Slashdot Mirror
1 In 3 Sysadmins Snoop On Colleagues
klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"
It's a damned poor state of affairs that so many people put in that situation of trust betray it.
I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.
The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.
Do that, and suffer my wrath.
Check out my sysadmin blog!
I know a place where they have'nt changed the root/admin passwords in years. They have so many servers that it would be "a huge pain" (their words exactly) to change all the passwords. I wonder how much of a pain it would be for a former DBA or sysadmin to snoop around and start publicly posted how much everybody makes?
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
How exactly is reading another employee's email, or monitoring all of a user's web traffic (with out instruction to do so) going to help you in maintaining your domain?
Is being able to flip through the HR database and seeing everyone's pay rate going to make your network more secure?
And if your users learn of your snooping, is it going to be a boon to your company when either you are fired, or employees leave rather than be snooped on?
If you are snooping and you are looking at anything more than purely technical information, you are likely going over the bounds of ethical behavior if you don't have managerial backing.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
So in other words, a significant majority of sysadmins are honest. Given that they have "the keys to the kingdom" in the words of the article, that's pretty impressive.
Loose lips lose spit.
I don't snoop. Truth be told, I don't really care about anyone or what they're doing. Besides, most sysadmins are lazy. Good sysadmins do their best to automate as much as possible so they have to do as little as possible. Do you seriously think we want to create more work for ourselves?
Yeah, I definitely have done it. No matter how you define it.
/home
I CAN say that I have never logged into systems I wasn't allowed in, but I have
cd
and looked around.
However, I have never USED the information. I never really found anything incriminating, except TONS of porn. Hey, if you have a proxy server at work, all the porn you view is cached on the proxy. Our proxy used to show the file owner, ha ha, you are busted. I never busted anyone however, just backed up the porn to CDs and deleted it. Anyone want some old CDs?
Also, I used to work nights. If you just turned me down for a raise (poor-mouthing how bad the company is doing), do not leave your 6 month $14K bonus paperwork lying around on top of your desk. I was just delivering reports, but damn, I lost all respect for you. That is why I do not work for you anymore.
- I live the greatest adventure anyone could possibly desire. - Tosk the Hunted
As far as I know, sysadmins are bound by privacy laws.
And if those are the same laws that apply everywhere I've worked at, then it doesn't matter if they access my files or read my email.
As long as the info is not made public, used maliciously, discussed between colleges, then it doesn't matter.
It's not what you know, it's how you use it.
How do I know that the monkeys in Personnel aren't firing up my salary details or absence reports for the hell of it? Techies too have to trust people who have access to information just like they have to trust us. If someone is found to be abusing the access and earning some gain, action will be taken I'm sure. But overall it has to work on trust, or we'd all be drowning in audit trails.
Agreed. The "makes you wonder" comment makes you wonder about the professional ethics of the submitter.
There are three basic reasons why sysadmins don't snoop, in increasing order of importance:
1. It'd get you fired.
2. There isn't time in the day.
3. Basic bloody professional standards.
My institution recently underwent a long (very long) pay restructure. At about the point where things were finally settling down, the DBAs were hauled in and "reminded" that exposing or snooping through the resulting data would be a Bad Thing. My instant reaction was, "that's a fucking insult;" didn't think much of the middle-managers involved in passing on that message for not standing up for their staff. However, I think the reflection upon the personnel staff who issued the memo in the first place is that they are greasy, underhanded slime balls.
So no change there then.
I've been a sysadmin for ages (started on that track in the early 90s, so a good 15 years already), and can honestly say, I can't be arsed to snoop people. The only time the records are examined is when I'm officially requests to investigate at the behest of the directorate, with agreement of HR and if appropriate, the relevant unions.
Part of the reason being that I am too damn curious, except not in the "curtain twitcher" way of spying on people around you. I'm always probing the systems to see if they're happy or not, and seeing if I can tweak them to be more secure, or perform better.
I'm also happy with my illusions of them being pleasant, professional people with no hangups or problems (unless they enter the 'mates' category, in which case I either ask, or listen, or both). Saves a lot of friction, and lets me get on with what needs doing.
The biggest reason though, is that I think the world should be a better place than it is. I like my privacy, and think it's something valuable. Therefore, I show people the respect I think they should have, and politely decline to riffle through their private information. If I can't meet my responsibility for privacy, I have no business claiming the right.
There comes a point where it's asked "Who watches the watchers..".. And I'd have to say they're damn poor watchers if they can't watch themselves.
To be a sysadmin in a sizable environment, you need people on your side; you need them to trust you, and have a bit of faith in you.. Otherwise, the first big disaster that happens (and we all know they do, no matter how much you plan), you WILL be strung out to dry by everyone with an axe to grind, rather than having their support and help at the time you need it most.
Ok, here's the thing...
After you've flipped through dozens of inboxes and home directories as part of your job, you know how pointless it is to do it for fun. People are boring. They have boring mail. They have boring files.
See that "Preview" button?
Strictly from the P-O-V of a UNIX admin.
/. -- shutup :P) ::eyeroll::
1. 300 is too small a sample. Far too small.
2. No breakdown on size of shop per admin. My SA/server ratio is 1:100, which means very little time. (I MAKE time for
3. No breakdown on 'admin' roles. If this is a mom-pop-shop admin survey, then I guess it makes sense. Cisco riders can't touch a server in my shop. Neither can the Domain/AD Admins.
4. MSNBC? Now -theres- credibility.
5. These shops obviously don't log admin activity. Someone needs to watch the watchers.
6. I am not a snitch. I don't get paid to snitch.
7. auto_home FTW, baby!
8. 1 out of 3 survey topics are meaningless.
I've been a system administrator for about 10 years now and I've never really found snooping to be interesting. I even tend to look away when people type their passwords, open files with their personal finances or other information. I show them how to use encrypted FUSE file systems. In general, I don't care about someones personal files unless they're taking up too much space.
However, I should say, from time to time you stumble across "information that (is) not relevant to (your) role," unintentionally. That can't be helped, but it is possible to not abuse the situation.
I've sys admin'd for over a decade and can say that I've never intentionally spied on a colleague. However! I have stumbled onto quite a lot of unusual and interesting things. Some of these things I chose to ignore, some I reported, and some I think might have even been planted for me to find.
Also, I was never asked to spy on a colleague by an employer. Basically the rule was, as long as you're getting your job done and you're not breaking any laws or offending any coworkers, why should we stop you from doing as you please?
No sig for you. YOU GET NO SIG!
Today a DBA came to me and asked why the partition filled up. I had to drill into oracle to find the answer (Oracle trace files. Let's just say I've worked with smarter DBA's). Was that snooping? Granted, that was in the realm of solving a problem.
As an email admin, I've routinely seen subject lines of emails that made me raise eyebrows. It was almost always in the context of looking for a missing email. Is that snooping?
Personally, I'd REALLY like to see the data. 1) What does '300 Senior IT Professionals' mean? 2) I'd REALLY like to see the survey questions asked.
I often tell people that, as a sysadmin, if you don't trust me, fire me now, and escort me out the building. I have more than enough power to do irrevocable damage to the company.
Zapman
Flamebait? Someone that apparently steals software has some mod points. I'll bet they read co-workers emails too.
Humanity is pretty pathetic.
Give me Classic Slashdot or give me death!
I don't think this constitutes "snooping". It's your job generally to ensure that company resources aren't being wasted by personal files such as music collections, videos, photos etc. Most of the time you are just looking for particular filetypes in excessively large profiles.
As far as software installs go, it isn't important from a licensing and security standpoint to identify illegal or insecure software that an employee has installed. Just as it is to identify rogue network hardware.
I don't think finding out that salesman Bob likes Britney Spears is in anyway a moral conflict. Reading through employee mail or accessing documents you have no right to (human resources for example) - now that is snooping.
Sometimes my arms bend back.