Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Sys-Admins Reading the Bosses Mail? 398

Posted by CmdrTaco from the well-of-course-they-are dept.
PetManimal writes "Computerworld has an article about IT staff who have access to corner-office email. Systems administrators, database administrators, storage administrators and higher level IT super users are the types who may access sensitive executive information; one source quoted in the article says that in a company with 1,500 employees, there might typically be five to 10 administrators who have this access. As for how many abuse these priviledges, it's hard to tell, but rogue admins out for workplace revenge or personal gain can wreak havoc: '... Experts agree that the severity of these occurrences generally makes them more harmful than external attacks. One of the biggest obstacles to eliminating unauthorized access is determining how many people have it. Access lists are particularly difficult to formulate in both mature companies, where the number and power of administrators have expanded over periods of years, and small companies, where rapid growth leads to undocumented tangles of administrators who are able to maintain their access because nobody has time to assess their status.'"
This discussion has been archived. No new comments can be posted.

Sys-Admins Reading the Bosses Mail? More

Sys-Admins Reading the Bosses Mail?

Comments Filter:

  • Secretaries are a bigger issue (Score:5, Informative)

    by Salo2112 ( 628590 ) on Wednesday October 25, 2006 @12:25PM (#16579812)
    Odd people are concerned that IT types *might* be reading email when so many of the C*Os give their secretaries their passwords and other sensitive information. I am convinced that my Big Boss's secretary actually runs the place.

  • Re:And slashdot comments? (Score:2, Informative)

    by Frank T. Lofaro Jr. ( 142215 ) on Wednesday October 25, 2006 @12:54PM (#16580428) Homepage
    They don't even read the title!

    It is grammatically wrong. The apostrophe is missing from "bosses" even though it is being used as a possessive.

  • Another reminder about email insecurity (Score:3, Informative)

    by volsung ( 378 ) <stan@mtrr.org> on Wednesday October 25, 2006 @12:58PM (#16580500)
    The root problem here is that standard email is intrinsically insecure. Most people imagine it as a digital letter, but it is more of a digital postcard. Anyone can read the message contents on any mail server queue it sits in. To solve this problem properly, you really need to start using encrypted email. Then you don't have to worry about the IT people (unless they installed a keyboard sniffer while you were on vacation) reading your mail, or anyone for that matter even if there is a server break in.

  • Re:there is no procedural or techical solution (Score:2, Informative)

    by SirKron ( 112214 ) on Wednesday October 25, 2006 @01:25PM (#16581050)

    On MS Exchange this is easy.

    1. Enable [microsoft.com] mailbox login auditing
    2. Report [microsoft.com] on audit log entries with MOM

    Auditing is only the first step. It does not stop the person from taking a backup copy of the Exchange databases home and export the mail with Quest Recovery Manager for Exchange [quest.com].

    So, even if you lock down your company like a government secure networks it all comes back to trust. They run background checks and grant security clearances for a reason. I have mine.

  • Re:It is all part of the job (Score:3, Informative)

    by 14CharUsername ( 972311 ) on Wednesday October 25, 2006 @01:47PM (#16581438)

    Nope. You just encrypt everything. Everyone gets a USB keychain (or something similar). You keep a backup copy of all the keys on discs which you store in a safe. The admin can still manage stuff, but can't actually read, only the owner of the key can. If a user requires assistance in finding a file in an encrypted filesystem, then the admin might have to use remote desktop (or visit in person) and find the file under the supervision of the user. If a user loses their key, the admin has to go to the vault, sign out the disc with the user's key and decrypt everything and reencrypt with a new key in the presence of his supervisor (and maybe the owner of the key too).

    Yeah its a real pain in the ass to do this, and it will require a lot of extra training for the users, but it is possible.

  • Re:Trained Professionals (Score:4, Informative)

    by rs79 ( 71822 ) <hostmaster@open-rsc.org> on Wednesday October 25, 2006 @02:25PM (#16582144) Homepage
    " willing to live up to that level of professionalism"

    Funny. The day after email was invented the snooping began. I've seen it since the 70s. I knew a sysadmin of a well known california site that read EVERYTHING; absolutely nothing is safe.

    If you don't want somebody else to see it, never type it.

    I use the phone a lot.

  • Re:And slashdot comments? (Score:1, Informative)

    by Anonymous Coward on Thursday October 26, 2006 @02:07AM (#16589758)
    > Yes, the title for an article about an admin reading the e-mail of a single boss would be:
    > English: "Sys-Admins Reading the Boss' Mail?"

    Back to school with you! It would be "Boss's Mail".

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close