Sys-Admins Reading the Bosses Mail? 398
PetManimal writes "Computerworld has an article about IT staff who have access to corner-office email. Systems administrators, database administrators, storage administrators and higher level IT super users are the types who may access sensitive executive information; one source quoted in the article says that in a company with 1,500 employees, there might typically be five to 10 administrators who have this access. As for how many abuse these priviledges, it's hard to tell, but rogue admins out for workplace revenge or personal gain can wreak havoc: '... Experts agree that the severity of these occurrences generally makes them more harmful than external attacks. One of the biggest obstacles to eliminating unauthorized access is determining how many people have it. Access lists are particularly difficult to formulate in both mature companies, where the number and power of administrators have expanded over periods of years, and small companies, where rapid growth leads to undocumented tangles of administrators who are able to maintain their access because nobody has time to assess their status.'"
Secretaries are a bigger issue (Score:5, Informative)
Re:And slashdot comments? (Score:2, Informative)
It is grammatically wrong. The apostrophe is missing from "bosses" even though it is being used as a possessive.
Another reminder about email insecurity (Score:3, Informative)
Re:there is no procedural or techical solution (Score:2, Informative)
On MS Exchange this is easy.
Auditing is only the first step. It does not stop the person from taking a backup copy of the Exchange databases home and export the mail with Quest Recovery Manager for Exchange [quest.com].
So, even if you lock down your company like a government secure networks it all comes back to trust. They run background checks and grant security clearances for a reason. I have mine.
Re:It is all part of the job (Score:3, Informative)
Nope. You just encrypt everything. Everyone gets a USB keychain (or something similar). You keep a backup copy of all the keys on discs which you store in a safe. The admin can still manage stuff, but can't actually read, only the owner of the key can. If a user requires assistance in finding a file in an encrypted filesystem, then the admin might have to use remote desktop (or visit in person) and find the file under the supervision of the user. If a user loses their key, the admin has to go to the vault, sign out the disc with the user's key and decrypt everything and reencrypt with a new key in the presence of his supervisor (and maybe the owner of the key too).
Yeah its a real pain in the ass to do this, and it will require a lot of extra training for the users, but it is possible.
Re:Trained Professionals (Score:4, Informative)
Funny. The day after email was invented the snooping began. I've seen it since the 70s. I knew a sysadmin of a well known california site that read EVERYTHING; absolutely nothing is safe.
If you don't want somebody else to see it, never type it.
I use the phone a lot.
Re:And slashdot comments? (Score:1, Informative)
> English: "Sys-Admins Reading the Boss' Mail?"
Back to school with you! It would be "Boss's Mail".