1 In 3 Sysadmins Snoop On Colleagues 392
klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"
No Ethics (Score:5, Insightful)
I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.
The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.
Do that, and suffer my wrath.
Scary (Score:5, Insightful)
Re:No Ethics (Score:5, Insightful)
If you forbid someone something and grant them acces to it 9 out of 10 people *will* take a look. Combine that with the powertrip most people get when put in a control position it get's to good to bet let alone.
For those reasons alone I never trust any sysadmin anywhere, period.
At work or anywhere else I simply asume some admin will read my email on a bored day and I simply asume he will browse through my files the other day.
Re:Which is worse? (Score:5, Insightful)
Is being able to flip through the HR database and seeing everyone's pay rate going to make your network more secure?
And if your users learn of your snooping, is it going to be a boon to your company when either you are fired, or employees leave rather than be snooped on?
If you are snooping and you are looking at anything more than purely technical information, you are likely going over the bounds of ethical behavior if you don't have managerial backing.
-Rick
Sysadmins mostly honest (Score:5, Insightful)
Re:Only 300? (Score:3, Insightful)
I don't snoop (Score:5, Insightful)
Time (Score:2, Insightful)
Where the fuck do these people get the time to snoop?
Re:No Ethics (Score:5, Insightful)
And another thing... (Score:2, Insightful)
Re:No Ethics (Score:5, Insightful)
Re:Which is worse? (Score:3, Insightful)
Re:Which is worse? (Score:3, Insightful)
This is more true in shared hosting (Score:2, Insightful)
I host for a few friends of mine, and I don't really snoop unless their disk space crosses threshold. Then I ask if they'd reduce application XYZ's data footprint because it's encroaching on other users backup space.
In non-shared, it's more often snooping of port activity for security audits. Hey, you don't need that derelict FTP server running. Mind shutting it off so we can get VISA certification?
Define Snoop. (Score:5, Insightful)
I CAN say that I have never logged into systems I wasn't allowed in, but I have
cd
and looked around.
However, I have never USED the information. I never really found anything incriminating, except TONS of porn. Hey, if you have a proxy server at work, all the porn you view is cached on the proxy. Our proxy used to show the file owner, ha ha, you are busted. I never busted anyone however, just backed up the porn to CDs and deleted it. Anyone want some old CDs?
Also, I used to work nights. If you just turned me down for a raise (poor-mouthing how bad the company is doing), do not leave your 6 month $14K bonus paperwork lying around on top of your desk. I was just delivering reports, but damn, I lost all respect for you. That is why I do not work for you anymore.
So? (Score:3, Insightful)
And if those are the same laws that apply everywhere I've worked at, then it doesn't matter if they access my files or read my email.
As long as the info is not made public, used maliciously, discussed between colleges, then it doesn't matter.
It's not what you know, it's how you use it.
Re:And? (Score:5, Insightful)
Snooping != monitoring (Score:3, Insightful)
However, as part of my duties, I was instructed to monitor some individuals and to scan for specific keywords in the logs.
Re:No Ethics (Score:5, Insightful)
assume they all do (Score:3, Insightful)
Given that anyone with both the access and the inclination will have harvested any information they want long before they hand in their notice, having them escorted out is going to be ineffective. From that position, threatening dismissal will not be an effective deterrent, especially now that it's so hard to put allegations into a job reference, unless there's a criminal case that's been proved.
Probably the only industry where safeguards come close to working is in the financial sector - where the regulations about insider trading make it hard to exploit privileged information without getting caught. However, that's a legal solution, not a technical one.
Why not? (Score:3, Insightful)
Re:No Ethics (Score:5, Insightful)
Re:They have a life (Score:5, Insightful)
There are three basic reasons why sysadmins don't snoop, in increasing order of importance:
1. It'd get you fired.
2. There isn't time in the day.
3. Basic bloody professional standards.
My institution recently underwent a long (very long) pay restructure. At about the point where things were finally settling down, the DBAs were hauled in and "reminded" that exposing or snooping through the resulting data would be a Bad Thing. My instant reaction was, "that's a fucking insult;" didn't think much of the middle-managers involved in passing on that message for not standing up for their staff. However, I think the reflection upon the personnel staff who issued the memo in the first place is that they are greasy, underhanded slime balls.
So no change there then.
Re:And? (Score:2, Insightful)
Because, some people aren't supposed to be seeing certain things
Running with that assumption for a moment, most of the replies totally ignore the *fact* that Management is unwilling to pay OR EVEN CONSIDER using a system that would guard those "certain things."
-PGP encrypt attachments? No way.
-Password on a zipped archive? Probably not.
-A system-wide approach via PKI? Not on your life.
Management has *intentionally* set themselves up for failure and they blame the IT worker? This is the classic case of sh!t rolling downhill.
This is why I'm lazy (Score:2, Insightful)
Re:Which is worse? (Score:5, Insightful)
Part of the reason being that I am too damn curious, except not in the "curtain twitcher" way of spying on people around you. I'm always probing the systems to see if they're happy or not, and seeing if I can tweak them to be more secure, or perform better.
I'm also happy with my illusions of them being pleasant, professional people with no hangups or problems (unless they enter the 'mates' category, in which case I either ask, or listen, or both). Saves a lot of friction, and lets me get on with what needs doing.
The biggest reason though, is that I think the world should be a better place than it is. I like my privacy, and think it's something valuable. Therefore, I show people the respect I think they should have, and politely decline to riffle through their private information. If I can't meet my responsibility for privacy, I have no business claiming the right.
There comes a point where it's asked "Who watches the watchers..".. And I'd have to say they're damn poor watchers if they can't watch themselves.
To be a sysadmin in a sizable environment, you need people on your side; you need them to trust you, and have a bit of faith in you.. Otherwise, the first big disaster that happens (and we all know they do, no matter how much you plan), you WILL be strung out to dry by everyone with an axe to grind, rather than having their support and help at the time you need it most.
Re:Sysadmins mostly honest (Score:2, Insightful)
Boring (Score:5, Insightful)
After you've flipped through dozens of inboxes and home directories as part of your job, you know how pointless it is to do it for fun. People are boring. They have boring mail. They have boring files.
TFA == crap (Score:5, Insightful)
1. 300 is too small a sample. Far too small.
2. No breakdown on size of shop per admin. My SA/server ratio is 1:100, which means very little time. (I MAKE time for
3. No breakdown on 'admin' roles. If this is a mom-pop-shop admin survey, then I guess it makes sense. Cisco riders can't touch a server in my shop. Neither can the Domain/AD Admins.
4. MSNBC? Now -theres- credibility.
5. These shops obviously don't log admin activity. Someone needs to watch the watchers.
6. I am not a snitch. I don't get paid to snitch.
7. auto_home FTW, baby!
8. 1 out of 3 survey topics are meaningless.
Re:No Ethics (Score:5, Insightful)
Seems to have worked. Either that or they are better at covering their tracks now.
Some of this I blame on the current school systems in place. There seems to be a lot more cheating going on and as a result not much character building. The rest I blame on poor roll models for the kids today. What with athletes almost openly using steroids and rappers thinking its cool getting busted the kids today don't have anyone to look up to. The easy way out is how it is done. A real shame that it has devolved to this.
Re:Scary (Score:5, Insightful)
Seriously, that approach is just waiting for that one opening that allows someone inside. Security in depth, multiple layers, is the best practice.
YAIASAS(Yet another Ima a system admin story) (Score:4, Insightful)
However, I should say, from time to time you stumble across "information that (is) not relevant to (your) role," unintentionally. That can't be helped, but it is possible to not abuse the situation.
Re:No Ethics (Score:4, Insightful)
Exactly. The 'if they don't catch me then I'm allowed' mindset is definitely the wrong mindset to have.
Unintentional Snoopage? (Score:5, Insightful)
Also, I was never asked to spy on a colleague by an employer. Basically the rule was, as long as you're getting your job done and you're not breaking any laws or offending any coworkers, why should we stop you from doing as you please?
Much more than the schools (Score:2, Insightful)
It's much more than schools. Read any
Re:Don't believe the hype (Score:3, Insightful)
Re:Boring ... so automate it (Score:3, Insightful)
The trick is to keep your automated scanning away from the prying eyes of all the other systadmins, who might just stumble across it while they're installing their own methods of getting one step ahead of the rest of the crowd.
Re:No Ethics (Score:5, Insightful)
Re:No Ethics (Score:5, Insightful)
It's probably a good assumption, but I have to admit I'm surprised the number is as high as 1 in 3, considering that getting fired for snooping on others' email or files is something that could probably cost you your entire career. Who would hire somebody as a sysop who had been caught snooping?
Re:Security vendor overblows insider threat. (Score:3, Insightful)
Funny how people keep forgetting that lesson.
When you're root, what's snooping? (Score:4, Insightful)
As an email admin, I've routinely seen subject lines of emails that made me raise eyebrows. It was almost always in the context of looking for a missing email. Is that snooping?
Personally, I'd REALLY like to see the data. 1) What does '300 Senior IT Professionals' mean? 2) I'd REALLY like to see the survey questions asked.
I often tell people that, as a sysadmin, if you don't trust me, fire me now, and escort me out the building. I have more than enough power to do irrevocable damage to the company.
Re:No Ethics (Score:5, Insightful)
So why do we look less favorably on the children who do it and are just not as good at it?
Just look at about every 5th story (or more) on techdirt for an example.
Think of the children? No, think of the old people acting like children.
Re:Much more than the schools (Score:2, Insightful)
Re:Much more than the schools (Score:4, Insightful)
It just goes to show that... (Score:3, Insightful)
The other one is easily tricked by slanted survey questions posed by a company with a vested interest in selling security products designed to prevent snooping.
"Have you ever, in the course of your work, sought out or been exposed to confidential information which you were not supposed to see? Examples would include personal files, documents or misdirected mail."
"I don't look at anyone else's files, but as the postmaster for our domain I personally receive every bounced email and those sometimes contain information which should have been kept confidential. I don't read any of it because that would be wrong, but it does wind up in my mailbox."
"Okay, we'll put you down for 'Snoops on his coworkers' then, and I'll have the rest of our sales team take your manager out for lunch to discuss this. Thanks!"
Re:They have a life (Score:4, Insightful)
Humanity is pretty pathetic.
Re:Scary (Score:3, Insightful)
If you tried that on production, you just broke every automated ssh attempt between systems, and now you've got to manually edit every known_hosts file to remove the old keys. Then you've got to manually add or ssh into the hosts all over again to re-establish key trust.
Re:No Ethics (Score:4, Insightful)
Of course, if the parents watch a lot of TV, the athletes and musicians aren't the only bad role models for the kids.
Re:No Ethics (Score:5, Insightful)
Then please take the advice of a sysadmin; never *ever* hire a sysadmin.
If you can't trust your sysadmin then don't have one. Don't be in a position where you need to hire or manage one.
Re:Bad sysadmin! (Score:2, Insightful)
You know what, I have too much karma, I think I need to change my sig to +5, Truth.
This whole article seems like a troll... (Score:2, Insightful)
I don't know how this study was put together, but it sounds like they weren't interviewing professionals or experienced admins.
I wouldn't call that snooping (Score:4, Insightful)
As far as software installs go, it isn't important from a licensing and security standpoint to identify illegal or insecure software that an employee has installed. Just as it is to identify rogue network hardware.
I don't think finding out that salesman Bob likes Britney Spears is in anyway a moral conflict. Reading through employee mail or accessing documents you have no right to (human resources for example) - now that is snooping.
Re:Bad sysadmin! (Score:2, Insightful)
Re:No Ethics (Score:4, Insightful)
Maybe not applicable in your situation, but in general, from my very limited experience, those most likely to snoop were those that were less competent, and snooping and such gave them a sense of power. If these less-competent, morally challenged coworkers weren't so busy snooping in everyone's personal business, maybe they could learn their jobs and help with the workload.