Slashdot Mirror
1 In 3 Sysadmins Snoop On Colleagues
klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"
Maybe I'm missing the point but I don't see where there is an issue.
In nearly all IT environments, either you trust your IT staff, or you have some killer PKI. Reality suggests management in the typical company wouldn't pay for or be bothered to use, so we're back to IT having super-snooping powers.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Given the nature of a sysadmin's job, I think I'd be more worried about the other 2 out of 3 that don't snoop around. A curious sysadmin will find more problems and more possible solutions than one who doesn't care.
Come on people, for 'computer nerds' it's amazing how little logic you collectively display.
The company that sponsored the "poll" makes products for encrypting information and compliance with SOX..
Do you think they'd release a study that DIDN'T imply your information was in jeapordy?
This is simply marketing hype, don't fall for it -- it's positioned to get executives to suspect their IT staff (in my company's case, very respectable and honest IT staff) --
1 in 3 is a completely made up number for the benefit of the company trying to SELL PRODUCT
of those SysAdmins who feel it necessary to snoop on people? If you're bored, get out of Admin Pack and head over to /. or Technet (if you are of the MS persuasion) and learn something new. I don't care who you are or how good you are, you don't know EVERYTHING...
Maybe it's just me, but I just don't get it...
I probably have access to more account information and networked shared space than most people, but I have no urge, need, or desire to see what's in their accounts or shares. (Beyond making sure private data is secured and there isn't pornography or other bad files out there using up all our networked drives. That's one of my monthly chores)
Only reason I'm here right now posting is because I'm in the middle of a scan. Our scans take 6-7 hours to run (with the process set to realtime priority) so about the only thing my computer is able to do is browse the web (slowly, I might add)
"Could" I snoop? Sure. "Would" I? Never. That's one of the reasons why I have this job.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
I made the mistake of looking at a co workers pay who I thought was equal in status to me. BIG MISTAKE. After finding out he was paid several hundred dollars more than me a paycheque for doing basically the same job, I never looked at him or the company the same way again. I left that company not too long after, partly because I felt ripped off. Its very hard to unsee things sometimes.
As for internet history or watching peoples screens while their back is turned, I would never do that *TO A PEER*. Its just a respect thing. I have definitely been told to monitor subordinates internet accesses as well as various people throughout the companies I have worked for. Ive gotten people fired for looking at facebook on work hours, but thats part of the job in some corporations. I wonder if the article is talking about peers (in the IT department) or extra-departmental persons whom you could legitimately be instructed to snoop on.
As a potential lottery winner, I totally support tax cuts for the wealthy
Of those 2 out of 3 left, 4 out of 5 were found to have lied on the survey. Of those that lied, it was found that 2 out of 3 only snoop on those they think they have a romantic connection with and considered it not snooping but pre-mutual love investigation. Of those that act and are rejected, 50% continue to snoop to plan murderous intentions that later end in the woman of said attraction kicking said admins ass. Makes you wonder where all these stats come from really though doesn't it..
Which really brings up another question to me.
Suppose you have a high level IT staff member quit.
You go through the normal password rotation, and call it a day, but they still had access to the private keys of every server. Do you generate all new keys for every server? How do you reconcile that with the authorized_keys and known_hosts files across the network? That's a large infrastructure change.
Are there SSH key servers that allow this?
Check out my sysadmin blog!
Get fired for reading the email of other employees? No way. Some companies even hire people to read employee email.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Funny story that. I was hired because I am a sysadmin with the morals of a mercenary(I actually provide complete security protection for hardware, software and even physical security for wetware if needed) and the head of the company accidentally CC'ed someone in the company whom she had badmouthed in the email. The very next thing heard when she realized it was an announcement over our intercom system "All staff please step away from your computers, I think we have a virus; Eric, please report to my office". I got the detail of removing the email, while he was watching no less, and making sure he couldn't retrieve it. Funny thing is, this was on Mac OS 9 and there were almost zero viruses. Other times the owner would have me forward email from the sales staff to her. Now as for outright snooping, nope I never felt the need but I was more than willing to do it for pay.
0x09F911029D74E35BD84156C5635688C0
I think the problem is that the sysadmins at school are terrible role models. On every school or university computer lab I've seen, the sysadmins were actually tasked with snooping through the students' email. For the sake of detecting plagiarism, of course! But it teaches students that this kind of snooping is ok and expected. In fact, it seems to be what university sysadmins are for. They certainly weren't spending any time on making sure the backups worked, for instance.
Well said, and this has always been my personal philosophy as a syadmin. If you can't trust me with your data you can't trust anybody. It's that simple. The only time I'll go into another account is to backup files in which case I'm not reading the content.
There is one more instance when I'll go into an account, when there is a legitimate need for specific content and the account owner isn't available to provide it to the employee. Again, I don't go looking at other stuff, I have something specific I'm searching for.
I've always taken my position pretty seriously, I can't believe that number is that high. Every sysadmin I know is either too busy to snoop or doesn't care enough to snoop. I can admit I was once tempted to snoop because I was dating a coworker but my damned personal ethics got in the way and I decided to trust her instead. Yeah it turns out she was lying through her teeth but there are other ways to tell if someone is lying that are far better than snooping through email which may or may not be out of context.
It's a damned poor state of affairs that so many people put in that situation of trust betray it.
Let me guess, you never check unknown files before deleting them?
Instead of a car example, I'll use the Photocopier example.
In clearing the photocopier, it's no business of yours that the thing has a jammed copy another employee's payrole, medical record, drug screen result, employee evaluation, or of a centerfold, but you see it. Is this an ethics violation?
Snooping and being exposed to data outside your job role may be what the survey is all about.
I have worked with highly classified stuff. Access is on a need to know basis. I have been exposed to other classified material that I had no need to know, and wasn't cleard for, but, I wasn't snooping. I saw just enough to identify it. With my security clearance, I treated the matter properly.
Have you ever opened an unidentified file to identify it? Was it snooping, or system maitenance?
The truth shall set you free!
When I'm interviewing people for a sysadmin position one of my primary concerns is honesty and integrity. The problem is that everyone asked to their face will claim to have high integrity. I try to approach the issue indirectly with neutral questions as, "Where do you draw the line on observing user activity?" Several times I've had them answer very vaguely or ask me questions about the question - apparently in an attempt to ferret out what kind of answer I am looking for. This type of error-prone and subtle indication seems the only way to find out. ;)
The human API is very poorly documented. Is there a better way?