It is not enough to obey him...
November 14, 2005 10:37 AM   Subscribe

SysAdmin Filter: How much do system administrators REALLY know?

I think everyone has heard the ominous warning that their system administrators "see all, hear all and know all"...with regards to their computers, anyways. While I don't doubt that this is true to a certain extent, it would be interesting to know how much they are ACTUALLY aware of. I'm sure it differs from place to place, but what is the norm? Would you expect that most places simply monitor web usage or most go as far as to install keyloggers, etc.? More importantly, do system administrators tend towards monitoring other people's computer uses mainly at the request of upper management or do they do it purely from the goodness of their dark hearts?

Finally, do they have any blind spots? Is there a way to escape Big Brother's gaze?
posted by johnsmith415 to Computers & Internet (23 answers total)
I think it entirely depends on the company in question, the management, and the sysadmin themselves.

I've never dug in someone else's email unless asked to do so by upper management (proceedings leading up to a dismissal). I'm too busy dealing with normal sysadmin tasks to do BOFH-ish things like install keyloggers, and that assumes that I've got the desire to do so in the first place.

Personally, I'm here to keep the systems running, not to spy on what everyone is doing. I have a tip, though - if you're worried about someone "spying" on you at work, you're probably doing something you shouldn't be.
posted by mrbill at 10:42 AM on November 14, 2005

I never read people's email or watched their network traffic. Sysadmins generally do have ethics, but keep in mind that admins can, if they're competent enough, watch absolutely everything you do on a network.
posted by cmonkey at 10:47 AM on November 14, 2005

*I have a tip, though - if you're worried about someone "spying" on you at work, you're probably doing something you shouldn't be.*

I hate this so much. Really, you do not know how much I hate this attitude.

To answer the question: the sysadmin *has access* to "everything", but my experience indicates that very few are even interested in anything other than keeping systems running smoothly. I'd put your chances of getting spied on by a sysadmin somewhere around your chances of getting beaten up by a cop; it happens, some demographics are affected more than others, but you'll probably be fine.
posted by Eamon at 10:48 AM on November 14, 2005

I have known admins that enjoy the darker side of monitoring. They get a kick out of letting you know they're in power. I usually either leave these places quickly, or am asked to replace them.
I subscribe more to the "my users are adults" and will get work done before playing. I've had the pleasure of mostly working for smaller companies that can afford to be a little more lax on the paranoia.

But a good admin can see what you're doing through various software and monitoring means. If you're trying to get away with something, don't. If you're trying to figure out your companies policies, ask. If you feel it's somehow restrictive of your lifestyle, remember, they're paying you to work, not to test the security limits (unless you are actually a security admin).
posted by fnord at 10:51 AM on November 14, 2005

And here I thought this would be about how much technical knowledge sysadmins have.

Sysadmins may not record everything, but they could, and maybe they are. They pwn your box, and you can keep no secrets from them about that box and what you use it for, if they don't want you to.

Most places don't keylog (but, again, they could.) More places monitor Internet traffic. Most sysadmins don't have any personal interest in spying on their users. Thing is, we or you can only guess what your employer's syadmins do, so if you're worried about something, don't do it.

But if your employer's DHCP server will give an IP address to just anyone, you'd be pretty safe plugging a laptop into one of their jacks, and ssh-tunneling all your traffic to a remote box acting as a proxy server for everything you really want -- they could tell that you had a connection to the remote server for X time and transferred Y megabytes, but they couldn't tell anything about the content or what sites you were really connecting to through it. But if it's a lot of traffic all day long, they could conclude there wasn't much time left over for you to be doing your work.
posted by Zed_Lopez at 11:02 AM on November 14, 2005

An intelligent admin won't look at anything that might be confidential without a specific request from management.

They have the ability to record everything that happens on the network (computer or phone), but it puts them in a horrendous legal position if they run into any sort of impropriety.
posted by I Love Tacos at 11:08 AM on November 14, 2005

It really is up to them. It can go from them sitting there looking at what you are viewing on your monitor in real time to occasionally poking around to see why so much bandwidth is getting soaked up by your workstation.

Just hope you don't have a BOFH [warning, extreme geek humor]

The only way you can be sure they are not looking over your shoulder is to become your own sysadmin: order your own computer, unpack it yourself, do a clean install of the OS, set a secure admin password AND the BIOS password, only make encrypted connections. Obviously this is only possible under certain circumstances.

Much easier is to buy the IT staff donuts every couple of months and don't worry about it.

On preview: jeez guys, do you have a macro for this type of question or what? There were no comments when I started writing this.
posted by Mr T at 11:15 AM on November 14, 2005

When I was a sysadmin, I found that my innate code of ethics matched pretty closely with those of SAGE. I was on occasion asked to investigate someone's activity, and would only do so with written request from HR and with an HR person in attendance.

As others have said, I was way too busy keeping things running smoothly and planning for the next major change initiated by clueless management to worry about what web sites you're visiting or who you're sending email to.
posted by 5MeoCMP at 11:16 AM on November 14, 2005

I hate this so much. Really, you do not know how much I hate this attitude.

Why? Internet access at work is a convenience or tool to help you get things done, not a God-given right so you can day trade or read MeFi... (oh, wait...) 8-)

If your employer is generous enough to let you do general web browsing if it doesn't get in the way of your job, don't do anything you wouldn't want them knowing about.
posted by mrbill at 11:32 AM on November 14, 2005

Because I believe that people have a fundamental right to privacy. As long as employees are doing their jobs and their actions don't put their employers at risk, it's nobody's business what they're doing. If a worker's MeFi reading or day trading is interfering with his or her job, there are better ways to address that than having the sysadmin snoop.

This is coming from somebody who's in charge of both a small network and small team of undergrad employees.
posted by Eamon at 11:51 AM on November 14, 2005

I've never been a professional sysadmin, only an amateur one, so take this with a grain of salt.

But it seems it would also depend on the size of the company. I used to work in a company of 70,000, and although the sysadmins had the tools to monitor your every move (assuming you didn't encrypt), the reality is that they could not do this for 70,000 employees, even if they wanted to.

From the stats I found, for instance, there were millions of hits on the web proxy server a day. From the admins I talked to, they almost completely ignored those hits unless asked to monitor by management. That is, they did not grep log files for workstations spending their day on and report that to bosses. Rather, they looked at log files when someone's boss came to them and said "employee X is bad, help us document it."

But, I have also heard of the occasional BOFH who wanted to know the dirty secrets of every person he had contact with as an admin, and used his root access accordingly.
posted by teece at 11:56 AM on November 14, 2005

Believe me, sysadmins have much better things to do with their time than spy on you. Workplace policies regarding "we can spy on you at any time" are purely there as a CYA, so that management can invoke them when there's a need.

That said, don't be doing anything that would give management a reason to ask the sysadmin to start.
posted by mkultra at 12:06 PM on November 14, 2005

What teece said - sysadmins usually won't go snooping or log-watching unless asked to by management.
posted by mrbill at 12:41 PM on November 14, 2005

In my experience most Unix sysadmins are pretty good people, and usually don't have enough time to go through all your crap.

Microsoft sysadmins tend to have severe inferiority issues regarding their MCSE, and thereby may force you not to install the Google deskbar or something, and will probably read your email to the boss.

A Unix BOFH will read your email, but will just make fun of you.

To review, a UNix sysadmin is probably your friend, and while she may read your email, will not be an idiot about it.

Microsoft d00d, however, is not your friend. The will root your box, read your mail, and will try to make you feel stupid at every opportunity. They tend to love to talk about "the registry." Trust them not.
posted by The Jesse Helms at 12:58 PM on November 14, 2005

We know as much as we want to know. Eg; If you send 250MB of holiday snaps to 100 of your closest friends and it grinds the email server to a halt, we won't have any problem walking into your account and fixing things. We may or may not see or care about other "personal" items.

Frankly, most of us would never want to "spy" on staff. However, if a sysadmin did want to spy on staff because, say, they were a *freak*, most companies do not have sufficient controls in place to protect staff privacy.
posted by krisjohn at 3:02 PM on November 14, 2005

The email admin can read your mail. The sysadmin can read your network files. On a Microsoft Windows network, the sysadmin can connect to your machine and read any and all files, without leaving her desk. That includes cookies and cache files, which reveal your surfing. At my previous job, someone was posting confidential information to a message board. The company began monitoring web traffic. One user had inadvertently shared his hard drive, which had some compromising videos.

If you don't want your employer to know about it, don't do it at work. Keep in mind that your employer owns the webserver, mailserver, fileserver, etc., and your desktop, too. They own your email and your files, and have every right to read, publish, delete, etc. It's more effort, and less common, to sniff personal web-based email, i.e., gmail. Don't keep confidential data on your machine; keep confidential work data on the network. Keep confidential personal data on a USB jumpdrive that you take home. Hacking your pc is easy; the network is generally more secure. Given physical access to your machine, it's short work to get in.
posted by theora55 at 3:27 PM on November 14, 2005

The Jesse, I'm really hoping that post was a joke.
posted by devilsbrigade at 3:32 PM on November 14, 2005

As many others have already pointed out, the likelihood of all activity being tracked is high. Due to the volume of information (and depending on the size of the infrastructure) it is very unlikely that anyone is paying attention to you unless you're doing something that alerts them, or they have been specifically asked by a manager.

This is not about ethics (although, it can play a part) it is simply about time, reason, and there is more interesting job duties than checking-up on what other people browse, store in network folders etc.

It also depends on the sensitivity of what you're working with. Highly sensitive areas will most likely be monitored closely whereas more routine, less sensitive areas will not.

In my own experience, the only time that I would normally drill down into an individual's computer use is at the request of a manager and/or the police. Even in the event of a major IT issue, I will ask my manager to get the requisite permissions from the specific person's management prior to investigating further.
posted by purephase at 6:08 PM on November 14, 2005

What most other people said, except that sometimes automated software will happen upon things as well and bring them to the attention of an admin. At my current job, I don't administer an intrusion detection / prevention system, but in my last job I frequently saw pieces of emails and other data that triggered a false alarm. You have to look at the contents to decide if the traffic is valid or malicious. Similar things happen with spam filters.
posted by tkolstee at 7:08 PM on November 14, 2005

Thanks all. Some very interesting answers, but mostly what I expected - ie. they can do whatever they want, if they were so inclined, but generally don't have the time or energy to snoop without a reason.

And I'm definitely taking Mr. T's advice and buying my system administrators some donuts...that oughta buy me some slack. Not that I need it...just saying.
posted by johnsmith415 at 8:05 PM on November 14, 2005

As a sysadmin, I was asked often to go into people's mailboxes by management to "look for anything, you know, interesting." My first reaction was to refuse and lecture them about professional ethics, but I responded with something more civil: "I need you to give me a request in writing, so I can assign it to the timesheets you guys keep asking me to fill out. I also need some phrases or keywords to look for, else it will take me too long." That shut them up.

On the other hand, a sysadmin at one of my old places of work (a university, but I shan't mention which one) not only had a sysadmin who was famous for forwarding student's email to the feds, but also forged "interesting" emails to be used as evidence. I was on the receiving end of his creative skills, and his cordial relations with the police left me without any recourse, so I had to walk away from a decent-paying job.

There's good guys, and there's bad guys. I've always kept my private correspondence on a machine at home, which I ssh tunnel to, but as that bastard at the university proved to me, even privacy doesn't insure safety.
posted by Mozai at 2:35 PM on November 15, 2005

so will deleting your cache and cookies often keep your computer from being monitored accurately or does all that stuff end up on the network?
posted by any major dude at 4:36 PM on November 15, 2005

All that stuff started out on the network before making it to your machine. It would be trivial to log (on a machine you don't have access to) every web page you visited. They could keep a copy of all the pages & cookies themselves, too, if they felt like it. Not to mention that they could be keylogging your every move.

I repeat: you can have no secrets from your sysadmins if they don't want you to.
posted by Zed_Lopez at 12:06 PM on November 17, 2005

« Older Raleigh/Durham/Chapel hill opinions.   |   Have you ever been to Belarus? Newer »
This thread is closed to new comments.