Slashdot Mirror
1 In 3 Sysadmins Snoop On Colleagues
klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"
They probably have a life. It's pretty pathetic to have to get one's jollies snooping on others rather than actually doing something.
Great minds think alike; fools seldom differ.
According to that survey, 2 out of 3 sysadmins realize that spying in a CLI (career limiting move) if they get caught. That, and the whole ethics and honour thing, are why we are able to manage the confidential data without snooping.
Feed the need: Digitaladdiction.net
Someone needs to explain to them about using ssh-keygen to allow secure, password-less logins, and how write Expect scripts. That's how I handle changing the root passwords on the supercomputers that I manage (which undoubtedly have more nodes than that company has servers).
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
Marking this redundant would be redundant itself - I'm just chipping in my $0.02.
I very much have the ability to spy on my colleagues in my position in IT. There are inevitably times when I see personal data on people's PCs. But I don't snoop because it's really much easier that way.
You can rationalize this to not having time, being caught, having ethics, not having to hide something big or decide whether or not to, etc, but really they all factor in. It's just not worth the trouble and risk in general.
Thankfully where I work we have policies that prevent us from ever knowing user passwords, and various others to keep us from having too much control over their accounts in the wrong ways, or having to know things we don't need to.
Well, to be honest, it's never been an issue to me. Practice proper perimeter security and they'll never get in to the machines that they could damage.
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
They don't have access to the private keys of every server. Their public key is in their home directory on every server.
You just delete their account, or their authorized_keys file.
To be exact, a sample of 300 should have a sampling error of around 5.8% -- a reasonable accuracy. A sample of 40 should have a sampling error of around 15.7% -- maybe suggestive of general tendencies, but if this were the sampling error in this survey we'd have a small but significant possibility that the actual ratio is close to 1:1. These numbers assume the sample is truly random.
when polling organizations like Gallup conduct a survey, their sample sizes are often right around 1,000, and they are modeling the entire population of the US
Size of the population being sampled isn't much of a factor, really, unless the sample size is approaching the population size. I think there are way more than 300 sys admins, so population size doesn't play a role here.
more heterogeneous than the population of admins
It seems to me that that carries a prior assumption about the thing you are trying to measure, i.e., that you believe this characteristic correlates with factors that are known to be fairly homogeneous in the population of sys admins. That may be the case, but it would require independent confirmation if you want to base an argument on that correlation.
THIS! These people are obviously not busy enough, I have a multi-year backlog of backend projects let alone the stuff that the business adds on a quarterly basis.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
It doesn't apply to private companies.
I finally updated my sig, but now it's lame.
yeah the really expensive shell scripting kind
for host in `cat hosts.change`
do
ssh -t $host ssh-keygen -t dsa -f id_dsa.pub
done
man ssh-keygen to see how to do this while supplying the passphrases on the command line
end_sarcasm(&slashname3)
Seriously, I agree with you. I'm just not going to change the key files on and for > 2048 systems (regardless of how I can parallelize it) when I can just change the root password, disable their account and remote accesss, remove their keys, and call it a day.
There is no such thing as perfect security, especially if the person is smart enough (I've dealt with some people that thought they were smart enough, but weren't). IDSes and all other appropriate security measures help, but all what it takes is sweet-talking one night watchman or operator, and then finding a machine that you can boot off a CD (or replace the HDD), and you're in. Physical access is the greater threat than anything else.
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
I'm busy enough keeping our systems running and taking care of whatever issues our clients come up with. I don't have time to go snooping around for the fun of it.
"Work is the curse of the drinking classes." -Oscar Wilde
Only if you're an idiot who can't read the manual. See /etc/ssh/ssh_known_hosts. You put the new key into known hosts ahead of time, then you change the keys, then you remove the old key from known_hosts. No automated logins will have been broken.
yeah it's basically the same here, except it's "bugger we've run out of space... just do a search for mp3s avis and send an email to the offending user saying, 'you shouldn't have these files, we're getting rid of them'". It's not a malicous snooping, but it's then when you realise there's hundreds of gigs of data which is either duplicated or made up complete rubbish
Hello all, My name is Mark Fullbrook and I am the Director of Cyber-Ark for the UK. I'm the person that is quoted on what was originally meant to be a small localised press release but has turned (somewhat) into a global debate.
For those that are wondering about the conditions surrounding the survey, it took place at this years Infosecurity Europe Event in London. The survey was a face to face question and answer session with people who had confirmed that they were of administrator level or above. The survey, which was anonymous, consisted of a number of questions around administrative privileges and the transfer of highly sensitive information both within and between enterprises.
We, as a company, were not suprised by the results. In my role, I have the pleasure of dealing with a huge number of the worlds largest companies. I am always suprised at the desire to control adminstrative and privileged access, but I am often told that it is very difficult thing to do when you consider there are in many cases, more Privileged Identities than users!
For those who have mentioned that this is a survey by a company that "sells" a solution to the problem highlighted, then I plead guilty, but I hope that this does not bring the results into disrepute. If we had wanted to make an impact we could of used a LOT higher figure than 1 in 3! The results are a factual representation of what we found from this cross section of attendees of Europes largest IT Security event.
I welcome the thoughts of all of those Admins that have highlighted the need for honesty and integrity, you are of course, the majority. However, you will all admit that sometimes you have to protect from the minority and any solution (ours or someone elses) that can control and audit access for privileged users without impacting how they go about their job surely must be a good thing.
Please feel free to contact me via this response.
Many thanks
Mark Fullbrook