Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Don't Network Administrators Require Privacy?

ScuttleMonkey posted about 9 years ago | from the lets-put-our-servers-by-the-front-door dept.

Security 457

An anonymous reader writes to tell us that Recently their company has decided to move the IT staff out of their offices to make room for the Service Department. The move has placed the IT staff in cubicles that all face inward and lack, obviously, the ability to lock their doors at night. This is, to them, an obvious breach in security and privacy for what may be sensitive network information. Have any other Slashdot readers dealt with this sort of problem before? If so, what specific information was best suited to rectify these security concerns?

Sorry! There are no comments related to the filter you selected.

Yes, and stripper girlfriends (0, Insightful)

Anonymous Coward | about 9 years ago | (#13958963)

No, of course not. Just secure your computer and don't let people stand there looking over your shoulder. Get over it.

simple solution (0)

Anonymous Coward | about 9 years ago | (#13959041)

Load up the wage information of the people who did that, and any confidential information of them, their bosses, and the head honcho....

complain loudly and publicly about the problem "I was fixing a problem, and anybody could see Joe blogses details, and the personal issues effecting Jane at the moment"...

make sure people find out, then apologise perfusely that there was the security breach.. and say "well there's nothing I can say or do about it... just get over it. it's not like it's serious compared to what could have happened. The only sensible solution is to put us back where we were."

Or use your other option and walk out. I know atleast in the UK if you're a competent sysadmin it's easy to find work. It's only a problem if you're a useless dumass! - at which point, get out of the industry, we find it real hard to find decent people, you're just noise!

Re:Yes, and stripper girlfriends (5, Insightful)

v1 (525388) | about 9 years ago | (#13959110)

The "secure your computer" idea is obvious enough. There are other subtle problems though.

The "looking over your shoulder" problem is more difficult to deal with than you might think. More than once I've had issues with users stalking up behind me and reading my screen before I even knew they were there. (the really rude ones ask questions about what they've read) I could be doing any number of sensitive things - sending someone an email discussing the layoffs that are scheduled for next week, chatting with someone sending them their new account password, drafting a memo to someone outlining new security policy... posting the new router passwords on a secure filestore... any of these and more could be serious breaches of security and privacy if observed by the wrong people, and as another poster mentioned, could violate state or federal laws.

It's really a design problem to set up a cubicle where the user faces away from their door. For one, they can either look at their visitor OR their computer, but not both. I always prefer looking at my monitor, and then off to its side to see my guest. This also allows me to look up information for them without having to turn my back on them. Intelligent cubicle design has the desk on the left or right of the doorway, not opposite it. If your desk is opposite your cubicle doorway, tell your HR to get a clue. The best cubicle design is of course to have to walk around your desk and sit down, facing the doorway as well as your monitor, but I'll recognize that not every company has the space or the funds for such large cubicles.

As for physical security, that's another matter in itself. The best design is of course to have every computer imaged identically, with network login and home folder, and to allow no one to store their own information on the local hard drive. This seldom goes completely followed, and all sorts of things wind up on the local drives. Besides being a backup risk, anyone with physical access when you are away from your cubicle can rummage through your hard drive. Some I.T. are paranoid even of the nighttime janitors and clean the I.T. room themselves so they don't have to give out another key. But for that I'd say if you don't have janitorial staff you can trust at least that much, you need to find new janitors.

And of course if the fileserver is in your cubicle with you, that opens up a whole new can of worms. (and if not, why is your office away from the server room?) On that note I will say one thing I am against... leaving the server with an account logged in on it. I see that where I work sometimes, and it bothers me. I like that extra layer of security on top of physical security, and knowing someone with a key can play with the server is not my idea of a Good Thing(tm).

Re:Yes, and stripper girlfriends (2, Insightful)

jd142 (129673) | about 9 years ago | (#13959183)

More than once I've had issues with users stalking up behind me and reading my screen before I even knew they were there.

Get a privacy screen for the monitor. They blur the screen to anyone more than a foot or so away from the monitor and they work. Drives me nuts to work on a computer with one on it because if I move my head to far I think I'm having eye problems.

Re:Yes, and stripper girlfriends (0)

Anonymous Coward | about 9 years ago | (#13959237)

Get a rearview mirror.

Learn to read ROT-13. (1, Funny)

Anonymous Coward | about 9 years ago | (#13958968)

And hack your computer to display everything in ROT-13.

FIRST! (-1, Troll)

Anonymous Coward | about 9 years ago | (#13958969)

FIRST!

Re:FIRST! (0)

Anonymous Coward | about 9 years ago | (#13959001)

Wow, you didn't even get Fristage Postage.

the most obvious solution (0)

Anonymous Coward | about 9 years ago | (#13958987)

get a safe

Man up, nancy. (5, Insightful)

markv242 (622209) | about 9 years ago | (#13958988)

Quit trying to make up bogus reasons as to why you don't want to be in a cube and just tell your boss, "I don't want to be in a cube." If it's a dealbreaker for you, resign. Next they'll be moving you down into the basement and taking away your red stapler.

Re:Man up, nancy. (1)

OffTheLip (636691) | about 9 years ago | (#13959125)

and the final chapter is a beach chair, foo-foo drink and still no respect. I'll take it!

Re:Man up, nancy. (5, Insightful)

shawn(at)fsu (447153) | about 9 years ago | (#13959193)

Bogus is exactly right. Our company, an IT company that employs over 100,000 people worldwide has the sysadmin people in cubes. They can store the equipment in either lockable cabinets or is the server room. Sorry but this article just sounds childish and elitist.

Re:Man up, nancy. (5, Insightful)

TheSkyIsPurple (901118) | about 9 years ago | (#13959194)

It's a legitimate concern in general, but we just don't know enough in specific

We had a building restack awhile back, and they wanted to bump our group into cubes. I ended up going to the Real Estate folks at HQ and letting them know that my screen would now be facing public walkways, and communications about acquisitions would be ripe for compromise. (I kinda wish we had the SOX issues back then... since I deal with private info as well, it becomes a legal issue.)

Fortunately for me, Facilities didn't want to get those goofy cubicle sliding doors, and we didn't have enough conference room space for me to be able to reserve a conference room for all my confidential meetings.

Then again, at another of our offices, all of us are in cubes, but our bank of cubes is behind a secure access controlled door, and the general users aren't allowed in there... All depends on how critical your info is, and what is available to protect it.

I wouldn't press the sube issue directly, I would press the security issue, and let management come up with their own answer.

Re:Man up, nancy. (0)

Anonymous Coward | about 9 years ago | (#13959201)

Bingo, that was my first thought. Sucks trying to play Nethack when your boss can peek over your shoulder, no?

Re:Man up, nancy. (5, Insightful)

blincoln (592401) | about 9 years ago | (#13959220)

Seriously.

What company gives regular IT people their own offices?

I've been at a Fortune 500 company for five years, and in that whole time (which has spanned two buildings), the only people with offices were the directors.

Re:Man up, nancy. (0)

Anonymous Coward | about 9 years ago | (#13959234)

I say let them get what they get hope there whole company gos belly under and if i were the admin.
I would just sit back and whatch it tank, and not say one word.

Get cabinets (1)

Asgard (60200) | about 9 years ago | (#13958990)

You can mitigate the problem by demanding hardware locks to keep your equipment from walking away, and locking cabinets for storing sensitive information.

Battling Business Units! (4, Funny)

Zeebs (577100) | about 9 years ago | (#13958993)

The obvious answer is simply to wage war against any other units in the business that oppose your using that private space, or plans for world domination for instance. I saw it in a dilbert comic once, they have never steered me wrong before.

Dance fight (4, Funny)

3770 (560838) | about 9 years ago | (#13959116)

Again, on Dilberts advice... You should probably hum west side story and have a dance fight.

Re:Battling Business Units! (1)

Gyorg_Lavode (520114) | about 9 years ago | (#13959212)

Seriously, if you are the network admin you should be able to 'explain' that you are sorry that the website, mail server, and internet access are down, but now that you are in the public area, people just will not stop bugging you and you dont have the time to get them fixed until the day after they move you back.

What A Retarded Quesetion (0, Redundant)

Anonymous Coward | about 9 years ago | (#13958994)

Maybe the Administrators should lock or logout from their computers when they are away.
Problem solved.

Dumbest Ask Slashdot EVER.

Re:What A Retarded Quesetion (1, Troll)

Rosco P. Coltrane (209368) | about 9 years ago | (#13959056)

Dumbest Ask Slashdot EVER.

It's not an Ask Slashdot, it's a Whine Slashdot. The question is really a rant that can be summed up like this: "shit, some exec nicked my office and I was put in a cubicle instead"

Re:What A Retarded Quesetion (0)

Anonymous Coward | about 9 years ago | (#13959119)

MODS, metamods, wake up - parent is not a troll.

Re:What A Retarded Quesetion (2, Insightful)

91degrees (207121) | about 9 years ago | (#13959120)

"shit, some exec nicked my office and I was put in a cubicle instead"

Which actualy, I see as a legitimate complaint. An office has a certain kudos, so being forced out does mean an effective (albeit small) demotion. Maybe not a major deal, but certainly something that would justify complaint.

Might Even Be Illegal? (5, Interesting)

tim_mathews (585933) | about 9 years ago | (#13958995)

We ran into a similar issue at work. Our argument to keep our locked office was that since we have access to all the files on the network, under the HIPPA laws we're required to keep our workstations in a secured area like HR since confidential employee information could potentially be displayed on our screens. Don't know if it's true or not, but it let us keep our office.

Re:Might Even Be Illegal? (1, Informative)

bherman (531936) | about 9 years ago | (#13959103)

It's not true. under HIPAA Privacy regulations, your computers just can't be easily seen by people passing by. Technically, you shouldn't probably be accessing the information anyway but if you do you just are not supposed to have the screen that someone walking by can see.
HIPAA Security regulations should take care of the rest of the issues from the computer being in an open area.

Yes, there are two different parts to HIPAA (Privacy and Security).


I should know, I'm the HIPAA Officer at my job......DON'T DO IT!

Re:Might Even Be Illegal? (5, Insightful)

GuyverDH (232921) | about 9 years ago | (#13959175)

Actually, all that has to be done, is to follow a clean desk policy.

Monitors need to be faced in such a way so that they cannot be viewed from the walkways.
I also run mine at maximum resolution (1400x1150 for the laptop and 1600x1200 for the 20" second display) with small fonts so that my eyes are the only ones that can read anything displayed (unless someone looks directly over my shoulder).

Important papers have to be stored in locking cabinets/file drawers.

No sensitive information should be stored on the workstations. All sensitive information should be stored in a protected data-center type environment. File servers, host systems, database servers should all be protected. Workstations should be set to lock within a few minutes (mine is set for 2 minutes). I also have gotten into the habit of locking my workstation before I stand up for anything.

With no locally stored sensitive information, then the administrators PC is unable to be used as a tool to gain said information.

Cubicles are not necessarily evil, they are however, a fact of corporate life.

Don't be lazy, keep the information secure, rather than trusting a simple "door-lock" to keep unsecured data secure.

Nobody cares for IT (0)

Anonymous Coward | about 9 years ago | (#13958997)

This just sickens me, how can all these companies keep treating IT like this. We will revolt and without us the worlds infrastructure will collapse!!!

Re:Nobody cares for IT (2, Insightful)

HD Webdev (247266) | about 9 years ago | (#13959114)

We will revolt and without us the worlds infrastructure will collapse!!!

We will revolt until our spouses scream "Go out and get a damned job already you lazy, good for nothing loser!"

Re:Nobody cares for IT (1)

jack_csk (644290) | about 9 years ago | (#13959173)

The problem is that they always have cheaper labors like those in China and India as a backup. Though I really like to be in the IT field, but then we are treated worse than those in other fields.

I don't see that they do, no... (1)

Osrin (599427) | about 9 years ago | (#13959002)

A good IT admin should be able to secure the PC on their desk and therefore everything else that they access. Help your company cut costs and keep you, it is much better than the alternative.

Re:I don't see that they do, no... (5, Insightful)

Homology (639438) | about 9 years ago | (#13959049)

A good IT admin should be able to secure the PC on their desk and therefore everything else that they access. Help your company cut costs and keep you, it is much better than the alternative.

Bullshit. Once you have physical access to the PC you can compromise it.

Re:I don't see that they do, no... (2, Insightful)

Hucifer (861817) | about 9 years ago | (#13959164)

I have a utility on a floppy disk that allows you to reset the admin password on any Windows box. A google search, 1 floppy disk and 10 minutes of physical access to a PC is all someone needs to rape a Windows box.

Re:I don't see that they do, no... (1)

TheSkyIsPurple (901118) | about 9 years ago | (#13959214)

Correct, but... My machine really has nothing on it worth compromising. All data like that is on a server that is physically secured. I SSH/RDC/Dameware into to the servers. There is one firewalled one that actually has an MS Office installation, etc... The IT version of those cool plastic boxes with the gloves that scientists use...

Re:I don't see that they do, no... (2)

HD Webdev (247266) | about 9 years ago | (#13959228)

Bullshit. Once you have physical access to the PC you can compromise it.

Actually, with almost almost any type of access to a PC you can compromise it.

That's something that good network administrators acknowledge and deal with.

If a network administrator is unable to secure his own box relatively well (no network PC is ever 100% secure), why the %^&* would I trust him to secure a network? A good first defense barrier for an administrative PC in a cubicle environment is to flag those cubicles with a warning " With the exception of PHB's X, Y, and Z, anyone found in this cubicle when the employee who uses it is absent will be TERMINATED ."

Re:I don't see that they do, no... (1)

jon787 (512497) | about 9 years ago | (#13959070)

A good IT admin knows that without some physical security most computer security is a joke.

What good is a case lock if the attacker has 5 uninterrupted hours alone with a computer? What good is the BIOS password if they can reset the BIOS? And so on...

Re:I don't see that they do, no... (1)

coolgeek (140561) | about 9 years ago | (#13959106)

Yeah, and nobody will ever see any sensitive information on your screen either. Here's a tip, try actually doing the job before you start critiquing it.

Here is something we need to avoid at all cost: (1)

gd23ka (324741) | about 9 years ago | (#13959203)

Here is something we need to avoid at all costs: Making IT cheap and affordable (so that we get to stay on a little longer). That is plain stupid and I am sure that everybody in the industry sees this just like I do (with the exception of Microsoft of course, that is trying to kill us all by underselling us). You might like to argue that every $$$ your employer spends on IT in general does not go into your salary / your companies consulting fees. Let me tell you it wanders into your pocket, albeit indirectly: You will find it much easier to argue a $150/hour if the other expenses for equipment went into the hundred thousands than to argue a $50/hour for a machine that cost $10,000. Same thing goes for salaries. So... do us and everybody a favor and not "fuck up the prices, willya!!"

In a hallway (2, Interesting)

Rick Zeman (15628) | about 9 years ago | (#13959007)

Where I am now til the buildout was finished for our offices (cubes in a lockable room), my desk was at the end of a hallway in a little nook area across from the CFO's office. I got really sick of being mistaken for his secretary, and I had to have my workstation lock after a minute of idle time because it was so public. Blech.
So, poster, it could ALWAYS be worse.

Re:In a hallway (5, Funny)

Anonymous Coward | about 9 years ago | (#13959096)

The fun solution to that problem is to act like his secretary but follow through with 0 of the requests. Give this to him? Oh sure. Is he in his office? No, he's out for the day. His car is being towed? Ok, I'm calling him now. *smirk*

If anyone complains, blame it on their incompetence.

Just behave well (3, Insightful)

Vlijmen Fileer (120268) | about 9 years ago | (#13959008)

If you behave well, i.e. no sensitive information on your workstation (it shouldn't be there), and lock or turn off your workstation, the danger is a large as having any active network port accesible.

Breakins.. (1)

boaworm (180781) | about 9 years ago | (#13959009)

If some manages to break into your desktop office, they most likey can break into your server room as well. If thieves are looking to steal the information (and not just the hardware) they'd go for the server room directly. A common thief would probably steal some desktops and run.

Logging out of your servers before closing down at night would suffice i'd say. Or use a solution such as the Sunray, just unplug your card and you're home free :-)

Dont get me wrong, cubes are crap for a thousand reasons, but I dont think it's more of a security risk than sitting in your own room.

Re:Breakins.. (2, Interesting)

smchris (464899) | about 9 years ago | (#13959108)

But now they really can't paste the company passwords on their monitors.

[Unfortunately, not entirely a joke. It seemed to have poisoned our department relations with IT when I once visited the server room and I questioned why our server and Oracle database passwords were sitting next to our server.]

I guess I'm naive too. I don't see where this should be so difficult with server room security, desk locks and some hardware security: hardware lock-down, no cd boot, BIOS password. If the janitor is going to remove your hard drive or jimmy your desk lock, you probably do need a better overall corporate security plan.

Re:Breakins.. (1)

Daniel_Staal (609844) | about 9 years ago | (#13959113)

Don't think 'thieves'. Think 'other employees'.

As for the original question: I'm not sure. It would depend on the environment.

Give me a break (2, Interesting)

phpm0nkey (768038) | about 9 years ago | (#13959011)

This sounds like a flimsy excuse to ask for a private office. If your network administrator needs to work in a locked room all day, your network is not secure enough!

Passwords should not be found on post-it notes stuck to your monitor, nor should they be saved on your computer, anywhere. Don't keep them in text files, emails, IM history, cookies, etc. Passwords should be memorized or written down in your wallet, or better yet, your company should implement a security token system and do away with static passwords. Any sensitive data which has to be stored should be encrypted. Any workstations or servers at your desk should be locked when you walk away.

Shoulder-surfing for passwords is extremely hard. Try it sometime: at 80 WPM or more, it's virtually impossible to follow and remember every keystroke, especially while trying to be inconspicuous. As for keyloggers, server theft and more serious security breaches, these should be dealt with proactively at a lower level. Screen potential employees carefully, and keep security cameras rolling throughout the office to discourage suspicious behavior.

Great idea! (0)

Anonymous Coward | about 9 years ago | (#13959121)

Passwords should be memorized or written down in your wallet, or better yet, your company should implement a security token system and do away with static passwords

And what happens when the admin dies in a car accident? Shit, now we no longer have access to the network because some smart ass memorized his password rather than documenting it in a secure location.

Re:Great idea! (1)

bleak sky (144328) | about 9 years ago | (#13959169)

And what happens when the admin dies in a car accident? Shit, now we no longer have access to the network because some smart ass memorized his password rather than documenting it in a secure location.

If one admin has the only superuser password, then you have another problem entirely. There should be an emergency administrator account, whose password is stored somewhere physically secure (or known by several administrators). Logins with this account should be logged as suspicious, as it should only be used in a situation where the regular admin (who most certainly should not have written his password down) forgets it or is unavailable.

Besides, you have physical access. I assure you it's not difficult to reset a password if you have physical access to the machine.

Re:Give me a break (1)

thsths (31372) | about 9 years ago | (#13959168)

> Shoulder-surfing for passwords is extremely hard.

Where did you get that from? Reading the keys is nearly trivial (unless there are more than 8), no matter what the speed. That is just the way the brain works. Getting the order right is difficult, but you can use brute force for that. Gone is your security.

So you should say: "Sure I can move to the cubicle, but we need to implement two factor authentication then, because I can obviously not rely on factor of location any more. That will cost x000 bucks and take two man-month." :-)

Thomas

Re:Give me a break (1)

bluephone (200451) | about 9 years ago | (#13959174)

"Shoulder-surfing for passwords is extremely hard. Try it sometime: at 80 WPM or more, it's virtually impossible to follow and remember every keystroke, especially while trying to be inconspicuous."

Not if you're good at it.

Clean desk (1)

myc_lykaon (645662) | about 9 years ago | (#13959012)

Get your company to institute a clean desk policy. If it isn't locked away at night it goes in the shredder. Nothing for a thief to grab when you are away from your desk.

Probably not what you wanted to hear, but if your desk/room is a security risk when the door is unlocked then I suggest you are relying on the wrong kind of physical security.

Defenestration (0)

Anonymous Coward | about 9 years ago | (#13959017)

Have you tried defenestration of senior management?

Sounds pretty standard (5, Informative)

Clubber Lang (219001) | about 9 years ago | (#13959018)

Seriously, boo hoo. I don't mean to be a jerk, but BFD. Virtually every cubicle I've ever seen has drawers and cabinets that lock, and if you're a network admin you probably have a laptop anyways right? If you read your disaster recovery or even security plan (if you've got one) you'll probably find that all staff who have laptops are supposed to bring them home.

Could someone look over your shoulder? I guess... but there are people out there (like say, me, or employees at any other benefits outsourcing company) that have access to literally thousands or even millions of people's date of birth, SSN, etc etc. We get along just fine, so will you.

I mean, sucks you lost your office... I remember mine, it was nice.

Locked Drawers (1)

TubeSteak (669689) | about 9 years ago | (#13959177)

Not to make you sound stupid, but those locks on most file cabinets, desk drawers etc are complete and utter shit.

They use disk tumblers instead of pins like the lock in your house and can be consistently opened with a bent piece of stiff wire.

Do NOT think that those locks are security in anything but name. They exist solely to satisfy insurance companies that you "lock" things up.

Re:Sounds pretty standard (0)

Anonymous Coward | about 9 years ago | (#13959188)

Could someone look over your shoulder? I guess...

That's actually something that's covered by the Data Protection Act over here in the UK. Personal information is quite well-protected here, organisations are obligated to protect the privacy of the people whose information they keep.

Perfect time to get a... (0)

Anonymous Coward | about 9 years ago | (#13959022)

SHOWER CURTAIN!!!1

Where I work we have the same situation (4, Insightful)

onyxruby (118189) | about 9 years ago | (#13959023)

Where I work we have the same situation. However all of IT (security, network and so on) is in the same office area. In order to secure the area they just put up a wall and secure card access. That way the only people in there are the IT people. If you can't trust your IT staff, than they don't have any business being your IT staff. That way the risk is still there, but you don't have anyone other than IT in the area to begin with.

Re:Where I work we have the same situation (1)

newandyh-r (724533) | about 9 years ago | (#13959088)

"That way the only people in there are the IT people." ... and the cleaners (on minimum wage and unlikely to have been seriously security checked, probably) and the security staff (almost as badly paid and not necessarily better checked).

Re:Where I work we have the same situation (1)

BrK (39585) | about 9 years ago | (#13959132)

These same cleaners and rent-a-cops would also have access to offices as well. So this is a strawman argument.

Re:Where I work we have the same situation (1)

CosmeticLobotamy (155360) | about 9 years ago | (#13959222)

These same cleaners and rent-a-cops would also have access to offices as well. So this is a strawman argument.

No. A straw man requires setting up an artificial, easily defeated opponent, then defeating him. "Our opposition hates copyright law, but it's important for innovation," being the most common around here. His was just not a very effective argument.

Re:Where I work we have the same situation (0)

Anonymous Coward | about 9 years ago | (#13959141)

Depends on the company. I have a choice. I can lock everything down and put everything in lockers and let the cleaning crew in, or I can simply clean up after myself. I've tried the former, and sometimes choose it, but the latter is easier.

Re:Where I work we have the same situation (2, Interesting)

dknj (441802) | about 9 years ago | (#13959148)

at my last job any IT staff personel could walk up to anyone's computer and reboot it at their will (and expect a serious flogging the following day). i made my staff lock their machines at any time they were absent from their desk, even if they step out for a second. to make things more interesting, i told my staff that if they saw an unlocked computer they had free reign on it (as long as it didn't affect our production network or systems). this gave my staff an understanding of real security in our field (we also allowed our employees to hack each other if they didn't patch their systems). in the end, our system was secure for the most part (my boss made us do some dumb things like assign every device a public ip address (including our avaya phone system) and enable remote desktop to every windows machine.. needless to say they were hit pretty hard with a wave of compromised machines right as i left) and no one complained about working in a "war room"

Re:Where I work we have the same situation (0)

Anonymous Coward | about 9 years ago | (#13959207)

In order to secure the area they just put up a wall and secure card access. That way the only people in there are the IT people.

This is type of security is a bit brittle. Once that one area has been compromised then all IT functions are potentially compromised.

If there are different departments (network, server, client) I would split up access into those groups. This way if one area is compromised then the others are less likely to be.

The Club® For Computers (0)

Anonymous Coward | about 9 years ago | (#13959024)

You might also try The Club® for IT employees with excessive egos. It worked for me (on mine).

post its (1)

cwebb1977 (650175) | about 9 years ago | (#13959025)

Should be fine as long as they remove all postits containing passwords.

I have a sign (1)

WormholeFiend (674934) | about 9 years ago | (#13959028)

on my cubicle that says "Anyone found breaching my privacy will be prosecuted AND/OR sued under the Privacy Act [justice.gc.ca] "

Sounds like working with you would be big fun (0)

Anonymous Coward | about 9 years ago | (#13959060)

lighten up, dwight

Re:Sounds like working with you would be big fun (0)

Anonymous Coward | about 9 years ago | (#13959162)

That guy is a Typical Self-Important IT Nerd. Anyone who has worked in "the biz" has seen these guys waddle through the office with that peculiar air of importance because HE knows how to configure Apache. This whole Ask Slashdot is nothing but the same effect -- "How can they treat me this way? Don't they know that I own the world with my vast knowledge of all things technological? Some day, I'll show them all!" I used to feel the same way -- then I turned 18.

The guys who hang on to such a mentality well into their 20s and 30s are a big part of the reason I left the industry. Although the days of the old-school shy nerd with the pocket protector and hilariously short pants have faded, the "neo-nerd" is even less desirable to deal with.

I've never felt I needed an office... (1)

Malor (3658) | about 9 years ago | (#13959030)

As long as I have a secure place to lock assets, I don't much care if I'm on a cardboard box in the middle of an amphitheater. It doesn't really matter if people can see over my shoulder, and I doubt most folks would care enough to bother. Watching scripts run isn't terribly entertaining. :)

Sure, an office would be nice, but given a lockable closet or something, there's no real need for one.

Screen lock & locked cabinets (2, Informative)

ThaFooz (900535) | about 9 years ago | (#13959035)

That's all it takes to secure it, provided your building is reasonably secure... as I would *hope* that anything that required locks and not just passwords would be in a secure data center elsewhere. I guess you could request a safe or something if cabinents were insufficent.

It seems like the larger issue is being evicted for the "Service Department". They're the ones that should be in cubes, but that's another story.

Easy solution (0)

Anonymous Coward | about 9 years ago | (#13959039)

Keep all your paperwork in ROT13.

I do (2, Informative)

presidentbeef (779674) | about 9 years ago | (#13959045)

I happen to be a network admin who sits out in the open.
It's not that big of a deal, but I guess I don't sit there looking at confidential passwords all day long!

I do, however, always lock my computer when I get up (xscreensaver...ctrlaltdel). That seems sufficient to me.
Oh! And I don't leave sensitive information sitting out on my desk, either.

Who watches the watchmen? (4, Funny)

Aim Here (765712) | about 9 years ago | (#13959068)

"sensitive network information."

Uhuh. Would this sensitive network information be the log of all those websites you network admins visited last month, and that copy of Quake 4 you installed on the Company Mail Server?

Just because you guys are the only ones who have access to the firewall logs doesn't mean we don't know what you get up to.

Re:Who watches the watchmen? (0)

Anonymous Coward | about 9 years ago | (#13959128)

Just because you guys are the only ones who have access to the firewall logs doesn't mean we don't know what you get up to.

Where I work we have someone called an Inspector General that watches the watchers. We watch them, they watch us.. everyone is sufficiently paranoid to not do anything unless it's over SSH.

Money talks (5, Insightful)

Thu25245 (801369) | about 9 years ago | (#13959076)

Draw up a budget proposal for whatever locking file cabinets, secure equipment cabinets, Kensington locks (better than nothing...) and desktop security software that you'll need to ensure the security and functionality of your information systems. Keep in mind that this includes not only malicious snoopers but also cleaning staff that snag cables with their vacuum cleaners, and take whatever precautions are necessary.

Be thorough, but don't make stuff up. Don't make it a turf war, just make it clear that you're working to protect the systems that you're responsible.

Come up with this proposal, and an estimate of the costs, and request that Accounting begin soliciting bids from vendors. And then lightly suggest that this would not be necessary if you could have good locking offices.

Keep in mind, though, that private offices are only effective if they are truly private. If they're not always proerly locked, or if too many people have the keys, then you'll be the worst kind of office hypocrite.

Re:Money talks (2, Funny)

Gyorg_Lavode (520114) | about 9 years ago | (#13959187)

you have obviously not worked with a defense contractor:

First you ask for a signifigant budget to conduct the analysis, THEN you spend that budget to come up with a second budget for what actually needs to be done.

Why? (0)

Anonymous Coward | about 9 years ago | (#13959078)

This is, to them, an obvious breach in security and privacy for what may be sensitive network information

Most hardcopy information can be locked up in a file cabinet. Critical electronic information should be on a machine locked in the server room, not on a local PC.

Most places I have worked _everyone_ who was not a manager or above was in a cube. Get used to it.

Disclaimer: I do not work in IT.

(didn't Stephen King write a book about that department;-)

Re:Why? (0)

Anonymous Coward | about 9 years ago | (#13959197)

Disclaimer: I do not work in IT.

Then you obviously have no idea what it costs for the IT Staff to cleanup any confidential papers off their desk, lock them up, service the current interruption, come back, unlock papers, spread them out again, then repeat many times daily.

No sympathy here (4, Interesting)

Sycraft-fu (314770) | about 9 years ago | (#13959082)

All our IT group works in one room. Out front there's desks for our students to filter incomming people and deal with low level requests. There's also a big workbench down one side for systems we are fiddling with. Then in the back there's two cube partitions that hold the 4 staff. Two desks per partition, facing each other.

Know what? I actually like it. We have almost no staff meetings and part of the reason is we are all there and can talk to each other as needed. In fact usually we work with at least one headphone off so we can hear what's going on and stay informed. If someone is doing something that needs a lot of concentration, headphones go on and they get left alone.

It works really well, and means there's one central location people go to for computer support.

As for privacy, from what? Anything remotely private isn't in my desk, it's on my computer. Well, we all have root so we can all get in to each other's shit if we want. The room itself locks to keep others out at night, of course, but as for my coworkers, well if I can't trust them to not mess with my stuff, they probably shouldn't be employed anyhow. Any of us could, if we wanted, wreak massive havok having the root password to all servers, the enable password to all switches, etc.

Sounds like just so much whining to me.

Update Your Resume (1)

John Hasler (414242) | about 9 years ago | (#13959091)

> If so, what specific information was best suited to rectify these
> security concerns?

The first step is to update your resume.

Couple of solutions... (4, Interesting)

Noryungi (70322) | about 9 years ago | (#13959092)

First of all, a simple question: are your servers still under lock and key?

Whether or not this is correct, you should organize a demonstration of how easy it is to:

  • Get into a cubicle.
  • Shut down a machine, crack open the case and steal a hard disk full of sensitive data. List of users, passwords, IP addresses, internal LAN architecture, sales and partnership data available on the Intranet are all good candidates.
  • Another nice demonstration would include booting a sensitive machine on a Live CD such as Knoppix and downloading the data I just mentioned onto a USB key. Pocket the USB key, remove the Knoppix CD and voila! Sensitive data is now stolen, thief can exit the building without drawing too much attention and nobody in the company can even suspect the theft happened.


Of course, invite everyone who is someone in the company to this demo, including people like the CEO and CFO. In short, people who care about data security.

And whatever you do, keep a paper trail, by sending emails to the power-that-be, keeping a paper copy, and be as courteous and professional as can be, while being firm that this situation is unnaceptable. Please remember that these are probably not technical people. But they will understand that some data should stay inside...

Just my 0.02 US$ here of course, IANAL, but I am a sysadmin.

Uncover a security hole, go to jail... (1)

wintermute42 (710554) | about 9 years ago | (#13959156)

Given recent history and experiences posted on Slashdot, it appears that actual physical demonstrations of security holes may open you up to getting fired and even charged with a crime. There have been a number of well meaning admin types who have demonstrated security problems only to find themselves in trouble. Among other things, an active demonstration might embarass The Powers That Be. If you write a memo describing the problem The Powers That Be can either address the issue behind the scenes or just ignore the memo. On your end, you can look for another job if you feel that the environment is one that you're uncomfortable with.

Just for the record... In the case of my employer, computer security is very strong, so I'm not writing from personal experience.

Re:Couple of solutions... (0)

Anonymous Coward | about 9 years ago | (#13959229)

I think you just invented another classic /.-ism: IANALBIAASA

Huh? (0)

Anonymous Coward | about 9 years ago | (#13959094)

Oh no - the company might be able to steal THEIR OWN SECRETS!

Why is this an issue at all? I'm confused. You're already working for the company, any information you have access to is owned by them anyway.

Are you really worried that your company might be stealing trade secrets from themselves?

Quit griping. (0)

Anonymous Coward | about 9 years ago | (#13959105)

You went from an office to a cube... bummer.

I went from a cube to an area as small as an elementary school kid's desk. Not kidding. I can hold hands with the guys that sit next to me.

We got removed from our rather spacious room to make room for... NOTHING! It's empty, was empty when we moved in, and it's empty now. 75% of the building is empty actually.

Two guys got let go... that freed up 2 cubes. We tossed 6 desks in there and called it good. We each have a desk. No storage for books, no cabinets, just a DESK.

Quit griping.

it was like this at dell (1)

ruiner5000 (241452) | about 9 years ago | (#13959107)

when I worked in IT in 99. cubes are way cheaper than offices, said el cheapo uno.

Other POV (1)

ficken (807392) | about 9 years ago | (#13959124)

I have been working at my current employment for a couple of years now. They actually take pretty good precautions about the IT department and keeping 'them separated from the rest of the pack'. However, they leave the business department in the open. The same business department that regularly accesses credit card numbers and social security numbers in front of the general public. I really do not access that much sensitive data on a daiy basis and neither do my coworkers. I think IT seclusion is important, but so is seclusion of other departments.

Locked cabinets, private data on secured servers.. (1)

usrerco (576913) | about 9 years ago | (#13959129)

I'd make a requisition for some locked cabinets, and keep all sensitive data organized in books (passwords, etc) and keep them in there. Put all secure items in there and lockdown at night. For sensitive data, keep that off your now vulnerable workstations, and on a secure server in a locked machine room. Or put the workstations in the machine room, and either make some long cables, or if the runs are really long, some extenders that can run the keyboard/mouse/vga digitally through either catV or fiber.

If transitioning from a previously secure office arrangement, seems the main issue is a matter of changing old habits, so as not to leave secure stuff on your desk. Mentally flag all secure items you deal with on a daily basis, and make a secure environment for them. Passwords on Post-its? Put the passwords instead in a book, and secure it in the locked case or machine room. Backup tapes, software CDs and dongles? Same thing. If storage space is at a minimum, often the locked down machine room is overlooked for such purposes.

Boo hoo! (2, Funny)

sulli (195030) | about 9 years ago | (#13959133)

Andy Grove had a cube too. Quit yer bitching.

Who cares? (0)

Anonymous Coward | about 9 years ago | (#13959134)

This is just another one of those questions that doesn't solve anything. It's just a forum to vent your frustrations of working for a crappy company. It's annoying and has become the way of things for Slashdot as of late. What happened to reporting technology news? THIS IS NOT NEWS. This is someone's personal problem that I really couldn't care any less about and it's wasting valuable real estate. Get over it, find a new job if it bothers you that much, and leave me out of it.

Too Late (3, Funny)

biglig2 (89374) | about 9 years ago | (#13959143)

This is a political argument, and you already lost. Ho hum.

I have no such problem, since, as sysadmin, I am the only person in our office who can work Visio, and consequently I am the person who draws all the floor plans when we rearrange the office.

Some suggestions... (4, Funny)

Slashdoc Beta (925619) | about 9 years ago | (#13959157)

1. Don't write down passwords.
2. Lock up sensetive information.
3. Have a wild cougar patrol the datacenter at night.

not the only ones with sensitive info on screen (1)

icepick72 (834363) | about 9 years ago | (#13959184)

This is, to them, an obvious breach in security and privacy for what may be sensitive network information.

Um, log off or lock your workstation.

The move has placed the IT staff in cubicles that all face inward

If you need to, turn your desk so your monitor is not visible to people peering through your doorway. As for the others standing on chairs to see over the cubicle to view your screen, well ... let's just say they are noticeable. :)

I say go ahead and tear down the special aura that has classically surrounded network admins. Secretive, not fully understood, a human black box ... much like the Google entity of today. Timse have changed. Coming out to be part of the work community has benefits -- don't just look at the bad side and be scared of it. Can anybody tell me why network admins stereotypically want to be treated specially? I mean everybody wants to be special, but you know what I mean about network admins. If anybody replies and says "No, I don't, give me a example", I will assume you are a network admin and cannot see the forest for the trees so likely I won't respond. ;)

No Privacy Required (2, Insightful)

JamesAndrews (889797) | about 9 years ago | (#13959191)

I'm a Network Administrator for a very large corporation and I found myself in the very same situation.

I had my own private office, however a request was made by Human Resources for the construction of new offices for their own use. Rather than the $10,000 price tag, I _requested_ that I transfer out to the cubicles on our main floor. Basically, it was a decision I made for the benefit of the company.

I find that no one really _needs_ private offices, unless they participate in confidential conversations. HR, for example. But really, couldn't offices or boardrooms be booked for those type of activities?

Once I was out on the floor, it was very simple to establish security. My main system was placed in a physically secured location (data centre) and I remotely accessed the PC via secure connection.

You have to understand that nothing is really secure. I ran it like a bank - it could be hacked, but I wanted to catch the person afterwords. Everything on the remote PC and local PC was logged and I also trained security cameras (inexpensive purchase for a 2 week DVR) on their locations.

Also, you can install privacy screens on the front of your monitor so that only the person sitting directly in front of it can see the desktop. They also help with glare.

I find it much more enjoyable with the rest of the team now. Having a private office can be rather lonely for managers sometimes.

require privacy and quiet for deep thought (0)

Anonymous Coward | about 9 years ago | (#13959196)

Network admin'ning is almost like mathematical work, or theoretical physics .... and the job REQUIRES calm quiet space in which to think through problems without distractions.

Cubicles are at some level designed to be an environment in which distractions are forced to always occur -- people seeing other people and communicating business information to each other hive-mind style.

It is sadistic to force the person whose job requires deep thought to be continuously exposed to architecturally-built-in distractions.

A few observations from experience... (0)

Anonymous Coward | about 9 years ago | (#13959200)

From a management point of view, this is not a 'serious breach of security'. If you're talking about a few network administrators and not an entire IT department, then security should not be an issue if proper precautions are taken as mentioned here in other posts...passwords (changed regularly), lock pc when you leave, locked cabinets, etc. There is no reason why a network admin would require a locked office. Now if we were talking about an entire IT department, there are hardware components and pc equipment that do need to be locked up, in which case it would be sufficient to have a locked room for the entire department. If at one time your network admins had a locked room, that was a luxury, not a necessity.
The reasons for the move could be cost cutting, but it could also be more complicated than that. I used to manage a call center that handled accounts for several different outside companies. The support that was provided for these different companies were totally unrelated. Eventually they acquired a contract with a health insurance provider. The laws surrounding this type of support are very strict. The areas that support this type of account must be secure and separate from the rest of the call center, and ANY personnel who have access to these areas must take a basic course on Personal Information Security and the laws that are applicable. There were managers who lost their offices and 'secure' areas, because this new account needed the additional privacy more than they did.
Point is, you never know what the reasons are for a move like this, but they are usually sound decisions based on business needs.
 

Yes, me too! (1)

ErixTr (601648) | about 9 years ago | (#13959210)

In my parents basement there is no lock at all. My servers and boxen are unlocked. This is the fate of us, the network administrators.

healthcare facilities (1)

papastout (774254) | about 9 years ago | (#13959211)

If (like me) you work in a hospital or healthcare clinic you had better get your stuff locked down, before the feds find out! HIPAA law became part of all heathcare IT workers standing policy which REQUIRES access controls and restrictions to equipment and records.

...so I put a lock on the server closet, locked and documented it. Got me a raise (-:

Point: there really could be some legal workplace precedent you could argue with, but if you have no clout beyond getting your "Q:" posted up on /. then you might as well find some other subversion. 'Cause this ain't gonna get your chair turned around.

Try this:
1. Stand up
2. Pick up chair
3. Turn seat of chair to face vast expansive window which allows you to look upon the masses with contempt (we all know your motivations by now) 4. Sit down in said chair
5. say fifty times "hail tux"

...and, oops! you're fired.

Looks like you're not getting much sympathy (5, Interesting)

Maniacal (12626) | about 9 years ago | (#13959221)

I'll go ahead and give you a little.

I'm a network admin and not only am I part of the small percentage in our company that has an office, I'm part of an even smaller percentage that has a locking door. For me, it might not be completely necessary but it's desired for 3 reasons:

1) Work space - At any one time I might be working on 2 or 3 laptops and desktops while loading a server or configuring a router, etc. I need the space to set it all up. I have a counter top that runs along 2.5 walls of my office and a long table on the blank wall and it's all often occupied. My office doubles as my shop/lab.

2) Security - I have stacks of laptops, hard drives, routers, switches, etc. stored in my office and with our growth, more coming in every day. It's not that someone couldn't steal this stuff from elsewhere in our facilies, it's just that it's much easier to get to in my office. No unplugging, unbolting, etc. Just grab a stack of laptops and go. I've seen cabinets mentioned in other posts but I have too much stuff going on and if I was in one of our cubes I'd be lucky to fit 1 cabinet.

3) Peace and quiet - Between the useless chatter, relentless phone calls, streaming music and other noises, I can hardly hear myself think out there (cube world). Not to mention the drive through questions. Everybody and their little brother feels the need to stop by my office and ask a question on their way by. I don't mind it all the time. In fact I'm quite sociable, open and helpful but when I'm troubleshooting a tough problem or working on a project I just don't like to be disturbed. I generally deal with user issues in the morning and work on projects in the afternoon and evening. After lunch, when I close my door, everyone knows not to come knockin unless their problem is preventing them from completing their work.

That's my 47 cents.

Locking drawers. (1)

supabeast! (84658) | about 9 years ago | (#13959223)

I've rarely seen cube farms without locking drawers that can be used for storing anything sensitive. When I was doing admin work I usually had corporate officers lock all that stuff up in an eight-hour fire safe, because I knew that just locking it up in my office wasn't enough to stop a determined theif, fire, flood, etc..

OH MY GOD, SOMEONE LIFTED MY ROCK ! (-1, Troll)

Llamakiller-4 (267848) | about 9 years ago | (#13959224)

Arrgh! Someone lifted the rock I was hiding under!
Oh No, me and my IT brethren are exposed to the light!!
What will we do? Woe is me, we live in cubicles now.
Geezus, install cameras, lasers, death rays, etc. if you're that paranoid.
I can think of twenty ways to lock the computer down 100% without bothering "/."

In fact the last several stories I saw about IT security had to do with corrupt IT employees, not users.

Go ask a "hardware guy" for some ideas then.

sheesh
LK4
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?