Slashdot Mirror
Do IT Pros Abuse Their Power?
An anonymous reader writes "I have noticed that many airports and hospitals I've visited have some kind of internet usage policy in place. Some use software similar to Websense, which effectively blocks sites based on blacklisting them by category. A commonly used blacklist prevents users from accessing 'forums or discussion boards,' yet I find that often these networks allow users to access sites like Fark, Slashdot, Digg and other message boards that appeal to the technical culture one might find in the IT world. In your experience, do IT administrators abuse their supervisory powers? Has there ever been a backlash from users or management for doing so?"
You must be new here. All members of /. are (or want to be) a BOFH!
Of course we do. Get over it.
...are Fark and Digg considered 'technical culture' sites. Seriously, this isn't 2001. Last time I checked, the Internet had sort of entered the mainstream and 'slacking off at work' isn't really considered exclusively IT.
This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
Absolute power, is even more fun!</bofh>
Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.
How many people here get around their workplace's blocking software by running an SSH tunnel to a proxy server on their home network?
People in every line of work take advantage however they can. Janitors, mailmen, military personnel, police, teachers, principals, street sweepers, CEOs, mechanics, and on and on. Its human nature.
Policy is made by management. I don't care if you watch gay furry porn for all the three hours you spend in the Office.
I do care about the security of the network - so if you plug your private Laptop into the Office LAN, you won't get any connection because your machine won't authenticate. But i'll know exactly that you did so. And i'll call you out for it.
In all the places i've worked, WebSense etc. only worked in the VLANs for the office workers. All IT networks (as did the Exec's networks) had unrestricted internet access (they still went through a malware filtering proxy, but not content filtering). This might be different in larger organizations.
In the place i work right now, we only have a malware filter. No content filtering at all. I think it's pointless. If someone does not do his job properly, fire him. If someone does his job properly, but uses 10 minutes a day for masturbating to gay furry porn, he's still more productive than someone who takes a 10 minute smoke break every 20 minutes.
Digg has tech news? I thought it was all libertarianism and marijuana.
IT professionals would never abuse the position of responsibility with which they are entrusted. They would never use their positions to retaliate against the unthinking, uncaring, ungrateful wretches that make their lives a living, seething hell each and every day those worthless pieces of crap continue to suck air.
In my experience most draconian restrictions are imposed by Management. The technical staff is simply more empowered to work around them or ignore them.
Generally, they'll whitelist any site that a user can come defend as needed for work.
If there is abuse of "IT power", it's that IT passes judgment on their own staff's claim that tech-sites are needed for asking questions and finding tech solutions. But, frankly, even a very lame claim that "I need access to localchat.com to check on how other local accountants are handling the new sales tax" will get a pass, too. IT staff aren't exactly Sam Spade. So any extra blind-eyes they get to their favourite sites is pretty marginal.
The big difference is that IT staff aren't shy of asking. Other users imagine some omniscient IT that will just know they really want to chat about their cats.
Whats the point of having all that power if you can't abuse it?
Greetings and Salutations.
Perhaps the better questions are "why ARE some websites blocked? and WHO makes that decision?" I administer web access for a client or two, and, the decision to block given websites comes from upper level management, usually NOT the IT command structure. In a business, there is an almost paranoid fear that the employees are sitting around surfing the Net instead of doing work to make money for the company. Any blocking seems focused at keeping that from happening.
Alternatively, I go and sit at Panera Bread (a great place for good pastries, and excellent, light lunch sandwiches and such by the by...) on occasion, and have found a few websites that would not come up because they were blocked. However, it appeared that this was because the company providing the blocking had mis-catagorized them, and, once I sent a note in about the site, they ended up being unblocked. But then, If I were going to surf porn sites I would NOT be doing it in a public place like that....
So, I suppose there are cases where IT admins abuse their powers and block sites that should be available...but I have not run into them. Amazingly enough BOFHs are human too, and, some of them ARE little Herberts....control freaks and generally annoying people. The rest of us are all genial and fun folks with a slightly twisted sense of humor.
Regards
Dave Mundt
YAB - http://blog.beemandave.com/
Does it matter, as long as they get their work done?
Really, some people are too uptight about things. The only metric should be if an employee does their job. If they do their job and do it well, who cares if they visit an amusing website for a laugh to break up an otherwise dull day?
Um, most IT pros are too busy to abuse their power.
... and if you don't believe me I will delete your account
Do you allow DNS on your network? OpenVPN-over-UDP-over-IP-over-DNS isn't lightning fast but it does the job most of the time. It's a neat way to (ab)use commercial WiFi hotspots too. You can't stop a determined power user except maybe with a whitelist of a small set of whitelisted remote hosts.
You work at a college and block certain "websites and services?" From the context I'm guessing it's more than simply blocking known phishing sites and the like...
If you are censoring the internet for the students of your college, then frankly I find that abhorrent. It's one thing for a company to filter the internet for their employees at work, but it's completely another to do it to students who-- besides being in an environment which should encourage exploration and allow for the making of mistakes-- may very likely live there and only have access to the internet through the school. As a college IT department, for all internets and purposes you're an ISP and with respect to student internet access you should be held to the same standards of openness and neutrality to which Comcast, Verizon and their likes are.
In my experience the IT dept generally has rules for other people and rules for themselves. They "know what they are doing" while everybody else "can't be trusted". Their login for general usage is full administrator and bypasses websense, while I am barred from sites "listed as general business" (only sites pre-approved by IT are allowed, which they make very clear they do not do because they don't want people asking them all the time). Our email attachment limits are 2mb ("it takes up space on the server") and FTP is outright barred - even though one time it was the only way for a client to send me files IT wouldn't do it, so I went home and put it onto a USB stick.
They install whatever they like, including such productivity tools as BBC news sports tickers. Despite pretty much being able to do everything on their work-paid cell phone, not having to multi-task or whatever they have brand-new machines. When another member of staff requires a new PC, they get an IT staff's PC and IT get a new PC. Despite the general staff doing work where screen real estate is highly productive, their monitors are 15" and 17" while IT and managers have 19" (although they were quite savvy and gave the partners 21"; monitors are the new bigger desk and chair). In my job where we do quite a lot of printing, speed and quality are important, IT also have the best printer - yet it took a week for them to notice when I unplugged it one Friday night.
IT is all about convenience for IT. All our productivity stuff, which at any given moment 99% of staff is running at any given moment, is quite server intensive. They're all on the same server, while low-intensity stuff rarely used has three idle servers all to itself. I spend a significant portion of my time waiting for the server to respond. It's quite embarrassing when a client turns up asking for a simple copy of a report in a hurry and it takes me 10 minutes, they think I must have forgotten so they ask reception to call up and remind me they're late for their meeting. I pointed out once that the servers could be rebalanced to distribute the load but was told "that would be too much hassle".
All the procedures are laughable. Despite almost completely phasing paper filing out, all staff's basic logins can delete data files and all the backups are kept on a shelf on site. I could obliterate the lot in one minute of madness (probably induced by dealing with IT). It would take me longer to copy it all to a couple of USB sticks, but nobody would notice until they got the blackmail letters or it was on the news.
But let's not get all confused and think I'm bashing IT here. I can say pretty much the same thing about every single department. Like how the time it takes me to obtain new propellant pencil leads costs the firm 16x the price of the leads. If I kept one carton for work then stole the rest of the box it would be cheaper for the firm than following procedure.
As regards other managers, few have the slightest clue about IT. Those that do just work it to their advantage - they get preferential treatment so it makes them look good.
Q1: Are IT pros, in general, humans?
Q2: Do humans, in general, abuse power when they have it?
Q3: Is there some reason to believe IT pros different from most humans in this regard?
I'm kinda curious why this question even got asked. Unless the answer to any of the above questions is anything less than as patently obvious as I think they all are, ("Yes", "Yes", and "No", for the record), simple logic would make the answer to the posted question obvious. Q1 & Q2 fall to the same simple "Socrates is mortal" syllogism, unless Q3 is assumed to also be "Yes", but why on earth would anyone think that?
"Convictions are more dangerous enemies of truth than lies."
Once when presenting a web based product to the senior management the IT people at a huge company tried to block the IP address of the server in the middle of the presentation. Without missing a beat I switched over to a copy of the product that was hosted on the laptop itself. The IT guy typed furiously and then interrupted and asked what port/ IP address I was using. I told him that I had switched from TCP to UDP as something was blocking the TCP packets. He typed even more furiously trying to figure out why blocking a single IP wouldn't also block UDP. I am not sure he ever figured out what went wrong. For weeks after the presentation the IT group threw up roadblock after roadblock. We weren't compatible with their PKI, etc (we didn't use anything that would work with PKI). Even though the top people(CEO, CFO, President, and the VP of Marketing) really wanted what we were offering they simply admitted that a battle with their IT department wasn't something they could handle at this time. This was not the first IT department that tried to crap all over our product for "Technical" reasons. Even if our product were to have sucked crap that was never the reason given. It was always "bandwidth" or something not relating at all to any possible problem that our product had. I think it all boils down to IT departments being driven by fear. If all goes well the IT department risks downsizing. If anything goes wrong the IT department gets the blame. Then to top it all off the typical IT head might be around 50 years old in the average large organization and they fear the new guy who just was hired who could single handedly bring the entire department out of the depths of Novell and into the 21st century. I would recommend that any large company regularly get an outside organization to audit their IT departments and make sure that the technologies and practices are up to a reasonable standard. Best to learn now that your backups suck instead of when the good data still exists. I would be willing to venture that most organizations have a head of IT who should be replaced by one of his far younger underlings.
Yes, but the question was "Is it abused".
In our building Facebook is blocked along with many other forums that would help developers get their job done. The abuse comes in when our other building (the one where IT & upper management are located) doesn't block these forums or facebook.
Management needs Facebook & YouTube, but I can't read someone's blog about getting around a specific C# programming problem?
Would you rather have them busy with Facebook and Youtube or busy trying to "manage" the developers? I don't know about your work situation, but I've found TOR is pretty much capable of getting around most filters...
I can see doing this for your kids, where you're trying to build a safe environment for them to web surf in. (The kidzui plug-in for Firefox is a good example.) But in a corporate environment, whitelisting seems extreme to me. I'd not only be an employee who complained, but one who would quit and seek employment elsewhere, if I was treated that way, (Do you happen to only allow outgoing phone calls to whitelisted numbers, to make sure they aren't spending time talking to someone who doesn't directly benefit the company? I recommend screening the books and newspapers they bring in, as well. Wouldn't want them to read something on their lunch break that doesn't benefit the business, would you?)
There are ways to protect a PC reasonably well from malware attacks without resorting to this.... That's just laziness on the part of I.T., really. I've done this stuff for close to 20 years, and I can only remember a total of about 3 virus infections anyone had on a PC, at any of the places I worked. Honestly, in all cases, they were easy to eradicate too. A properly configured router that blocks access on all ports except specific ones stops a lot of that junk from spreading or downloading "helper apps" that result it in completely taking over and embedding itself in a PC. Beyond that, you run good anti-virus software AND a package providing real-time malware detection and removal (commercial version of Malware Bytes might be a good recommendation here ... NOT junk like Symantec or McAfee want to sell you as an "add-on" to their main product). Lastly, you run things through a web proxy that does know how to block known IPs of sites that distribute the stuff.
As I said in another post, I'm all for blocking SOME web sites. Filter out as much porn as possible, because you really don't want a sexual harassment lawsuit over some co-worker stupidly downloading porn and making it into Windows wallpaper and offending someone, or what-not. You may want to filter known sites promoting violence and racism too. Again, it has no conceivable useful purpose in the workplace. But all in all, people DO expect to be able to use the Internet for a little bit of socializing, checking personal emails, and keeping up with news throughout the day. A happy employee is more productive, and all of this encourages them to be content.
Yes.
Next question.
(Please don't ask "Do cops speed?" "Do restaurant workers get free food?" "Do Real Estate Agents get cheaper houses?" etc...)
Shit! Its one of the few perks I have left.
At the company I work for, the users had unrestricted access to the internet. Then they started abusing that freedom by going to porn sites, soaking up all the bandwidth with streaming music and YouTube, and happily going to every malware website possible. We got fed up with blocking IP ranges at the firewall, having to tell a user not to stream media, and finding out how creative a user can get with getting malware. I campaigned for and got a content filter. Not everyone gets a "no internets" policy. We start off with restricting the really malicious sites first, then allow full access to those that need it (e.g. underwriting), then make category blocks like porn, and then granular as each department head sees fit. So far everyone has gotten use to it. Sites do get miscategorized from time to time, but we can unblock them and recategorize them as needed. Really we should have had something like this when I first started since there is a possibility for unrestricted access to become a liability. OP, if you want a website unblocked, put a request to the netadmin to have it unblocked. Otherwise appreciate that you do have some level of an internet connection that you're not paying for, get some means of a VPN that wont restrict internet access, or pay a hefty sum for an aircard.