hard. Try it sometime: at 80 WPM or more, it's virtually impossible to follow and remember every keystroke, especially while trying to be inconspicuous. As for keyloggers, server theft and more serious security breaches, these should be dealt with proactively at a lower level. Screen potential employees carefully, and keep security cameras rolling throughout the office to discourage suspicious behavior.
domain combinatorics
Probably not what you wanted to hear, but if your desk/room is a security risk when the door is unlocked then I suggest you are relying on the wrong kind of physical security.
Have you tried defenestration of senior management?
Seriously, boo hoo. I don't mean to be a jerk, but BFD. Virtually every cubicle I've ever seen has drawers and cabinets that lock, and if you're a network admin you probably have a laptop anyways right? If you read your disaster recovery or even security plan (if you've got one) you'll probably find that all staff who have laptops are supposed to bring them home.
Could someone look over your shoulder? I guess... but there are people out there (like say, me, or employees at any other benefits outsourcing company) that have access to literally thousands or even millions of people's date of birth, SSN, etc etc. We get along just fine, so will you.
I mean, sucks you lost your office... I remember mine, it was nice.
Actuaries - making accountants look interesting since 1949
SHOWER CURTAIN!!!1
Where I work we have the same situation. However all of IT (security, network and so on) is in the same office area. In order to secure the area they just put up a wall and secure card access. That way the only people in there are the IT people. If you can't trust your IT staff, than they don't have any business being your IT staff. That way the risk is still there, but you don't have anyone other than IT in the area to begin with.
You might also try The Club® for IT employees with excessive egos. It worked for me (on mine).
Should be fine as long as they remove all postits containing passwords.
www.weberseite.at
on my cubicle that says "Anyone found breaching my privacy will be prosecuted AND/OR sued under the Privacy Act"
As long as I have a secure place to lock assets, I don't much care if I'm on a cardboard box in the middle of an amphitheater. It doesn't really matter if people can see over my shoulder, and I doubt most folks would care enough to bother. Watching scripts run isn't terribly entertaining. :)
Sure, an office would be nice, but given a lockable closet or something, there's no real need for one.
That's all it takes to secure it, provided your building is reasonably secure... as I would *hope* that anything that required locks and not just passwords would be in a secure data center elsewhere. I guess you could request a safe or something if cabinents were insufficent.
It seems like the larger issue is being evicted for the "Service Department". They're the ones that should be in cubes, but that's another story.
Keep all your paperwork in ROT13.
Load up the wage information of the people who did that, and any confidential information of them, their bosses, and the head honcho....
complain loudly and publicly about the problem "I was fixing a problem, and anybody could see Joe blogses details, and the personal issues effecting Jane at the moment"...
make sure people find out, then apologise perfusely that there was the security breach.. and say "well there's nothing I can say or do about it... just get over it. it's not like it's serious compared to what could have happened. The only sensible solution is to put us back where we were."
Or use your other option and walk out. I know atleast in the UK if you're a competent sysadmin it's easy to find work. It's only a problem if you're a useless dumass! - at which point, get out of the industry, we find it real hard to find decent people, you're just noise!
I happen to be a network admin who sits out in the open.
It's not that big of a deal, but I guess I don't sit there looking at confidential passwords all day long!
I do, however, always lock my computer when I get up (xscreensaver...ctrlaltdel). That seems sufficient to me.
Oh! And I don't leave sensitive information sitting out on my desk, either.
Everything I need to know about copyrights I learned from Slashdot.
lighten up, dwight
"sensitive network information."
Uhuh. Would this sensitive network information be the log of all those websites you network admins visited last month, and that copy of Quake 4 you installed on the Company Mail Server?
Just because you guys are the only ones who have access to the firewall logs doesn't mean we don't know what you get up to.
Draw up a budget proposal for whatever locking file cabinets, secure equipment cabinets, Kensington locks (better than nothing...) and desktop security software that you'll need to ensure the security and functionality of your information systems. Keep in mind that this includes not only malicious snoopers but also cleaning staff that snag cables with their vacuum cleaners, and take whatever precautions are necessary.
Be thorough, but don't make stuff up. Don't make it a turf war, just make it clear that you're working to protect the systems that you're responsible.
Come up with this proposal, and an estimate of the costs, and request that Accounting begin soliciting bids from vendors. And then lightly suggest that this would not be necessary if you could have good locking offices.
Keep in mind, though, that private offices are only effective if they are truly private. If they're not always proerly locked, or if too many people have the keys, then you'll be the worst kind of office hypocrite.
Most hardcopy information can be locked up in a file cabinet. Critical electronic information should be on a machine locked in the server room, not on a local PC.
Most places I have worked _everyone_ who was not a manager or above was in a cube. Get used to it.
Disclaimer: I do not work in IT.
(didn't Stephen King write a book about that department;-)
All our IT group works in one room. Out front there's desks for our students to filter incomming people and deal with low level requests. There's also a big workbench down one side for systems we are fiddling with. Then in the back there's two cube partitions that hold the 4 staff. Two desks per partition, facing each other.
Know what? I actually like it. We have almost no staff meetings and part of the reason is we are all there and can talk to each other as needed. In fact usually we work with at least one headphone off so we can hear what's going on and stay informed. If someone is doing something that needs a lot of concentration, headphones go on and they get left alone.
It works really well, and means there's one central location people go to for computer support.
As for privacy, from what? Anything remotely private isn't in my desk, it's on my computer. Well, we all have root so we can all get in to each other's shit if we want. The room itself locks to keep others out at night, of course, but as for my coworkers, well if I can't trust them to not mess with my stuff, they probably shouldn't be employed anyhow. Any of us could, if we wanted, wreak massive havok having the root password to all servers, the enable password to all switches, etc.
Sounds like just so much whining to me.
> If so, what specific information was best suited to rectify these
> security concerns?
The first step is to update your resume.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Whether or not this is correct, you should organize a demonstration of how easy it is to:
Of course, invite everyone who is someone in the company to this demo, including people like the CEO and CFO. In short, people who care about data security.
And whatever you do, keep a paper trail, by sending emails to the power-that-be, keeping a paper copy, and be as courteous and professional as can be, while being firm that this situation is unnaceptable. Please remember that these are probably not technical people. But they will understand that some data should stay inside...
Just my 0.02 US$ here of course, IANAL, but I am a sysadmin.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Oh no - the company might be able to steal THEIR OWN SECRETS!
Why is this an issue at all? I'm confused. You're already working for the company, any information you have access to is owned by them anyway.
Are you really worried that your company might be stealing trade secrets from themselves?
You went from an office to a cube... bummer.
I went from a cube to an area as small as an elementary school kid's desk. Not kidding. I can hold hands with the guys that sit next to me.
We got removed from our rather spacious room to make room for... NOTHING! It's empty, was empty when we moved in, and it's empty now. 75% of the building is empty actually.
Two guys got let go... that freed up 2 cubes. We tossed 6 desks in there and called it good. We each have a desk. No storage for books, no cabinets, just a DESK.
Quit griping.
when I worked in IT in 99. cubes are way cheaper than offices, said el cheapo uno.
ignorance is bliss. googlefiberatx.com
Again, on Dilberts advice... You should probably hum west side story and have a dance fight.
The Internet is full. Go Away!!!
Passwords should be memorized or written down in your wallet, or better yet, your company should implement a security token system and do away with static passwords
And what happens when the admin dies in a car accident? Shit, now we no longer have access to the network because some smart ass memorized his password rather than documenting it in a secure location.
I have been working at my current employment for a couple of years now. They actually take pretty good precautions about the IT department and keeping 'them separated from the rest of the pack'. However, they leave the business department in the open. The same business department that regularly accesses credit card numbers and social security numbers in front of the general public. I really do not access that much sensitive data on a daiy basis and neither do my coworkers. I think IT seclusion is important, but so is seclusion of other departments.
Victory shall be mine!
If transitioning from a previously secure office arrangement, seems the main issue is a matter of changing old habits, so as not to leave secure stuff on your desk. Mentally flag all secure items you deal with on a daily basis, and make a secure environment for them. Passwords on Post-its? Put the passwords instead in a book, and secure it in the locked case or machine room. Backup tapes, software CDs and dongles? Same thing. If storage space is at a minimum, often the locked down machine room is overlooked for such purposes.
Andy Grove had a cube too. Quit yer bitching.
sulli
RTFJ.
This is just another one of those questions that doesn't solve anything. It's just a forum to vent your frustrations of working for a crappy company. It's annoying and has become the way of things for Slashdot as of late. What happened to reporting technology news? THIS IS NOT NEWS. This is someone's personal problem that I really couldn't care any less about and it's wasting valuable real estate. Get over it, find a new job if it bothers you that much, and leave me out of it.
This is a political argument, and you already lost. Ho hum.
I have no such problem, since, as sysadmin, I am the only person in our office who can work Visio, and consequently I am the person who draws all the floor plans when we rearrange the office.
~~~~~ BigLig2? You mean there's another one of me?
Given recent history and experiences posted on Slashdot, it appears that actual physical demonstrations of security holes may open you up to getting fired and even charged with a crime. There have been a number of well meaning admin types who have demonstrated security problems only to find themselves in trouble. Among other things, an active demonstration might embarass The Powers That Be. If you write a memo describing the problem The Powers That Be can either address the issue behind the scenes or just ignore the memo. On your end, you can look for another job if you feel that the environment is one that you're uncomfortable with.
Just for the record... In the case of my employer, computer security is very strong, so I'm not writing from personal experience.
1. Don't write down passwords.
2. Lock up sensetive information.
3. Have a wild cougar patrol the datacenter at night.
Not to make you sound stupid, but those locks on most file cabinets, desk drawers etc are complete and utter shit.
They use disk tumblers instead of pins like the lock in your house and can be consistently opened with a bent piece of stiff wire.
Do NOT think that those locks are security in anything but name. They exist solely to satisfy insurance companies that you "lock" things up.
[Fuck Beta]
o0t!
Um, log off or lock your workstation.
The move has placed the IT staff in cubicles that all face inward
If you need to, turn your desk so your monitor is not visible to people peering through your doorway. As for the others standing on chairs to see over the cubicle to view your screen, well ... let's just say they are noticeable. :)
I say go ahead and tear down the special aura that has classically surrounded network admins. Secretive, not fully understood, a human black box ... much like the Google entity of today. Timse have changed. Coming out to be part of the work community has benefits -- don't just look at the bad side and be scared of it. Can anybody tell me why network admins stereotypically want to be treated specially? I mean everybody wants to be special, but you know what I mean about network admins. If anybody replies and says "No, I don't, give me a example", I will assume you are a network admin and cannot see the forest for the trees so likely I won't respond. ;)
I'm a Network Administrator for a very large corporation and I found myself in the very same situation.
I had my own private office, however a request was made by Human Resources for the construction of new offices for their own use. Rather than the $10,000 price tag, I _requested_ that I transfer out to the cubicles on our main floor. Basically, it was a decision I made for the benefit of the company.
I find that no one really _needs_ private offices, unless they participate in confidential conversations. HR, for example. But really, couldn't offices or boardrooms be booked for those type of activities?
Once I was out on the floor, it was very simple to establish security. My main system was placed in a physically secured location (data centre) and I remotely accessed the PC via secure connection.
You have to understand that nothing is really secure. I ran it like a bank - it could be hacked, but I wanted to catch the person afterwords. Everything on the remote PC and local PC was logged and I also trained security cameras (inexpensive purchase for a 2 week DVR) on their locations.
Also, you can install privacy screens on the front of your monitor so that only the person sitting directly in front of it can see the desktop. They also help with glare.
I find it much more enjoyable with the rest of the team now. Having a private office can be rather lonely for managers sometimes.
Network admin'ning is almost like mathematical work, or theoretical physics .... and the job REQUIRES calm quiet space in which to think through problems without distractions.
Cubicles are at some level designed to be an environment in which distractions are forced to always occur -- people seeing other people and communicating business information to each other hive-mind style.
It is sadistic to force the person whose job requires deep thought to be continuously exposed to architecturally-built-in distractions.
From a management point of view, this is not a 'serious breach of security'. If you're talking about a few network administrators and not an entire IT department, then security should not be an issue if proper precautions are taken as mentioned here in other posts...passwords (changed regularly), lock pc when you leave, locked cabinets, etc. There is no reason why a network admin would require a locked office. Now if we were talking about an entire IT department, there are hardware components and pc equipment that do need to be locked up, in which case it would be sufficient to have a locked room for the entire department. If at one time your network admins had a locked room, that was a luxury, not a necessity.
The reasons for the move could be cost cutting, but it could also be more complicated than that. I used to manage a call center that handled accounts for several different outside companies. The support that was provided for these different companies were totally unrelated. Eventually they acquired a contract with a health insurance provider. The laws surrounding this type of support are very strict. The areas that support this type of account must be secure and separate from the rest of the call center, and ANY personnel who have access to these areas must take a basic course on Personal Information Security and the laws that are applicable. There were managers who lost their offices and 'secure' areas, because this new account needed the additional privacy more than they did.
Point is, you never know what the reasons are for a move like this, but they are usually sound decisions based on business needs.
Here is something we need to avoid at all costs: Making IT cheap and affordable (so that we get to stay on a little longer). That is plain stupid and I am sure that everybody in the industry sees this just like I do (with the exception of Microsoft of course, that is trying to kill us all by underselling us). You might like to argue that every $$$ your employer spends on IT in general does not go into your salary / your companies consulting fees. Let me tell you it wanders into your pocket, albeit indirectly: You will find it much easier to argue a $150/hour if the other expenses for equipment went into the hundred thousands than to argue a $50/hour for a machine that cost $10,000. Same thing goes for salaries. So... do us and everybody a favor and not "fuck up the prices, willya!!"
In my parents basement there is no lock at all. My servers and boxen are unlocked. This is the fate of us, the network administrators.
less is more
Point: there really could be some legal workplace precedent you could argue with, but if you have no clout beyond getting your "Q:" posted up on /. then you might as well find some other subversion. 'Cause this ain't gonna get your chair turned around.
Try this:
1. Stand up
2. Pick up chair
3. Turn seat of chair to face vast expansive window which allows you to look upon the masses with contempt (we all know your motivations by now) 4. Sit down in said chair
5. say fifty times "hail tux"
I'll go ahead and give you a little.
I'm a network admin and not only am I part of the small percentage in our company that has an office, I'm part of an even smaller percentage that has a locking door. For me, it might not be completely necessary but it's desired for 3 reasons:
1) Work space - At any one time I might be working on 2 or 3 laptops and desktops while loading a server or configuring a router, etc. I need the space to set it all up. I have a counter top that runs along 2.5 walls of my office and a long table on the blank wall and it's all often occupied. My office doubles as my shop/lab.
2) Security - I have stacks of laptops, hard drives, routers, switches, etc. stored in my office and with our growth, more coming in every day. It's not that someone couldn't steal this stuff from elsewhere in our facilies, it's just that it's much easier to get to in my office. No unplugging, unbolting, etc. Just grab a stack of laptops and go. I've seen cabinets mentioned in other posts but I have too much stuff going on and if I was in one of our cubes I'd be lucky to fit 1 cabinet.
3) Peace and quiet - Between the useless chatter, relentless phone calls, streaming music and other noises, I can hardly hear myself think out there (cube world). Not to mention the drive through questions. Everybody and their little brother feels the need to stop by my office and ask a question on their way by. I don't mind it all the time. In fact I'm quite sociable, open and helpful but when I'm troubleshooting a tough problem or working on a project I just don't like to be disturbed. I generally deal with user issues in the morning and work on projects in the afternoon and evening. After lunch, when I close my door, everyone knows not to come knockin unless their problem is preventing them from completing their work.
That's my 47 cents.
MG
I've rarely seen cube farms without locking drawers that can be used for storing anything sensitive. When I was doing admin work I usually had corporate officers lock all that stuff up in an eight-hour fire safe, because I knew that just locking it up in my office wasn't enough to stop a determined theif, fire, flood, etc..
I'm much more concerned about a network admin that flaunts sensitive information as a rebuttal because he doesn't want to be moved into a cubicle, than I am about network information hidden by a cubicle wall rather than a more classical solid version of a wall. Your "bricks-and-mortar" walls are redundant in a virtual world, and so are the more limited cubicle versions. Simple suggestion: lock or log-off your terminal and turn the screen away from the cubicle opening. Now how tough was that? .... oh, the problem is you're still in a cubicle? Well most of the people around you are too; start a self-help group with the other people if it bothers you. This article isn't about security ... it's about cubicles and a whiner for crying out loud!
1) Find the CFO's home directory.
2) Open up the salaries Excel doc.
3) Scroll to the execs - most likely at the top anyway.
4) Set your screensaver firmly to the off position.
5) Get permission from your boss to leave early.
Managers...especially American managers only care about quarterly profit. Thus things like infrustructure and security do not matter until there is a disaster.
Anyone can see this with the GOP and the first "MBA President". Our borders are wide open and our bridges and levies are falling apart. The solution? Keep cutting taxes! They are crazy.
So to your managers the move probably fulfilled a short-term perceived problem and to heck with network security...of course if something bad happens they will blame you. See in American being a leader means always having someone else to blame for your failures...just ask President Bush and his supporters.
Get over it loser. Welcome to how the rest of the IT world has operated for the last twenty years. If you are like 99.9% percent of companies out there you probably never had any real security to begin with. Just a stupid illusion that managment idiots and bureaucratic fu..ers like to live under. GROW UP AND SUCK IT UP!!!!!!!!
I've worked in places where all the administrator's desks are out in the open and there's almost no security, and I've worked in places where they all have offices that are locked with key cards.
I have to say that in the first case everybody's desk is usually nice and tidy at the end of the day (no expensive hard-/software lying around), while in the second case there's often a tendency to leave the place a mess: "Hell, the door's locked anyway, right?" Maybe, but this isn't good either. For instance, it's a lot easier to loose things this way.
Besides, the most important thing is that your data is kept on the servers and that they do get their own office that can be locked: the server room. It's also better to have official places to store expensive hard-/software -- not just to leave it in people's offices. And, you can always lock your desk.
Having said all that, I'd still hate to loose my own office. It's so much easier to have a private conversation with the manager from another department if all you have to do is close the door behind you. But, if they want to take that away from you, well... then when they come to you, they won't have any privacy either.
Privacy is important to any real network admin / computer support person. Not only do we often has information up on our monitors that would compromise security if it was viewed by others, many of the phone conversations involved in resolving problems also contain information that may be sensitive. Someone close to my desk could pick up IP address, Router information, Type, model and OS version on our firewalls. For instance, we had a video conference with our manager on Friday regarding the implementation of the patches to our Cisco routers and whether it had to be done this weekend. He asked for the router passwords over the phone...his opinion is that EMail is unsafe. Then there is the other type of work we do. For example, I was working on a report last week that basically involved some deep data mining of our health plan over the last five years. The benefits person, a sweet young thing of 55 going on 2000 was asking me how to take the data and apply various scenarios to it - such as increasing the employee contributions, reducing maximum payouts and removing some coverages. Its obvious from our conversation and from the data that cuts are going to be made. This sort of stuff is not something management wants to be public. Wednesday, I had to recover about 100 EMails for our Human Resources person. Some of them included questions about Employee evaluations. Some companies may not ever have their Net Admins talk on the phone or use their monitors to work on but we sure do.
It could be far worse....just be happy they didn't hire someone in New Delhi to administer your servers.
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
You are asking about privacy, not about the limited access of specific company-owned information.
You are NOT entitled to privacy in the workplace. You are entitled to limit access to your work materials to those employees that have the need to know.
Two completely different concepts.
You can run IT from a cubicle, there is nothing terrible about that. If you are going to type in a password, look over your shoulder and make sure nobody is watching you. Access to the machine itself is no issue since you are not going to put your servers in your own office, they go to their own room. If you were running all the servers from your office then you are not as smart as you think you are.
Regardless of server OS, you can manage it from anywhere, there is no need to be sitting in front of the damn machine.
As for privacy, when you signed your offer letter and you agreed to follow company guidelines, you pretty much signed away any hope of privacy in the workplace. The boss can listen to your phone calls, can read your mail and read your paperwork. Yes, your boss can read your personal email if you are trying to read it from your workstation at the office. It is the company's computer and you are using the company's resources for personal reasons.
Now, say you are a programmer or a DBA, then you need a bit more shielding from prying eyes. But the plain IT folks? Nah, they can sit outside like everyone else.
Pedro
----
The Insomniac Coder
Is that you're worried about someone booting your computer in single user mode. Secure it with a bios password and bootloader password. And make sure your screensaver locks up after a VERY short time out. I know it's a pain in the ass, but that's what they're making you do. On the other hand, since it;s obvious you can do your job very well from anywhere, why not from home?
Nothing great was ever achieved without enthusiasm
Just register your concern with management, and they ultimately have to take responsibility for the decisions they have made. I have seen many IT departments that do not have individual locking doors. If your responsibility is not security, why worry? The bad decisions of inept management may help to dispose of some of the undesirable idiots who often end up in positions of power when their incompetent decisions backfire.
It's time to start reading the BOFH notes to be found at the Register website!
Go to http://www.theregister.co.uk/odds/bofh/
Read every single word and learn how to USE the power of the computer!
Dilbert is a losers! Dogbert is a second rater! Catbert is a wannabe!
For your troubles my friend you need the best!
You need the Bastard!
Heed the words and you will have your private room back in no time flat.
Take it from a computer geek who has his own office and big shiny windows looking out on the great outdoors. The Bastard changed my life for the better and he can chnage yours as well.
I adminster the mail server among other machines (~100 UNIX/Linux servers) and no one's ever even implied
I might one day have an office.
It seems that the service department is having intermitant trouble with printing and network access. Wonder why? Be creative. In a month they'll demand to move bact into their old space.
The IT staff is responsible not only for their computers but also the property of the company. Personally, as an IT worker, the government building used cubicles for IT staff, however, at night, the area locked so only IT personel can get into the cubicle area. There is alot of personal employee property and information in there. Notes on the desk, computers, users computers that are in the office, among other things. With todays day and age of security on esp. corporate networks, I belive this is a really poor choice by allowing IT workers, at least the upper level ones, to be in cubicles and not have the security of their own office.
Bryan
What are you in, marketing? You ever hear of key loggers ya horse's arse? Do you understand that physical access to a system is practically system ownership, irrespective of what operating system you're running? Give me physical access to your network admin's box and I will own your organisations data.
A network administrator holds the keys to the kingdom in any environment where information is valuable. Meaning, if you're in an environment developing any type of IP which you don't want your competitors knowing about, you better treat your network admin as you would your personal body guard, because that is what he is in that scenario. Industriable espioniage is real. It happens. Having some fracknut in your organization who read 2 copies of 2600 and wants to be a hacker, is real. That happens. Key loggers are trivial to obtain and use. That happens. Booting a system through an alternative means and futzing with the info on the harddrive is real, that happens.
If your organization's information is valuable, then your information security strategy had better include physical security and not just some idiots idea of "oh just log out of the machine and you'll be fine you stupid retard."
Dumbest Slashdot Reply. Ever.
You can get an equivalent tool in most auto-supply stores -- the kind you're supposed to stick in a corner of your side mirrors to give you a wider field of view. Once it's on your monitor, any movement in it (signaling an approaching surfer) catches your attention.
Read the best of all of Slash: seenonslash.com
You should get one of those mirrors that sticks onto your monitor so you can see somebody coming. You should have a hotkey or hotcorner for locking your screen. You should encrypt the senentive data on your workstation and the keys should never exist on your machine... they should exist on a usb keychain or wallet cd.
Since your workstation is now accessible to all... that last bit about keys is imperitive.
As for physical security... if something is so sensitive that it must be locked in your office perhaps it should be locked in a vault or cage instead. A teenager could kick in an office door and gain access to the sensitive bits. And if it's that important... maybe it shouldn't be up to one person to keep track of it. If the information is dangerous if it gets out... then maybe what you need for this stuff is more like an armory and less like a bunch of offices secured with cheesy locks.
And in general... I hope you got a bonus and raise for this. Otherwise it's a pretty lame demotion. Instead of adjusting the security policiy to reflect your new surroundings... I'd be spending that time looking for a new job. This was a power struggle and your boss was too much of a pussy to defend your position.. so fire them. Go get a new boss someplace else or go into business for yourself.
You totally missed the obivous. Just hit the circut breaker on their cube farm once and a while, and go out for lunch. Only leave 1 cell phone, and 1 pager on. Call the Number on the pager on the cell phone, and pretend that you cannot hear. "You have a problem? I cant hear you" "Just folllow the contigency plan." "I Cant hear you. We'll be back in an hour or two... just tell me then..." Those who live if glass houses, shoudnt stow thrones.
Look, you dont want your sysadmins (or anyone who has access to sensitive information) sitting with his back to a large glass window which is at ground level next to commonly walked path by employees or the public.
However, if you are going to exist in sets of cubicals then be certain that that team is able to monitor who is walking around and standing around the area. In many companies have sensitive departments that are walled off. Everyone with a particular security level/trust would sit in a seperate cubical area with a common access control mechanism.
Office space is expensive.
I haven't had an "office" of my own for a few years. I express the need every so often and I'm actually getting space for one now. But that didn't come about for any reason other than my boss getting tired of hearing about it.
All of the documentation for our dispatch center has been stored in a bookshelf within dispatch. That's a controlled area but the dispatchers can all view it. As I predicted, one of the dispatchers did dig through it and made copies of certain documents. She then supplied those documents to one of the deputies who is now using that information as part of a suit against the county (long story, he thinks we intentionally have bad radio coverage).
Management didn't give a shit about that. The insurance folks shook thier heads in disgust but then they've seen it all with our county so nothing shocks them anymore. When that documentation made it to the internet it still didn't phase anyone.
Privacy? You want privacy? Around here they either think you're being a prima donna or you're up to something. There can't actually be a need for privacy.
. Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
I used to have an SA job where I had my own office. I was very productive, and could lock the door and keep the lights off like I wasn't there during the times I had to really concentrate on programming and system admin stuff.
I prefered a closed office, or even one that doesn't have my back to everyone!
Then they moved us to an open cubicle system where my back faced the end of a long, well-traveled hallway. People bugged us constantly about every small little thing because we were "UNIX admins," and "must know about why my UPS is beeping." PHB's asked, "What's that mean?" and "Should that be red?" and "Let me see what you do, and comment on it as if I have done it better than you since the beginning of time," and my favorite, "Why do you do everything in a little black DOS window? Is this 1982? I mean, come on, use Windows!"
I quit that job, along with almost everyone else. Sadly, my new job also has open cubicles, but it's a much smaller company, and we don't get bothered NEARLY as much.
I'm pretty sure that if this company in question is publicly-traded and US-based, this is something Sarbanes-Oxley will not just frown upon but force them to switch back and simply not allow to happen. They don't mess around with stuff when it comes to I.T., and that's not just a security risk to them, it's a HIGH security risk. And they'd be quite right.
If it's not a publicly-traded company though... you're hosed. Get a new job, because there may as well not even be an I.T. Dept. in that case,a nd your bosses are incompetent and when things go wrong they'll blame to I.T. staff for being there and not going to great lengths to make up for it, not themselves for movingg them there.
But yeah, I'm pretty sure that's a SoX violation of very high magnitude...
Although I realize the majority (?) of people running servers are probably not running some sort of windows environment, the majority of office workers probably use Windows. A very quick and painless thing to learn when you leave your desk is to press the windows key + L, which means to lock the computer (in Win2000 locks it, in WinXP goes to the logon screen).
I lock my machine 90% of the time I leave my desk for longer than 1 minute (should be 100%). Even though there's nothing important on my computer, you'd be suprised at the different types of problems that could occur:
- Someone could send an email from your machine for fun.
- Some people who don't work at your company could just walk in the door and start taking pictures around your office after hours (Yes, this has happened at where I work).
- Some enemy at your work could delete all your files? I dunno if anyone's that nasty.
But yeah, I even do it at home so my family uses the guest account as opposed to mine.
Get used to not having an office. IT workers are considered just slightly better than the janitor by most businesses. Hell, even the janitor has a private office where I work.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
I have just had the reverse experience - management locked the network admin department in, most of us felt pretty bad about it. It makes our work a bit more difficult with everything from letting visitors in to getting a cup of coffee (yes, our single coffee machine stayed with the rest of the company of course), having to deal with key cards and punching in pass codes every time. I've already locked myself out a couple of times.
I'd be happy if they'd let us out again!
Where previous admins had been so untrustworthy that it was determined close observation was necessary by management. That's usually what it means when workers are placed in cubes and it's mandated that their screens are easily viewable by management.
Once the house was swept, by the way, and trust re-established my team (the replacements) were treated like adults and silly rules went away.
Figure out why admins aren't trusted and do something to correct the problem.
Now IT is a high-security environment with all police passwords available, direct access to both mainframe and other databases w/o logging, direct access to local, state and federal databases, source code listings organized in cabinets in the hallways and old code stacked awaiting shredding and, of course, personal property (workout bags, backpacks, purses, wallets, guns, desks, cellphones, blackberries, laptops, etc.) where prison inmates have access to them.
The "trustees" must have thought they'd died and gone to heaven: the pickings were ripe in the department. Hell, they even gave the trustees the entry codes for the electronic door locks!
Anyway, this lasted about a week until someone pointed out that, to work in IT, a person had to undergo a complete background check, including proctoscoping of all grandparents deceased or not, prior to entering the IT work area . Hizzoner the Mayor reversed his decision to use trustees as janitors.
They never changed the electronic door lock codes, though.
They are just afraid someone will find all the pr0n!
I've noticed when people get booted out of offices into cubes there's a tendency to feel like they've been demoted. The security issue is digging fairly deep for a thin excuse to cover bruised feelings. You document to the higher ups how a lack of physical security threatens network security, that programmers working in noisy spaces are less productive, then move on. You've covered your ass, now play the hand you've been dealt. And, just a note of sympathy, working in cubicles does absolutely suck ass.
Here's what a group of us working on a development project did under very similar circumstances. Instead of letting them put us in the cubical farm we found part of the warehouse sectioned off with chain link fence and put our cube walls around the inside of one side and white boards along the outside of the opposite side, leaving the inside completely open. Instead of desks we used some rolling tables the warehouse people had left over and hauled in sofas and a loveseat we salvaged from the garbage pickup. We hooked up a TV in one corner, had a frig and microwave and even enough room outside the fence for a basketball hoop.
That was, by far, the best work space I've ever worked in. We were comfortable, headphones could block out the warehouse forklift traffic (and as a bonus the phones) and visitors had to clatter the latch on the chain link fence to get in. Not only did we finish the job on schedule but by the end of the project I could drain a 15 foot jumper with my eyes closed. I noticed we would be there very late at night. Sometimes working, sometimes playing netrek, sometimes because we fell asleep on the couch. Rarely were we in a big hurry to get out. It was comfortable if a bit drafty in the winter when they were loading/unloading but tolerable.
It really got me thinking about the whole concept of an office and what it should be like. Cubicles should be packaged up and shipped overseas to terrorist organizations. That would be guaranteed to kill any passion and smother any ambition they happen to have. That warehouse space was open, comfortable and encouraged more interaction between the project team. It wasn't private, but that wasn't a big handicap to productivity. We were actually more productive in the relaxed atmosphere.
If I ever start another company, that's just what it's going to be like. Not the first one to have an office like that. I got the idea from Chiat Day. Don't know if it's still like that but their office in Seattle used to be open with rolling tables and couches instead of traditional business furniture.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
4. PROFIT!!!
--tUrBzY
I've never seen an office that isn't completely open plan. I work on sensitive government projects (RESTRICTED in the Official Secrets Act sense) and my desk is accessible to anyone who gets in through the front doors. (2 of, plus building security and office reception, but still)
So the network admins have been moved out of their offices? Cry me a river, and welcome to the 21st century along with the rest of us.
It's official. Most of you are morons.
I have worked in quite a few companies and not once has anyone short of management levels had a locking office. Suck it up and get a life.
Myself? I am not a network admin, I am the DA and a DBA for a fortune 500. I can not only reach all the data in the company, I can change it. Your silly little network passwords are no good unless *I* grant you database access.
Sleep, eat and live 24/7 at the desk with the pc that needs to be protected.
Kaetemi
You definitely want to have your own room. If someone were to view the post-it note taped to your monitor with all the root passwords, the consequences would be disastrous.
There's no good reason why professionals like sys admins and software engineers should be working in cubicles. It's not a suitable work environment and it's disrespectful for a company to ask you to work in such an environment. I'll bet the managers still have private offices, no? So tell me, why should they work in offices and not everybody else?
Companies have this false economy in mind when they do this crap, they think they're saving money. But they fail to account for the lost productivity - not to mention security concerns, as pointed out by the OP.
// TODO: Insert Cool Sig
They hide me.
Having been a Network and Systems Administrator, I agree that this is an obvious breach in security. The only specific information I can offer is that you need to nip this bad IT practice in the bud by protecting yourself. My suggestion is that you assess the overall committment to quality your employer has. I have a procedure that I've used in the past for measuring that. You need to do a regular "check-up" on your situation in an objective manner. If the situation gets bad, start looking for work elsewhere. It's not your job to fix a shop you don't run. If you can't force your company to implement a good security practice, you are then obviously not running the show.
Sometimes a situation for an admin can get horrible. However, this kind of job attracts tenacious problem solvers that just won't quit. It's kind of like boiling a frog. If you drop a frog in boiling water, he'll immediately jump out. But if you put him in warm water and turn up the heat slowly, he'll get cooked before he knows it. Being in a bad situation can warp your perspective and drag you down, interfering with your ability to stay focused on a search for another job.
Bad IT practices are *rampant*. Don't get caught up in it... Guard your sanity. Measure your situation objectively and regularly. Also make sure to save, save, save your money so that if the situation gets really bad, you can simply quit (with a believable excuse other than a simple "screw you") and have the financial resources to do so. The thing that made the situation go really bad (i.e. a new boss from hell) may be rectified soon (i.e. he gets fired) and then you could go back or at least make use of a good reference from someone else in the company. Email me requesting more information and I'll help you by forwarding to you the quality-measuring procedure I've developed.
If you're that worried about people standing behind you and looking over your shoulder, get a concave mirror and stick it on the shelf / wall right next to your pc - that way you can easily see if someone sneaks up behind you.
The people at my work use this quite effectively
I'm a Computer Science major but my concentration is Information Assurance and Security.
There are a lot of bad ideas here from people who obviously think that they understand security. When it comes to security someone saying that something is possible should raise an eyebrow, and someone saying that something is impossible should be ignored.
Give me physical access to a computer of an IT staff member who has reasonable levels of access and I will be able to compromise the entire network; period.
If I have physical access to a computer it is mine, and short of physically stopping me there is nothing you can do to prevent me from having complete access to that computer.
Imagine this, if you will:
I have a motive to gain complete control over the network. Be it that I'm a disgruntled employee, looking to profit, or simply wanting to get some dirt on someone I don't like... for some reason I want to get complete control of the network.
Why would I sit down at the computer and work on it for long when there is a risk of being caught?
Instead I bring a bootable utility disk, an external hard drive, and boot up an environment that will let me create a bit-stream image of the entire disk and save it to my external drive.
It takes me about 30 to 120 seconds to set this up, maybe a few extra min if I need to reset the BIOS (but this is an IT staff workstation, I'm sure the lazy IT employee just has his workstation set to boot off the CD already...)
So I go away for an hour or two, come back, retrieve my external HD and there is no way to detect I ever accessed that disk.
Later, I perform an analysis of the disk image looking in file slack, ram slack, and deleted files... what do I find? Sensitive conversations, documents, encryption keys, and passwords: jackpot. That's right, I don't care if you save everything off on a network drive, if your workstation has a hard disk chances are that most of the information I need is hidden on it (especially true on Windows workstations and NTFS file systems).
Not only did I just get all the "keys" to your precious network, but I also got myself an exact copy of that computers configuration so I can replicate it if I need to, and I did it so fast that you won't even realize there is a problem.
How long did this take me? About 5 min of access to the computer, with some down time where I was away doing something else (gee, Mr. Janitor can do this can't he?) in between.
So you see, this idea of storing "sensitive" data only on the network is bunk. You created a $50,000 lock that I can pick with a 5 cent pen, congratulations, your CEO must be proud.
Any, and I stress this: Any computer terminal that is not physically secured should be a diskless workstation. People underestimate the value in thin client computing. From a security standpoint you should treat every hard disk that has ever been in a computer that has accessed sensitive information, even once, as a copy of that information. This includes documents viewed, passwords entered, etc. In other words: every hard disk in your organization.
I guess I'll mention it now for those of you who can't read between the lines: Do you ever throw out old hard drives? What information was on them? What information is still on them? Every time a computer hard disk comes into contact with IT, it should be whipped thoroughly with multiple passes of random data (to avoid data recovery though forensics techniques). I recommend at least the American DoD 5220-22.M Standard Wipe. There are Free Software tools available to do this, such as DBAN.
So are cubicles a bad idea for IT staff computers? I think the answer to that is obvious. The real question here is: Is the benefit to having workstations with hard disks worth the extra security concerns they present? If you deal in sensitive information, you want to be very sure that every computer with a hard disk is physically secure.
I mean really, its not like network admin staff have administrative access to the entire IT infrastructure. Who cares if any random Joe can walk by the cube farm and look at potentially confidential information?
Get a clue dumbass, this is the same reason people who deal with confidential financial info aren't in open cube farms.
Shortly before I came to work where I am now, they let the SysAdmins share a room that could lock. That's where they were when I joined up.
Several months later, we were moved into the extention to the cube farm. There are only two things that we miss to not having walls around us: The ability to control the lighting (we liked it dark in the "cave"), and the ability to talk candidly about users' requests. In the open, we can't discuss things that we don't want (or need) the users hearing. We have to schedule a conference room.
Would I like to have the "cave" back? Yeah, but we can't all fit in there any more (we have since added to the group, and there's no room for the number we have). It is more a convenience than anything.
When we leave for the day, we take our laptop with us. There really isn't much of a security problem.
When politicians are involved, everyone loses.
I've never known an IT department that rated their own offices. NOC and server room, that's one thing, but not administrator workstations.
If you're not password-protecting your screens when you leave your desk, and taking other simple security measures, the security problem is your IT dept's dependency on walls, not your management.
Terrorists can attack freedom, but only Congress can destroy it.
no chance to browse pr0n etc
---- Put Sig here:
Here kitty kitty kitty.. Nice kitty... Where's that dammed cat?
ROWR!
Who let the cougar in?!
*runs*
First rule of holes; When in one, stop digging.
due to classical management still running a majority of corportations and wanting to move everyone into cubicals to save on expenses, there is no such thing as privacy anymore. Not unless you are an executive or some other valuable employee or manager that can have a private office as a perk.
Privacy on a Windows machine open to anyone in the public office or on the Internet also does not exist.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I work for a medium sized consulting firm in a major metro area. We don't have desks in the office at all. Of course, we're so rarely there that it hardly matters. Our offices are at our homes. We work from there--and at our client sites. Most of our clients don't even have physical security. I have seen servers in kitchens, in copy rooms, even sitting right next to the receptionist desk as you walk in the door.
Security? what's that? That seems to be how its' handled anymore.
In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
What happened to etiquette in the workplace? Never mind security, respect for others is even more important. Hell, if everyone had respect for each others' humanity and right to live, we wouldn't NEED security.
Anyway:
Shoulder surfing = bad.
Someone is entering a password? Turn around and look away; even if you have a right to know it. It's just plain rude to watch someone type in a password.
We handle IT for several companies of 30 to 50 employees, and when users enter passwords, or when I have them create passwords for their accounts, I look away and ask them to type in a password(meeting n or x spec) and ask them to not share their password with anyone, and to not write it down but to memorize it.
Now, I have all the admin passwords, but I do not have the managers' passwords. I only know the passwords I need to know for a job. If I need to log into a user's account, I ask the user to log in for me, or I change the password, log in, do what I need to do, log out, and ask them to change the password again.
In a pinch I occasionally need to log in as one of the managers - in those rare cases (where I need to get the password over the telephone or whatever) as soon as I am finished I ask the manager to change the password.
I don't know other people's passwords (well, outside of my own company anyway) and I do not WANT to know their passwords. It's just plain rude, not even taking security issues into account.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
You have several issues to contend with.
* physical security of the PC
This can be handled by either hardening your PC, putting it in a locked cabinet, or using your PC only as a thin client, with your "real" machine locked up somewhere.
*physical security of the cubicle
People may sneak in to install keystroke-recording devices, replace keyboard with keyboard that are bugged, or install other snooping devices in the cubicle farm
* physical security of your network
You may or may not have an issue with people installing a hidden tap into your network to snarf data that might be sent in the clear. If this is a problem, make sure your network communications are all encrypted.
* shoulder-surfing as you type
Isolating the admin cube farm from the rest of the workers and having guests badge in should help. At the very least, put up an opaque barrier.
* people walking by watching your screens
Isolation or an opaque barrier is best, but privacy screens on the monitors might be adequate
* high-tech remote survellance
Devices that can read your screen or listen to you type from across the room are beyond the scope of this post.
Do a risk assessment for everything above and anything else you can think of, decide which risks are serious enough to do anything about, and price out several ways to mitigate the risk.
Take the two least-expensive risk-mitigation plans to the powers-that-be. Be sure to point out any ancilliary benefits that a particular solution might have, particularly if that solution is not the cheapest one available.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Imagine:
/. and used that.
You're the IT guy at an advertising firm, that deals in multiple levels of security, not only with the ads that are being developed for both pitches and production, but on-going projects dealing with medical-reporting sites and such. (BTW, I was a designer there, too, wearing two hats.)
Now where do you position the office of such a person in a normal office? You have four servers, dealing with everything from firewall to viruses to file-sharing to accounting... in a back room, with a lockable door? In a relatively inaccessable location?
My office wasn't. It was protected from the lobby by a half-height partition that housed the office fax machine and copier, and faced the lobby (due to physical limitations of space) with my monitor facing any and all visitors/intruders/potential clients/even more potential design lurkers that were seated in our gorgeous, but unfortunately limitedly-sized visitor-seating location. The result? What was on my screen was usually what they were looking at, rather that the medical journals scattered on the table before them.
If ANYONE can think of a more insecure location, let me add that the servers were all housed immediately behind me, the routers and switches were in the office kitchen, and if they were coffee-stained only, I counted it a good week, and I was caught between having people see what IT duties I was doing, and what design work I was caught up in. In other words, the workopolis.com "boss-emergency-page" was something I came up with before the site even launched... except it was an "EVERYBODY-emergency-page". I took a screen-shot of
Need I say more?
When the going gets weird, the weird turn pro. ~~ Hunter S. Thompson
It was a condition of employment. No office - good by!
Programmers can't function efficiently without an office. I would say the same goes for sysadmins. Salesmen can get along without an office - but not technical people who need to concentrate
...Should consider himself lucky! Space is at a premium EVERYWHERE and if you're lucky enough to have an office, you should hold onto it as tight as you can! I've been stuck in a cube FOREVER and it sucks. Our company doesn't have remotely enough space for our employees, so as a result we're almost all in cubes. If I thought it would help I'd threaten to resign, but we have managers and directors in cubes, so a Network Admin would get laughed out of the neighborhood for asking for an office in our context. OF course, if we moved the sales people to home offices we'd have half-dozen available private offices. But if that happened, the nine days per month they're in the building they wouldn't have anywhere to sit. It never occurs to anybody to setup half-dozen cubes for roving sales-people? Not to anybody who can make the decision, apparently...
Who did what now?
I'd comply with your request. I'd clean out the janitorial closet and stick your ass in there and take away all disk drives and usb ports. And I'd give you a nice fat padlock for the door. That way the information can stay 'secure' and you can proceed with being the miserable cretin you are. You'd make a good senator, really.
My cubicle faces a window, so I took down the wall and replaced it with a half-height wall, put up shelves, and started filling them with live plants. After a few years, I've grown some plants that I'm pretty proud of.
Well, the janitors would occasionally knock over a plant, break it, and leave it, the broken pot, and all of the dirt right in the middle of the walkway. What a helpful bunch. One day, I looked over at a pile of spare stuff, and saw a $10 webcam, so I bought a long USB extension cable. Some double-sided tape fixed the camera to the wall, and the USB cable ran inconspicously up into the ceiling, then back down in my cubicle. A nifty little program called MVC does the motion detection.
Once I put the camera up, incidents like that completely stopped. That was I hoped for, so I don't even bother looking at the recorded files - just having a camera with an LED that comes on when I'm not there is enough to keep people honest.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
ting
NOAH
What?
I want you to build me an office.
Right. What's an office?
Yeah... I finally gave up and moved into the server room. It cut down on drop-by visits AND phone calls. Plus, the company will be paying me soon to cover the cost of my new hearing aids. Everyone's happy. Well, except the moron who used to be in the next cube over that didn't know how to clear his cache...
Jeez, kid, come back when you've got a job in the real world.
The "powers that be" are on the verge of kicking our networking gear out of a 25x20 room and putting it all in cabinets on the computer room floor. I currently count on the fact that I have room security to protect routers, switches and firewalls. Plus all my monitoring gear and my lab. I have told the big-wigs, in meetings now, that we will be losing our physical security. It is falling on deaf ears. All they hear is that Im taking up 500 sq ft of precious room space.
I guess my only 2 choices are to 1). do what they want, after all they run the place, not me, or 2). bring a gun to work and hold my room hostage from these idiots.
If the bosses want you to do it, all you can do is document the ramifications and heed to their will. Oh, and do your best to cover your butt in case things get ugly!
I understand your frustration, but yellow stickers with root passwords attached to your monitor must go.
Elitist shithead.
And locking documents in your drawers?
A lot of admin types are in the 'sea of cubes' and get by just fine with security.
If you think a office door will secure you, give me 15 seconds with a rake and tension wrench. ( if you have to ask, go look it up )
---- Booth was a patriot ----
2if your job involves any codeing then your productivity will go way down hill in an open plan type space ... (far to much noise)
... I had a similar battle early this year some of the above helped.
As has already been discussed your physical security is now wide open, walk off with that HD that has the boss's info backed up on it?
Software disks install No's stuff that your company now pays thousands for are much more accessible to the light fingered.
Good luck with hanging on to your office
I haven't had an office in 10 years! Not since getting a high paying job for one of the Fortune 100. Nothing but cubicles for as far as the eye can see! Office space is reserved on the outer perimeter where the windows are. Anyone with an office is a manager of at least 100 people. If they have a corner office then they have those managers reporting to them and they are ultimately responsible for several hundred employees. Were it not for the skylights there would be no sunlight in the cubical farm. The good thing is conference rooms are on the outer wall as well so you can kinda stare out the window during boring meetings.
IT people are in cubicles and have been for at least 20 years. The servers are locked up in secured environmentally controlled data centers. You wouldn't want to work there, it sucks typing when your hands are freezing. The noise of the cooling fans and air conditioning is pretty darn loud too.
Due to Sarbanes/Oxley the customer data is secured to such a ridiculous degree that the IT staff doesn't have access to production data anymore! Yeah, that's right, the IT staff cannot see production data! When there is a problem we have to request a special temporary user name that expires in like 8 eight hours. That id is issued to you and the password is reset. You then use that account to examine the production system. Everything that account sees or does is logged extensively. When you are done, you give the account back and it's reset. If you forget, it will expire soon enough. Those with access to issue the accounts and reset them are at the highest levels of security and are located in our mainframe operations center where they are under constant surveillance including by closed circuit digital cameras. These guys have to go through several card access points to reach the data center. They are not even in cubicles but what looks like a college lecture hall of desks on stepped risers with projection screens on the main wall. Looks like a NASA control center. This helps a lot in major outages to have all the experts in the same room.
The call center staff obviously has access to production client data because they need to. But that doesn't mean they aren't being watched all the time. Every read is logged and if it's found that they should not be reading that customers data at that time, they will be caught. Random audits are performed constantly. We have a special investigations team which is constantly on the lookout for potential fraudsters, etc.
Security performs periodic physical security audits. i.e. going around looking for people who keep their ID/Passwords under their keyboards or on post-it notes; leaving their desks unlocked, leaving confidential information out in the open, etc. This happens at night after most people go home.
Cell phones with cameras and USB devices are forbidden in some places. The call center computers USB ports have been filled with an insulating epoxy from a hot glue gun. Of course that doesn't stop someone from writing down notes and sticking it in their pants. I mean if Sandy Berger can enter the national archives and stuff top secret documents down his pants and walk right out then so can a call center employee who makes less then $15 / hour. What the hot glue in the USB / Firewire slot does is stop someone from moving gigabytes of data out the door in one move. There are also no CD/DVD burners in the call center for the same reason.
Arguing security isn't a good thing, it will just lead to a security crackdown that isn't going to stop someone whose diligent and determined. It will just inconvenience you further... Take a look at those 4 Chinese Spies they just caught in California! They worked for defense contractors and gave away military secrets to the Chinese. I mean if we can't stop our military secrets from walking how can we stop everyday business data theft and industrial or corporate espionage?
I partially solved this problem with a wide angle rear view mirror on top of my monitor. It was made by Wink for autos.
Not the best solution but I could see behind me.
The best argument I've heard for real offices is that they should be allocated to people who need privacy OR quiet to do their work. With all due respect to secretaries, the last thing you need is a secretary playing some music that drives you insane when you're trying to work out the deep implications of some program code or security issue.
Oh, and the corollary I meant to include in that is that offices should not be allocated for the purposes of prestige. If highly paid employees get an office for the sake of their vanity, when they're actually not even in the building much, and when they are, they're talking to people in plain sight, while IT guys who need to think are dealing with cleaners vacuuming around them, then I think that says something about the kind of company you're working for.
I have recently hired on at a large corporation with a powerful IT department. There is a draconian, yet vague, policy forbidding nearly everything, especially "viewing of inappropriate material" and "use for personal gain". People have been known to be summarilly fired for "viewing of inappropriate material". At the bottom of this statement is the sentence: "Reasonable personal use is allowed." Whatever that might mean, it is certain that everything one does at a company computer is being watched by a hidden cadre of judgmental IT folks, who are never seen, and whose identity is unknown (they are at corporate headquarters, I presume). It is true, of course, that all the equipment belongs to the company, so the company can say what we can do with it. Nonetheless, if the "hostile work environment" catch phrase we hear frequently around here means anything, it must include this sort of thing.
Where I work, they just decided to implement a program that monitors computer activity right down to how long you have a specific application open (yes, Mr. Brown has been using MS Word for 37 minutes). It even includes keylogging, which is especially troubling in a municipality with open records requirements.
Clerk: May I help you?
Joe Resident: Yes, I'd like to see the keylogs for John Employee from January 1st until now.
Clerk: Would you like to pay with cash or check?
Beautiful, it is. And I thought the recent installation of video cameras was invasive.
First - sales is Manager, manager better. If you are IT, you are fucked. Remember this kids, don't do IT.
... unless their precious outlook doesn't get any mail anymore ...
So but back to real. Our company just is in the works of passing the "P-Mark", the japanese privacy mark for the new law in Japan for all kind of private documents. That puts necessary locks outside of office and server rooms, no access to any kind of public documents, and the IT area which was before very public (anybody who knows japanese offices, knows there are no cublices, there are just tiny desks. Anyway, its always mandatory to lock your PC if you go away, and even if you sit in a cublice, put a polarizer in front of your monitor and put it in an angle that nobody can stand right behind you.
But, as seen in my first sentence, the IT always get the worst and no one in management even wastes a second on thinking how viable the IT is
"Freiheit ist immer auch die Freiheit des Andersdenkenden" - Rosa Luxemburg, 1871 - 1919
It would take me about 2 minutes to put a hardware keylogger on the back of your workstation between the keyboard and its connection if it is generally accessible. Maybe you'd notice it. Maybe you wouldn't. But if I can get to your computer, I can get to everything in it.
Whiners. Don't they log off? Don't these IT "experts" know how to secure their workstations. I find it difficult to believe that network security is compromised because some little pussy doesn't get a persoal office.
.....I work in academia. Sure, sometimes the money doesn't measure up to Corporate America (tm). But this corporate-mindset just doesn't exist. Everyone gets an office, from the department chairman to the lowliest administrative associate. A cube farm would never even be considered. The worst that happens is two people, usually clerical, might be forced to share a single large office.......
--- "Maybe you can interface with my ass. By biting it."
I haven't worked there in a few years, but that was the goal. It doesn't quite work out that way, however. Most people do have their own office, but there are a few cubie farms - mostly in "off campus" buildings, but it happens on campus to a lesser extent.
In terms of the productivity argument, that holds a little more water. It still depends on the maturity level of the person in question, though. Give some hot-shot kid with zero professional experience an office with a door, and watch his productivity soar. Provided you count the number of slashdot posts, and hours spent on Myspace as productivity. In the case of a mature person, an office would probably increase their level of productivity. But if they are that mature, they probably have the ability to sack up, and get their job done in the face of such arduous conditions as being forced to sit in a cubicle.
Someone mentioned that the cost of cubicles is actually not much (or at all) less than that of giving people their own office. I find that pretty suspect, but we'll assume that to be true for the moment. Can someone clear up how this doesn't simply take up more floor space that may not even be available? Is floor space being taken into account in the cost analysis? I would think that if you have to construct a whole new building for every 30 people you hire, you're probably going to save a couple of bucks in just building up a cube city.
I agree that there is probably a degree of management elitism in most cases, that keeps the peons in their cubes, and the Directors in their offices, but oh well. Suck it up, and get your job done, or go find a new one. Apparently you weren't so distracted by your co-workers that you couldn't post an inane story on Slashdot.
This is my sig. There are many like it, but this one is mine...
If it counts for anything, I've learned a great deal just from reading the replies to this post. Currently, I'm a CIS major, and I've learned some stuff here (though Window-key + L has been a favorite of mine at home to protect from an overly-curious parent or sibling,) from reading. I think I can sympathise with the origional post on the concentration issue. I have ADD and am paying an extra $120 a semester to have my own dorm room. (That suppliment was the cheapest out of the 6 schools I applied to, though.) I'm actually rather petrified about concentrating in a cube-town, but I've read some very helpful things here that will at least help me address security concerns, regardless of how private or sensetive whatever stuff I'm putzing with is. [/2 cents]
Just leave on the top of your desk a printout of all of the porn sites that your boss has been visiting with his name printed in bold at the top of each page. After that filters up the food chain, just tell him that you need a place with a bit more privacy to do your work.
Oh, and if that doesn't work out too well, you may want to begin to update your resume at the same time...
Somehow I'm supposed to do software development in the middle of this. Why do so few companies understand that programmers need QUIET in order to do a good job?
http://www.tshirthell.com/images/contestpics/a249_ 003.jpg
every day http://en.wikipedia.org/wiki/Special:Random
security : computer security is obvious if you are a tech, for the paperwork: bigassed steel locker, with shared, and private lockers.
....
stalking: I hate it when people read my screen. Have no secrets with my wife (hey she even knows that sometimes I visit "explicit sexual content" sites) but still I get upset if I find her staring into my screen -> let's face it, if there is a screen with something interesting YOU WILL look at it
now here is the solution : rearrange the room, that no one can get behind you without you noticing it.
Use a webcam, a mirror (chimp ? ) if not possible otherwise.
You can complain (to reason the rearrangement) about noise, radiation, bad karma, bad lighting, your colleagues armpit, claustrophoby or whatever else. Be sure not to look like a wussy, but to give a reason why you have to face TO THE DIRECTION of incoming threats -> bad company stalking up on you.
Honestly, I cannot work in the corner, with my back and motinors exposed to the middle of the room (unless I am alone or someone really trusted). No I am not paranoid, I guess it is just some instinct that protects us and animals for many years from whatever or whoever getting behind us....
Personally, I think a pretty solid answer to the problems of security and productivity lies in telecommuting, provided you plan out your security model appropriately. The odds are I have ADD, as well. I've never been officially diagnosed, but that's because I've never tried - I'm one of those jerks that thinks a little self-control will solve the whole problem - despite having been proved wrong on countless occasions ;)
I currently have a private office, which certainly helps the productivity out in my case. There are certain things I do at home to maintain concentration, that just wouldn't be acceptable in the workplace. Chain smoking, for example. Yes, I realize I should come up with a less cancerous method, but my point is you have far more options available to you in terms of maintaining a quiet, productive work environment if you're in complete control over that environment. I don't have any figures to back me up here, but I would assume that putting together a solid telecommuting infrastructure would be far more cost effective than dishing out an office to every Tech Support rep, over the long haul.
The question posed in the story was 'Do IT professionals need private offices?'. I would answer a resounding 'No' to that. There are individuals who would benefit from it, but to make the claim that every IT professional needs an office of their own, and to try to back that up with the argument that a door is somehow going to magically grant you complete data security is bone-headed and whiny.
And just so I don't sound like an elitist whiner myself, I'll point out that I do have a private office right this minute, but it's the first time that's ever been the case in almost 10 years of IT work, and I wouldn't be surprised to find myself sitting in a cubicle again, if the company continues to grow at its current pace.
This is my sig. There are many like it, but this one is mine...
Any firm not using some kind of dynamic passwords deserves any pain they get.
IANAL but write like a drunk one.
Owning a computer says nothing about what you can do.
If you own a workstation in a properly secured network, frankly you have control over Solitaire on that machine and that is pretty much it.
If you own a computer that is running your LDAP server or a DB server with client information, then, heck, yes, you are a threat.
Context is everything, unsurprisignly somebody that obviously makes a living as a security consultant paints this doomesday scenario of owning a frigging PC.
Security is a balance between safety and convenience. You can't make everything 100% safe because it would become 0% convenient and completely improductive to use. You can't make something 100% convenient to use because then it becomes 0% safe.
The context should tell you where to strike the balance.
Do you handle a miltary facility that controls nuclear missiles? Well, life as a user should be painful: passwords, biometrics, encryption, clearances, double checks, etc. will be terms you eat day in day out.
Do you handle your local football league? Made a backup to CD of your database and keep it off site. That is it, Don't lose sleep.
IANAL but write like a drunk one.
.... but nowadays in no serious company I have worked with will you have a chance to do anything of what you are saying.
Nowadays the real threat is from insiders that already have access to the information the company wishes to protect. Your mythical janitor is the stuff of bad movies, not of normal day to day work.
IANAL but write like a drunk one.
laptops and hard disks behind a flimsy office lock being talked as "secure"?????
You know nothing about security.
That is ok, we are not all experts in all different fields, but you are a danger to your organization.
IANAL but write like a drunk one.
I want to see how they defeat dynamic passwords also.
IANAL but write like a drunk one.
... or your company does not have the means to implement proper solutions.
Which application requires those levels of access?
If that is the case why are you still using it?
If you are in a regultaed industry how have you managed to pass audits? Are you bribing the auditors?
IANAL but write like a drunk one.
I have worked for 4 different top 100 companies in 3 different continents.
In all of them the DBAs depended on the goodwill of the SAs.
And malicious SAs could supplant DBAs more easily than the other way around.
Honestly. I almost feel like hugging you.
IANAL but write like a drunk one.
A big factor is the security requirements of the data you're protecting. A manufacturing company's security needs are not the same as the NSA or as a small retail shop. If your organization has a security person or team who has the CIO / IT manager's ear they should be able to have a dialog about the acceptable levels of risk.
Yes, my only tool is a hammer. And you're starting to look like a nail.
This will require some patience and planning on your part, but should be emminently do-able.
1) Wait until you have some sensitive news that needs to be either distributed to the company as a whole on a specific date (buy-out, merger, lay-off, etc.) or posted on the company web site, etc. or something like an email from the married CEO to his girlfriend/secretary (you get the idea here).
2) Be sure to have one of your nosy users to come and see you for something trivial, like a password reset. If they're that nosy, they probably also gossip as well, so having the information leaked "early" won't be an issue. If you think it might be, swear the user to secrecy - this will ensure that they tell at least 5 people on their way back to their cubicle.
3) Have the sensitive information on your screen when they arrive.
4) Sit back and watch the fireworks...
2 cents,
Queen B
HDGary secures my bank
I have multiple computers on multiple sites with multiple login accounts.
Simplest answer to security. I don't and can't do some of my work at one of the systems, simply because I locked myself out. There is some stuff which gets emailed to me that I do have to review and send back, but for a bulk of the time, anything like that we are discusinng is printed and not electronic. If it is electronic, I can only review it and work on it from a secured location using a differnt login account.
Having a system in the computer room for you to access when you have to do secure work won't be a problem for your bosses if it's that much of a risk. You really have to weigh it up, how much of your work do you do that truly is that concerning? I doubt it will be more than a small section of your day to day job. If it's bigger than that, then inform your bosses of the security risk and go from there.
Curiosity was framed; ignorance killed the cat. -- Author unknown
I'm an exec in a small software company. (We currently have about 35 people, of which 25 are programmers.) All five execs have offices. Each of us have 25+ years of programming experience. We worked our way up into management and yes, we all started from cubes. (And by the way, four of the five of us, including me, still code 20+ hours a week.)
We are in the midst of a boom in our business and are hiring so many people that we are just plain out of space. We will have the option to double our space in about 2 years when the tenants on the floor below us have their leases expire and we can kick them out.
Until then, we are tearing down cube walls and combining people into working 3-people per cube. It is not pretty. Productivity is lost. People are not happy. We know this. So now, almost everyone has i-pods and the earpieces come out only when answering support calls or when meeting with peers to solve a problem. I know it is not fashionable on /. to empathize with management, but sometimes even the bastards are not being bastards.
I love it when someone thinks we can just snap our fingers and make a new office appear and old lease contract obligations disappear.
Then again, they all have good paying jobs and the programmers we are hiring tell us the salaries we are offering are generally as good or better than wherever they were coming from.
Maybe instead of hiring all of these "inconvenient" people, we should just finally take the plunge and outsource to... I don't know..... INDIA? (Boo! Bwa hahahahahah..... Whiners now curl up into the fetal position and start rapid thumb sucking.)
In two years, the staff will have either offices or tall (8') cubicles with walls and doors, if all goes as planned. Our current plan is to return to the 10% to 15% annualized growth we had for ONE HUNDRED CONSECUTIVE QUARTERS. (Yes, we really did.) At that time, we will also pick up an option on the floor two levels below us for future expansion.
However, god bless us and EXCUUUUUSE ME (apologies to Steve Martin,) if we get so lucky that our sales forecast is so wrong that we have to unexpectedly double our staff AGAIN and enable more people to afford homes, cars, and Legos(r) they pretend are for their children. If that happens, I will again empathize with people who may again lose their offices and even cubes. But not so much.
I guess my ID is not managerialslime for nothing.
Live Long and Prosper - Thanks Leonard. You are missed.
Our IT dept convinvced the higher-ups that they needed to be behind locked doors for security purposes. So they all got their own private offices with locking doors.
Well no, they didn't. They all got moved into a conference room that was converted to the IT area. A bunch of cubes were crammed in there, supplementery A/C, and some nice thick doors with punch-button locks. No windows, of course.
Now they have to punch in a code every time they want to enter their work area. They have to get up and open the door every time someone from outside IT needs to come in. The cleaning crew is only allowed in when one of them is present, so one of them has to stay late one day a week so that the floor gets vacuumed and the trash emptied.
In other words, the security you want may not be the security that you get.
It's the land of the brave, and the home of the free
Where the less you know, the better off you'll be.
I had a very similar experience. I was acting IT Manager for 10 months last year. Due to adding other members to the team and the possibility that I would fill the position, I was moved out of our secure lab to a lockable office. I was not chosen for the position and was summarily dumped out into a cube next to our developers. I had no issues about the loss of physical security nor privacy, but I did voice my concern of people being able to see my screens or over my cube wall while I may be working on sensative files (finance, HR, executive initiatives, etc.). Now I simply have to work in a paranoid fashion: always watching over my shoulder and constantly hitting Ctrl-Alt-Del if I'm on a project and someone walks into my cube.
There is hope that our lab may be expanded and I'll be able to be in a secure location again, but I'm not holding my breath.
Despite the obvious security issues, there are the misunderstandings as several clueless replies indicate here. Just because I have an article from Slashdot, Yahoo or Tom's Hardware open does not indicate I'm not working. It is in the nature of our job to keep up on technology, to understand how other technologies may indirectly affect our systems or (as often happens with me) the CEO has asked me to look up something on large LCD screens, digital cameras or possibly gifts for his family, all of which look like play to the average user.
I typically get a chuckle from users who think I'm wasting time because I realize that indicates guilt: if they could be surfing the web and wasting time, they would.
I can only suggest what I do and what others have suggested: 1) keep a clean desk 2) lock up everything 3) watch over your shoulder (get a rear-view mirror)
Good luck.
I work for a fortune 500 company, in product development. We deal with not just stuff that could get employeees compromised, but whole goverments, and millitary systems. I work in a cube, with half height sides, and have sensative data on my PC. But my PC is secured in a safe like box, where I put all my sensative paperwork and the likes. I mean, securing a cubicle isnt hard, if the main building itself is secure, I mean as long as you lock your workstation, and have good building security your fine.
As a matter of priority, and importance, the IT dept is the mind of the organization. It tracks past, present and future activities. This makes the IT dept a direct junior to management, and above the rest of the organization.
This also gives you more responsibility, and as a result you fall harder than a normal employee if you mess up.
As a matter of importance, you are as important as you help others...
My company has us in a cave. No windows. Water seeps in under the door and brings in dust with it when it rains. There's a pool room in the same building separated by afro-engineered walls. So, 35+ hours a week, my guys are breathing chlorine. All will be right, however. An OSHA rep said this will be a field day for them.
Chewbacon
The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.