Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« New Group Policy Categories in Server 2008 | Main | Greg on Vacation June 6th through June 11th. Back Next Tuesday. »

Do Any of You Use your Administrative Rights to Snoop?

I read this article today in InfoWorld magazine and it floored me. So, here's today's question: Have you ever snooped through the company network using an administrative password for purely personal gain?

We all know this happens from time to time, but I wasn't aware how rampant it is!

Security experts have long-suggested that one of the biggest sources of IT threats comes from the very people charged with building and maintaining corporate computing systems, but a new study backed by password management specialists Cyber-Ark Software puts some startling stats behind the concept.

According to a survey the company conducted at last month's Infosecurity Exhibition Europe in London, one in three of the roughly 200 IT employees participating in the study admitted to somehow gaining unauthorized access to company systems for the purpose of reading sensitive materials.

Among the specific items snooped by those responding to the survey were private files including those bearing sensitive wage data, personal e-mails, and HR data.

The favored method of choice for hacking the information? None other than the special administrative passwords that lend IT workers privileged and anonymous access to the systems they work on.

According to Cyber-Ark, one admin taking the survey chortled out loud...

"Why does it surprise you that so many of us snoop around your files, wouldn't you if you had secret access to anything you can get your hands on!"

Um, no. First because it's illegal and could result in an immediate loss of one's job, income and reputation, or some form of legal prosecution , if discovered; secondly, because most people are more interested in their own lives.

In that sense, the study not only backs up the idea that insiders do represent a significant threat to corporate data, but also that some IT people are openly lecherous.

Have you ever done this? I'd be curious to know why. Share your input with the group -- use the comments field if you want to remain anonymous.

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on June 5, 2007 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/189

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.