Slashdot Mirror

← Back to Stories (view on slashdot.org)

1 In 3 Sysadmins Snoop On Colleagues

Posted by timothy on from the and-they-steal-chips-and-soda dept.

klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"

13 of 392 comments (clear)

  1. And? by mpapet · · Score: 5, Interesting

    Maybe I'm missing the point but I don't see where there is an issue.

    In nearly all IT environments, either you trust your IT staff, or you have some killer PKI. Reality suggests management in the typical company wouldn't pay for or be bothered to use, so we're back to IT having super-snooping powers.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
    1. Re:And? by Bob-taro · · Score: 5, Interesting

      In nearly all IT environments, either you trust your IT staff, or you have some killer PKI.

      The Sarbanes Oxley Act makes trusting your employees illegal.

      --
      Prov 9:8 Do not rebuke mockers or they will hate you; rebuke the wise and they will love you.
  2. Which is worse? by IronWilliamCash · · Score: 5, Interesting

    Given the nature of a sysadmin's job, I think I'd be more worried about the other 2 out of 3 that don't snoop around. A curious sysadmin will find more problems and more possible solutions than one who doesn't care.

    1. Re:Which is worse? by Bandman · · Score: 5, Interesting

      I think you're confusing the word "curious" with the term my grandma used. "Nibshit".

      It's great to be curious. Wondering how things work will definitely teach you.

      Being a nibshit will only get you into things you shouldn't.

      Of course, at one of my old jobs at an ISP, another admin (who was a nibshit) found a stash of kiddie porn in a users folder. I suppose it's a positive story, since the guy ended up going to jail.

      --
      Check out my sysadmin blog!
    2. Re:Which is worse? by mandark1967 · · Score: 5, Interesting

      Curiosity for certain aspects of network management is far different than "snooping" on employees.

      As has been stated, Reading their email or watching them surf does nothing to increase the security of the network.

      (on a windows network)

      You wanna be curious? Fine. Go pull a listing of the 8000+ databases on the network share and check their properties to see if they are secured correctly so the HR data contained in some of them isn't available to be seen by the "everyone" group.

      Go search for old, out dated data files that haven't been accessed in 5 years, or personal multimedia files sitting on your shared space because the users want to listen to music all day long but are too cheap to bring in a $6 radio.

      These are some of the things a decent Admin would and should look for (among others) but that power does not justify snooping on people because you're too bored to crack open a tech manual of some sort or read a tech-site online

      --
      Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  3. Don't believe the hype by Anonymous Coward · · Score: 5, Interesting

    Come on people, for 'computer nerds' it's amazing how little logic you collectively display.

    The company that sponsored the "poll" makes products for encrypting information and compliance with SOX..

    Do you think they'd release a study that DIDN'T imply your information was in jeapordy?

    This is simply marketing hype, don't fall for it -- it's positioned to get executives to suspect their IT staff (in my company's case, very respectable and honest IT staff) --

    1 in 3 is a completely made up number for the benefit of the company trying to SELL PRODUCT

  4. Never again by citylivin · · Score: 5, Interesting

    I made the mistake of looking at a co workers pay who I thought was equal in status to me. BIG MISTAKE. After finding out he was paid several hundred dollars more than me a paycheque for doing basically the same job, I never looked at him or the company the same way again. I left that company not too long after, partly because I felt ripped off. Its very hard to unsee things sometimes.

    As for internet history or watching peoples screens while their back is turned, I would never do that *TO A PEER*. Its just a respect thing. I have definitely been told to monitor subordinates internet accesses as well as various people throughout the companies I have worked for. Ive gotten people fired for looking at facebook on work hours, but thats part of the job in some corporations. I wonder if the article is talking about peers (in the IT department) or extra-departmental persons whom you could legitimately be instructed to snoop on.

    --
    As a potential lottery winner, I totally support tax cuts for the wealthy
  5. Surveys... by mulvane · · Score: 4, Interesting

    Of those 2 out of 3 left, 4 out of 5 were found to have lied on the survey. Of those that lied, it was found that 2 out of 3 only snoop on those they think they have a romantic connection with and considered it not snooping but pre-mutual love investigation. Of those that act and are rejected, 50% continue to snoop to plan murderous intentions that later end in the woman of said attraction kicking said admins ass. Makes you wonder where all these stats come from really though doesn't it..

  6. Re:Scary by Bandman · · Score: 4, Interesting

    Which really brings up another question to me.

    Suppose you have a high level IT staff member quit.

    You go through the normal password rotation, and call it a day, but they still had access to the private keys of every server. Do you generate all new keys for every server? How do you reconcile that with the authorized_keys and known_hosts files across the network? That's a large infrastructure change.

    Are there SSH key servers that allow this?

    --
    Check out my sysadmin blog!
  7. Re:No Ethics by CastrTroy · · Score: 5, Interesting

    Get fired for reading the email of other employees? No way. Some companies even hire people to read employee email.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  8. Re:Bad sysadmin! by ehrichweiss · · Score: 5, Interesting

    Funny story that. I was hired because I am a sysadmin with the morals of a mercenary(I actually provide complete security protection for hardware, software and even physical security for wetware if needed) and the head of the company accidentally CC'ed someone in the company whom she had badmouthed in the email. The very next thing heard when she realized it was an announcement over our intercom system "All staff please step away from your computers, I think we have a virus; Eric, please report to my office". I got the detail of removing the email, while he was watching no less, and making sure he couldn't retrieve it. Funny thing is, this was on Mac OS 9 and there were almost zero viruses. Other times the owner would have me forward email from the sales staff to her. Now as for outright snooping, nope I never felt the need but I was more than willing to do it for pay.

    --
    0x09F911029D74E35BD84156C5635688C0
  9. Re:No Ethics by Vancorps · · Score: 4, Interesting

    Well said, and this has always been my personal philosophy as a syadmin. If you can't trust me with your data you can't trust anybody. It's that simple. The only time I'll go into another account is to backup files in which case I'm not reading the content.

    There is one more instance when I'll go into an account, when there is a legitimate need for specific content and the account owner isn't available to provide it to the employee. Again, I don't go looking at other stuff, I have something specific I'm searching for.

    I've always taken my position pretty seriously, I can't believe that number is that high. Every sysadmin I know is either too busy to snoop or doesn't care enough to snoop. I can admit I was once tempted to snoop because I was dating a coworker but my damned personal ethics got in the way and I decided to trust her instead. Yeah it turns out she was lying through her teeth but there are other ways to tell if someone is lying that are far better than snooping through email which may or may not be out of context.

  10. Re:No Ethics by Technician · · Score: 4, Interesting

    It's a damned poor state of affairs that so many people put in that situation of trust betray it.

    Let me guess, you never check unknown files before deleting them?

    Instead of a car example, I'll use the Photocopier example.

    In clearing the photocopier, it's no business of yours that the thing has a jammed copy another employee's payrole, medical record, drug screen result, employee evaluation, or of a centerfold, but you see it. Is this an ethics violation?

    Snooping and being exposed to data outside your job role may be what the survey is all about.

    I have worked with highly classified stuff. Access is on a need to know basis. I have been exposed to other classified material that I had no need to know, and wasn't cleard for, but, I wasn't snooping. I saw just enough to identify it. With my security clearance, I treated the matter properly.

    Have you ever opened an unidentified file to identify it? Was it snooping, or system maitenance?

    --
    The truth shall set you free!