Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Don't Network Administrators Require Privacy? 457

An anonymous reader writes to tell us that Recently their company has decided to move the IT staff out of their offices to make room for the Service Department. The move has placed the IT staff in cubicles that all face inward and lack, obviously, the ability to lock their doors at night. This is, to them, an obvious breach in security and privacy for what may be sensitive network information. Have any other Slashdot readers dealt with this sort of problem before? If so, what specific information was best suited to rectify these security concerns?
This discussion has been archived. No new comments can be posted.

Don't Network Administrators Require Privacy?

Comments Filter:
  • Man up, nancy. (Score:5, Insightful)

    by markv242 ( 622209 ) on Saturday November 05, 2005 @04:32PM (#13958988)
    Quit trying to make up bogus reasons as to why you don't want to be in a cube and just tell your boss, "I don't want to be in a cube." If it's a dealbreaker for you, resign. Next they'll be moving you down into the basement and taking away your red stapler.
    • and the final chapter is a beach chair, foo-foo drink and still no respect. I'll take it!
    • Re:Man up, nancy. (Score:5, Insightful)

      by shawn(at)fsu ( 447153 ) on Saturday November 05, 2005 @05:05PM (#13959193) Homepage
      Bogus is exactly right. Our company, an IT company that employs over 100,000 people worldwide has the sysadmin people in cubes. They can store the equipment in either lockable cabinets or is the server room. Sorry but this article just sounds childish and elitist.
      • Re:Man up, nancy. (Score:3, Interesting)

        by orin ( 113079 )
        Would you notice if someone put a hardware keylogger between your keyboard and the back of your computer? Only takes a second for someone to put it there and then remove it. It only needs to be there a few hours. If someone can physically get to your computer, even for a few seconds, they can set in place a process where they can compromise all your information. If you are a sysadmin, they can quite easily escalate their privs until they can access any file on your network.
        • That isn't a privacy concern. That's a security concern. Maybe standard desktop hardware isn't secure enough.

          Maybe the only consoles at which critical passwords are entered should be in the server room. There are rackmount keyboard trays that can slide right out when server access is required. The IT staff can stand when doing this work and/or a tall hard stool can be provided.

          All the old BOFH stuff is ancient folklore. It's all PUBLISHED at this point and management has had somebody review it.

          The jig
    • Re:Man up, nancy. (Score:5, Insightful)

      by TheSkyIsPurple ( 901118 ) on Saturday November 05, 2005 @05:05PM (#13959194)
      It's a legitimate concern in general, but we just don't know enough in specific

      We had a building restack awhile back, and they wanted to bump our group into cubes. I ended up going to the Real Estate folks at HQ and letting them know that my screen would now be facing public walkways, and communications about acquisitions would be ripe for compromise. (I kinda wish we had the SOX issues back then... since I deal with private info as well, it becomes a legal issue.)

      Fortunately for me, Facilities didn't want to get those goofy cubicle sliding doors, and we didn't have enough conference room space for me to be able to reserve a conference room for all my confidential meetings.

      Then again, at another of our offices, all of us are in cubes, but our bank of cubes is behind a secure access controlled door, and the general users aren't allowed in there... All depends on how critical your info is, and what is available to protect it.

      I wouldn't press the sube issue directly, I would press the security issue, and let management come up with their own answer.
      • Space to think! (Score:3, Insightful)

        by CarpetShark ( 865376 )
        The best argument I've heard for real offices is that they should be allocated to people who need privacy OR quiet to do their work. With all due respect to secretaries, the last thing you need is a secretary playing some music that drives you insane when you're trying to work out the deep implications of some program code or security issue.
        • Oh, and the corollary I meant to include in that is that offices should not be allocated for the purposes of prestige. If highly paid employees get an office for the sake of their vanity, when they're actually not even in the building much, and when they are, they're talking to people in plain sight, while IT guys who need to think are dealing with cleaners vacuuming around them, then I think that says something about the kind of company you're working for.
    • Re:Man up, nancy. (Score:5, Insightful)

      by blincoln ( 592401 ) on Saturday November 05, 2005 @05:11PM (#13959220) Homepage Journal

      What company gives regular IT people their own offices?

      I've been at a Fortune 500 company for five years, and in that whole time (which has spanned two buildings), the only people with offices were the directors.
    • by evenprime ( 324363 ) on Saturday November 05, 2005 @05:27PM (#13959304) Homepage Journal
      It could be far worse....just be happy they didn't hire someone in New Delhi to administer your servers.
    • Re:Man up, nancy. (Score:5, Interesting)

      by Lumpy ( 12016 ) on Saturday November 05, 2005 @06:05PM (#13959523) Homepage
      Kinda right, kinda wrong. if the IT department deals with any of the financial data the boss will get his arse reamed hard the second a Sarbanes Oxley audit is performed.

      We had this problem here until the director of operations was reamed up one side down the other and then almost publically flogged when we missed an audit and he ignored all the noted problems on the monthly internal audits.

      Now all key IT people not only are in a cubicle land in an office with limited keycard access, but we have 3m privacy filters on all our screens. and al lservers were put in a server room with even more limited access. Before then they had them pretty much in the open where anyone could gain physical access of the servers and the IT department easily.
      • Re:Man up, nancy. (Score:3, Insightful)

        by Anonymous Coward
        Kinda right, kinda wrong. if the IT department deals with any of the financial data the boss will get his arse reamed hard the second a Sarbanes Oxley audit is performed.

        No he wont. Not for the reasons you're implying anyway. A little known company called Visa [] manages to keep all their IT guys in cubes. If you think your IT guys deal with a lot of financial information...

        It's all about using the correct procedures in handling that financial info. This means, lock your desktop when you leave to take

  • You can mitigate the problem by demanding hardware locks to keep your equipment from walking away, and locking cabinets for storing sensitive information.
  • by Zeebs ( 577100 ) <[rsdrew] [at] []> on Saturday November 05, 2005 @04:32PM (#13958993)
    The obvious answer is simply to wage war against any other units in the business that oppose your using that private space, or plans for world domination for instance. I saw it in a dilbert comic once, they have never steered me wrong before.
  • by tim_mathews ( 585933 ) <tmathews04@gmail . c om> on Saturday November 05, 2005 @04:33PM (#13958995)
    We ran into a similar issue at work. Our argument to keep our locked office was that since we have access to all the files on the network, under the HIPPA laws we're required to keep our workstations in a secured area like HR since confidential employee information could potentially be displayed on our screens. Don't know if it's true or not, but it let us keep our office.
    • by GuyverDH ( 232921 ) on Saturday November 05, 2005 @05:02PM (#13959175)
      Actually, all that has to be done, is to follow a clean desk policy.

      Monitors need to be faced in such a way so that they cannot be viewed from the walkways.
      I also run mine at maximum resolution (1400x1150 for the laptop and 1600x1200 for the 20" second display) with small fonts so that my eyes are the only ones that can read anything displayed (unless someone looks directly over my shoulder).

      Important papers have to be stored in locking cabinets/file drawers.

      No sensitive information should be stored on the workstations. All sensitive information should be stored in a protected data-center type environment. File servers, host systems, database servers should all be protected. Workstations should be set to lock within a few minutes (mine is set for 2 minutes). I also have gotten into the habit of locking my workstation before I stand up for anything.

      With no locally stored sensitive information, then the administrators PC is unable to be used as a tool to gain said information.

      Cubicles are not necessarily evil, they are however, a fact of corporate life.

      Don't be lazy, keep the information secure, rather than trusting a simple "door-lock" to keep unsecured data secure.
      • That might be true. But the guy said their HR department already had a methodology for conforming to the HIPPA laws. And given the laws apply to their workspaces as they do to HR's, the copmany would probably have more exposure to employee lawsuites for having a double standard internally.
      • by thegrassyknowl ( 762218 ) on Saturday November 05, 2005 @08:21PM (#13960164)

        Cubicles are not necessarily evil, they are however, a fact of corporate life.

        Cubicles present no significant cost gain over giving everyone a small office with a door. That material they use to make cubes is expensive. In fact, this has been done on Slashdot before and many link were posted to different office design styles. The general consensus was that technical types (IT, engineers, etc) like to be able to isolate themselves from the world for periods of time so they can focus entirely on a task.

        Cubes don't give you that. I am continually distracted by the goings-on in the next cube. If two or three people are there looking at a demonstration or trying to find a bug then it's very noisy and I find myself having to wind up the volume on my closed-back headphones to unsafe levels.

        Should I remind anyone what happens when people in your office are testing audio equipment or a product that talks over a 56k modem in an open plan environment? All I hear all day is that noisy screech of modems (we have hundreds of them scattered around the place) and "test, 1, 2, test" through the other audio equipment that people are testing.

        It has been studied to death and decided that if you put technical people in an office with a door they will be more productive. I think this more than offsets all the other reasons for having cubes, and the exotic measures that you have to go through to protect people's privacy when they are in cubes (lockable drawers, filing cabinets, secured rooms for storage of documents, etc).

        Cubes are put in place by management who want some level of separation between the "elite" and the rest of us. Management justify it by saying "we want to foster an interractive and friendly work environment to encourage productivity" but they have never had to work in cubes, and dont understand the loss of productivity that will occur when everyone is there.

        • I totally agree with the private-office = more productivity thing in as far as that productivity refers to an individual working alone for periods of time.

          I don't agree that offices are roughly the same cost to install as cubes. As others have said here, cubes are easier to light, ventilate and electrify. I think you also may use less space per person with cubes than offices.

          But most importantly, remember with software developers you need to encourage a certain degree of chatter/communication as part of tea
  • A good IT admin should be able to secure the PC on their desk and therefore everything else that they access. Help your company cut costs and keep you, it is much better than the alternative.
    • by Homology ( 639438 ) on Saturday November 05, 2005 @04:40PM (#13959049)
      A good IT admin should be able to secure the PC on their desk and therefore everything else that they access. Help your company cut costs and keep you, it is much better than the alternative.

      Bullshit. Once you have physical access to the PC you can compromise it.

      • I have a utility on a floppy disk that allows you to reset the admin password on any Windows box. A google search, 1 floppy disk and 10 minutes of physical access to a PC is all someone needs to rape a Windows box.
      • Bullshit. Once you have physical access to the PC you can compromise it.

        Actually, with almost almost any type of access to a PC you can compromise it.

        That's something that good network administrators acknowledge and deal with.

        If a network administrator is unable to secure his own box relatively well (no network PC is ever 100% secure), why the %^&* would I trust him to secure a network? A good first defense barrier for an administrative PC in a cubicle environment is to flag those cubicles w
        • " With the exception of PHB's X, Y, and Z, anyone found in this cubicle when the employee who uses it is absent will be TERMINATED ."

          And that accomplishes nothing. It's just like taking guns away from people who want to own them legally. People who read that sign and abide me it, much like people who properly purchase firearms, are not the ones you need to worry about. Frankly, I don't even know what an "administrative PC" is anyway. My laptop can be an administrative device wherever I take it. This is why
    • A good IT admin knows that without some physical security most computer security is a joke.

      What good is a case lock if the attacker has 5 uninterrupted hours alone with a computer? What good is the BIOS password if they can reset the BIOS? And so on...
    • Yeah, and nobody will ever see any sensitive information on your screen either. Here's a tip, try actually doing the job before you start critiquing it.
  • In a hallway (Score:3, Interesting)

    by Rick Zeman ( 15628 ) on Saturday November 05, 2005 @04:34PM (#13959007)
    Where I am now til the buildout was finished for our offices (cubes in a lockable room), my desk was at the end of a hallway in a little nook area across from the CFO's office. I got really sick of being mistaken for his secretary, and I had to have my workstation lock after a minute of idle time because it was so public. Blech.
    So, poster, it could ALWAYS be worse.
    • by Anonymous Coward on Saturday November 05, 2005 @04:48PM (#13959096)
      The fun solution to that problem is to act like his secretary but follow through with 0 of the requests. Give this to him? Oh sure. Is he in his office? No, he's out for the day. His car is being towed? Ok, I'm calling him now. *smirk*

      If anyone complains, blame it on their incompetence.
      • Re:In a hallway (Score:3, Insightful)

        by Wudbaer ( 48473 )
        You can do it to the CEO, you can do it to the CIO or everyone else, but... ... never EVER mess with the master of all beancounters !
  • If you behave well, i.e. no sensitive information on your workstation (it shouldn't be there), and lock or turn off your workstation, the danger is a large as having any active network port accesible.
  • If some manages to break into your desktop office, they most likey can break into your server room as well. If thieves are looking to steal the information (and not just the hardware) they'd go for the server room directly. A common thief would probably steal some desktops and run.

    Logging out of your servers before closing down at night would suffice i'd say. Or use a solution such as the Sunray, just unplug your card and you're home free :-)

    Dont get me wrong, cubes are crap for a thousand reasons, but I do
    • Re:Breakins.. (Score:3, Interesting)

      by smchris ( 464899 )
      But now they really can't paste the company passwords on their monitors.

      [Unfortunately, not entirely a joke. It seemed to have poisoned our department relations with IT when I once visited the server room and I questioned why our server and Oracle database passwords were sitting next to our server.]

      I guess I'm naive too. I don't see where this should be so difficult with server room security, desk locks and some hardware security: hardware lock-down, no cd boot, BIOS password. If the janitor is going to
    • Don't think 'thieves'. Think 'other employees'.

      As for the original question: I'm not sure. It would depend on the environment.
  • Give me a break (Score:3, Interesting)

    by phpm0nkey ( 768038 ) * on Saturday November 05, 2005 @04:35PM (#13959011) Homepage
    This sounds like a flimsy excuse to ask for a private office. If your network administrator needs to work in a locked room all day, your network is not secure enough!

    Passwords should not be found on post-it notes stuck to your monitor, nor should they be saved on your computer, anywhere. Don't keep them in text files, emails, IM history, cookies, etc. Passwords should be memorized or written down in your wallet, or better yet, your company should implement a security token system and do away with static passwords. Any sensitive data which has to be stored should be encrypted. Any workstations or servers at your desk should be locked when you walk away.

    Shoulder-surfing for passwords is extremely hard. Try it sometime: at 80 WPM or more, it's virtually impossible to follow and remember every keystroke, especially while trying to be inconspicuous. As for keyloggers, server theft and more serious security breaches, these should be dealt with proactively at a lower level. Screen potential employees carefully, and keep security cameras rolling throughout the office to discourage suspicious behavior.
  • by Clubber Lang ( 219001 ) on Saturday November 05, 2005 @04:36PM (#13959018) Homepage
    Seriously, boo hoo. I don't mean to be a jerk, but BFD. Virtually every cubicle I've ever seen has drawers and cabinets that lock, and if you're a network admin you probably have a laptop anyways right? If you read your disaster recovery or even security plan (if you've got one) you'll probably find that all staff who have laptops are supposed to bring them home.

    Could someone look over your shoulder? I guess... but there are people out there (like say, me, or employees at any other benefits outsourcing company) that have access to literally thousands or even millions of people's date of birth, SSN, etc etc. We get along just fine, so will you.

    I mean, sucks you lost your office... I remember mine, it was nice.
    • Not to make you sound stupid, but those locks on most file cabinets, desk drawers etc are complete and utter shit.

      They use disk tumblers instead of pins like the lock in your house and can be consistently opened with a bent piece of stiff wire.

      Do NOT think that those locks are security in anything but name. They exist solely to satisfy insurance companies that you "lock" things up.
      • Re:Locked Drawers (Score:5, Interesting)

        by HD Webdev ( 247266 ) on Saturday November 05, 2005 @05:22PM (#13959276) Homepage Journal
        Do NOT think that those locks are security in anything but name. They exist solely to satisfy insurance companies that you "lock" things up.

        Actually, that's not why those cheap locks exist. They are there so that people don't have to put up "don't open this even if you're just looking for a stapler" notices all over the place.

        The common bathroom lock is a good example. It's easily bypassed because it's not there to seriously defend the bathroom. It's there as a "this is off-limits for the time being" notice.
      • Not to make you sound stupid, but those locks on most file cabinets, desk drawers etc are complete and utter shit.

        They use disk tumblers instead of pins like the lock in your house and can be consistently opened with a bent piece of stiff wire.

        Do NOT think that those locks are security in anything but name. They exist solely to satisfy insurance companies that you "lock" things up.

        Really?? Oh dude! I better take the Caramilk secret out of there then!

  • by onyxruby ( 118189 ) <<ten.tsacmoc> <ta> <yburxyno>> on Saturday November 05, 2005 @04:37PM (#13959023)
    Where I work we have the same situation. However all of IT (security, network and so on) is in the same office area. In order to secure the area they just put up a wall and secure card access. That way the only people in there are the IT people. If you can't trust your IT staff, than they don't have any business being your IT staff. That way the risk is still there, but you don't have anyone other than IT in the area to begin with.
    • "That way the only people in there are the IT people." ... and the cleaners (on minimum wage and unlikely to have been seriously security checked, probably) and the security staff (almost as badly paid and not necessarily better checked).
    • at my last job any IT staff personel could walk up to anyone's computer and reboot it at their will (and expect a serious flogging the following day). i made my staff lock their machines at any time they were absent from their desk, even if they step out for a second. to make things more interesting, i told my staff that if they saw an unlocked computer they had free reign on it (as long as it didn't affect our production network or systems). this gave my staff an understanding of real security in our fi
  • on my cubicle that says "Anyone found breaching my privacy will be prosecuted AND/OR sued under the Privacy Act []"
  • As long as I have a secure place to lock assets, I don't much care if I'm on a cardboard box in the middle of an amphitheater. It doesn't really matter if people can see over my shoulder, and I doubt most folks would care enough to bother. Watching scripts run isn't terribly entertaining. :)

    Sure, an office would be nice, but given a lockable closet or something, there's no real need for one.
  • by ThaFooz ( 900535 ) on Saturday November 05, 2005 @04:38PM (#13959035)
    That's all it takes to secure it, provided your building is reasonably secure... as I would *hope* that anything that required locks and not just passwords would be in a secure data center elsewhere. I guess you could request a safe or something if cabinents were insufficent.

    It seems like the larger issue is being evicted for the "Service Department". They're the ones that should be in cubes, but that's another story.
  • I do (Score:2, Informative)

    I happen to be a network admin who sits out in the open.
    It's not that big of a deal, but I guess I don't sit there looking at confidential passwords all day long!

    I do, however, always lock my computer when I get up (xscreensaver...ctrlaltdel). That seems sufficient to me.
    Oh! And I don't leave sensitive information sitting out on my desk, either.
    • I'm in the same boat.

      I admin a small research lab, and I'm most useful if people can talk to me without having to go to another room.

      If I _really_ need screen privacy and people are there (like, say, I'm editing /etc/ppp/chap-secrets ... I've really gotta get that whole ldap/radius thing working and kill that file), I grab my laptop and head for a private place.

      Have to agree with everything I'm reading here though... modular office furniture with lockable cabinets/drawers, hardware locks, keeping more thing
  • by Aim Here ( 765712 ) on Saturday November 05, 2005 @04:43PM (#13959068)
    "sensitive network information."

    Uhuh. Would this sensitive network information be the log of all those websites you network admins visited last month, and that copy of Quake 4 you installed on the Company Mail Server?

    Just because you guys are the only ones who have access to the firewall logs doesn't mean we don't know what you get up to.
  • Money talks (Score:5, Insightful)

    by Thu25245 ( 801369 ) on Saturday November 05, 2005 @04:46PM (#13959076)
    Draw up a budget proposal for whatever locking file cabinets, secure equipment cabinets, Kensington locks (better than nothing...) and desktop security software that you'll need to ensure the security and functionality of your information systems. Keep in mind that this includes not only malicious snoopers but also cleaning staff that snag cables with their vacuum cleaners, and take whatever precautions are necessary.

    Be thorough, but don't make stuff up. Don't make it a turf war, just make it clear that you're working to protect the systems that you're responsible.

    Come up with this proposal, and an estimate of the costs, and request that Accounting begin soliciting bids from vendors. And then lightly suggest that this would not be necessary if you could have good locking offices.

    Keep in mind, though, that private offices are only effective if they are truly private. If they're not always proerly locked, or if too many people have the keys, then you'll be the worst kind of office hypocrite.
    • you have obviously not worked with a defense contractor:

      First you ask for a signifigant budget to conduct the analysis, THEN you spend that budget to come up with a second budget for what actually needs to be done.

  • No sympathy here (Score:5, Interesting)

    by Sycraft-fu ( 314770 ) on Saturday November 05, 2005 @04:47PM (#13959082)
    All our IT group works in one room. Out front there's desks for our students to filter incomming people and deal with low level requests. There's also a big workbench down one side for systems we are fiddling with. Then in the back there's two cube partitions that hold the 4 staff. Two desks per partition, facing each other.

    Know what? I actually like it. We have almost no staff meetings and part of the reason is we are all there and can talk to each other as needed. In fact usually we work with at least one headphone off so we can hear what's going on and stay informed. If someone is doing something that needs a lot of concentration, headphones go on and they get left alone.

    It works really well, and means there's one central location people go to for computer support.

    As for privacy, from what? Anything remotely private isn't in my desk, it's on my computer. Well, we all have root so we can all get in to each other's shit if we want. The room itself locks to keep others out at night, of course, but as for my coworkers, well if I can't trust them to not mess with my stuff, they probably shouldn't be employed anyhow. Any of us could, if we wanted, wreak massive havok having the root password to all servers, the enable password to all switches, etc.

    Sounds like just so much whining to me.
  • > If so, what specific information was best suited to rectify these
    > security concerns?

    The first step is to update your resume.
  • by Noryungi ( 70322 ) on Saturday November 05, 2005 @04:48PM (#13959092) Homepage Journal
    First of all, a simple question: are your servers still under lock and key?

    Whether or not this is correct, you should organize a demonstration of how easy it is to:

    • Get into a cubicle.
    • Shut down a machine, crack open the case and steal a hard disk full of sensitive data. List of users, passwords, IP addresses, internal LAN architecture, sales and partnership data available on the Intranet are all good candidates.
    • Another nice demonstration would include booting a sensitive machine on a Live CD such as Knoppix and downloading the data I just mentioned onto a USB key. Pocket the USB key, remove the Knoppix CD and voila! Sensitive data is now stolen, thief can exit the building without drawing too much attention and nobody in the company can even suspect the theft happened.

    Of course, invite everyone who is someone in the company to this demo, including people like the CEO and CFO. In short, people who care about data security.

    And whatever you do, keep a paper trail, by sending emails to the power-that-be, keeping a paper copy, and be as courteous and professional as can be, while being firm that this situation is unnaceptable. Please remember that these are probably not technical people. But they will understand that some data should stay inside...

    Just my 0.02 US$ here of course, IANAL, but I am a sysadmin.
    • Given recent history and experiences posted on Slashdot, it appears that actual physical demonstrations of security holes may open you up to getting fired and even charged with a crime. There have been a number of well meaning admin types who have demonstrated security problems only to find themselves in trouble. Among other things, an active demonstration might embarass The Powers That Be. If you write a memo describing the problem The Powers That Be can either address the issue behind the scenes or ju

  • when I worked in IT in 99. cubes are way cheaper than offices, said el cheapo uno.
  • Boo hoo! (Score:3, Funny)

    by sulli ( 195030 ) * on Saturday November 05, 2005 @04:55PM (#13959133) Journal
    Andy Grove had a cube too. Quit yer bitching.
  • Too Late (Score:4, Funny)

    by biglig2 ( 89374 ) on Saturday November 05, 2005 @04:56PM (#13959143) Homepage Journal
    This is a political argument, and you already lost. Ho hum.

    I have no such problem, since, as sysadmin, I am the only person in our office who can work Visio, and consequently I am the person who draws all the floor plans when we rearrange the office.
  • by Slashdoc Beta ( 925619 ) on Saturday November 05, 2005 @05:00PM (#13959157) Homepage
    1. Don't write down passwords.
    2. Lock up sensetive information.
    3. Have a wild cougar patrol the datacenter at night.
  • This is, to them, an obvious breach in security and privacy for what may be sensitive network information.

    Um, log off or lock your workstation.

    The move has placed the IT staff in cubicles that all face inward

    If you need to, turn your desk so your monitor is not visible to people peering through your doorway. As for the others standing on chairs to see over the cubicle to view your screen, well ... let's just say they are noticeable. :)

    I say go ahead and tear down the special aura that has classicall

  • I'm a Network Administrator for a very large corporation and I found myself in the very same situation.

    I had my own private office, however a request was made by Human Resources for the construction of new offices for their own use. Rather than the $10,000 price tag, I _requested_ that I transfer out to the cubicles on our main floor. Basically, it was a decision I made for the benefit of the company.

    I find that no one really _needs_ private offices, unless they participate in confidential conversatio
  • by Maniacal ( 12626 ) on Saturday November 05, 2005 @05:11PM (#13959221)
    I'll go ahead and give you a little.

    I'm a network admin and not only am I part of the small percentage in our company that has an office, I'm part of an even smaller percentage that has a locking door. For me, it might not be completely necessary but it's desired for 3 reasons:

    1) Work space - At any one time I might be working on 2 or 3 laptops and desktops while loading a server or configuring a router, etc. I need the space to set it all up. I have a counter top that runs along 2.5 walls of my office and a long table on the blank wall and it's all often occupied. My office doubles as my shop/lab.

    2) Security - I have stacks of laptops, hard drives, routers, switches, etc. stored in my office and with our growth, more coming in every day. It's not that someone couldn't steal this stuff from elsewhere in our facilies, it's just that it's much easier to get to in my office. No unplugging, unbolting, etc. Just grab a stack of laptops and go. I've seen cabinets mentioned in other posts but I have too much stuff going on and if I was in one of our cubes I'd be lucky to fit 1 cabinet.

    3) Peace and quiet - Between the useless chatter, relentless phone calls, streaming music and other noises, I can hardly hear myself think out there (cube world). Not to mention the drive through questions. Everybody and their little brother feels the need to stop by my office and ask a question on their way by. I don't mind it all the time. In fact I'm quite sociable, open and helpful but when I'm troubleshooting a tough problem or working on a project I just don't like to be disturbed. I generally deal with user issues in the morning and work on projects in the afternoon and evening. After lunch, when I close my door, everyone knows not to come knockin unless their problem is preventing them from completing their work.

    That's my 47 cents.
  • I've rarely seen cube farms without locking drawers that can be used for storing anything sensitive. When I was doing admin work I usually had corporate officers lock all that stuff up in an eight-hour fire safe, because I knew that just locking it up in my office wasn't enough to stop a determined theif, fire, flood, etc..
  • by icepick72 ( 834363 ) on Saturday November 05, 2005 @05:16PM (#13959241)
    This is, to them, an obvious breach in security and privacy for what may be sensitive network information.

    I'm much more concerned about a network admin that flaunts sensitive information as a rebuttal because he doesn't want to be moved into a cubicle, than I am about network information hidden by a cubicle wall rather than a more classical solid version of a wall. Your "bricks-and-mortar" walls are redundant in a virtual world, and so are the more limited cubicle versions. Simple suggestion: lock or log-off your terminal and turn the screen away from the cubicle opening. Now how tough was that? .... oh, the problem is you're still in a cubicle? Well most of the people around you are too; start a self-help group with the other people if it bothers you. This article isn't about security ... it's about cubicles and a whiner for crying out loud!

  • Salaries (Score:4, Funny)

    by nick_davison ( 217681 ) on Saturday November 05, 2005 @05:22PM (#13959271)
    1) Find the CFO's home directory.
    2) Open up the salaries Excel doc.
    3) Scroll to the execs - most likely at the top anyway.
    4) Set your screensaver firmly to the off position.
    5) Get permission from your boss to leave early.
  • I've worked in places where all the administrator's desks are out in the open and there's almost no security, and I've worked in places where they all have offices that are locked with key cards.

    I have to say that in the first case everybody's desk is usually nice and tidy at the end of the day (no expensive hard-/software lying around), while in the second case there's often a tendency to leave the place a mess: "Hell, the door's locked anyway, right?" Maybe, but this isn't good either. For instance, it
  • by AlexisGrey ( 928807 ) on Saturday November 05, 2005 @05:26PM (#13959299)
    Privacy is important to any real network admin / computer support person. Not only do we often has information up on our monitors that would compromise security if it was viewed by others, many of the phone conversations involved in resolving problems also contain information that may be sensitive. Someone close to my desk could pick up IP address, Router information, Type, model and OS version on our firewalls. For instance, we had a video conference with our manager on Friday regarding the implementation of the patches to our Cisco routers and whether it had to be done this weekend. He asked for the router passwords over the phone...his opinion is that EMail is unsafe. Then there is the other type of work we do. For example, I was working on a report last week that basically involved some deep data mining of our health plan over the last five years. The benefits person, a sweet young thing of 55 going on 2000 was asking me how to take the data and apply various scenarios to it - such as increasing the employee contributions, reducing maximum payouts and removing some coverages. Its obvious from our conversation and from the data that cuts are going to be made. This sort of stuff is not something management wants to be public. Wednesday, I had to recover about 100 EMails for our Human Resources person. Some of them included questions about Employee evaluations. Some companies may not ever have their Net Admins talk on the phone or use their monitors to work on but we sure do.
  • No (Score:5, Insightful)

    by pvera ( 250260 ) <> on Saturday November 05, 2005 @05:28PM (#13959308) Homepage Journal
    You are asking about privacy, not about the limited access of specific company-owned information.

    You are NOT entitled to privacy in the workplace. You are entitled to limit access to your work materials to those employees that have the need to know.

    Two completely different concepts.

    You can run IT from a cubicle, there is nothing terrible about that. If you are going to type in a password, look over your shoulder and make sure nobody is watching you. Access to the machine itself is no issue since you are not going to put your servers in your own office, they go to their own room. If you were running all the servers from your office then you are not as smart as you think you are.

    Regardless of server OS, you can manage it from anywhere, there is no need to be sitting in front of the damn machine.

    As for privacy, when you signed your offer letter and you agreed to follow company guidelines, you pretty much signed away any hope of privacy in the workplace. The boss can listen to your phone calls, can read your mail and read your paperwork. Yes, your boss can read your personal email if you are trying to read it from your workstation at the office. It is the company's computer and you are using the company's resources for personal reasons.

    Now, say you are a programmer or a DBA, then you need a bit more shielding from prying eyes. But the plain IT folks? Nah, they can sit outside like everyone else.
  • Is that you're worried about someone booting your computer in single user mode. Secure it with a bios password and bootloader password. And make sure your screensaver locks up after a VERY short time out. I know it's a pain in the ass, but that's what they're making you do. On the other hand, since it;s obvious you can do your job very well from anywhere, why not from home?
  • No Problems (Score:3, Interesting)

    by ONOIML8 ( 23262 ) on Saturday November 05, 2005 @06:07PM (#13959532) Homepage
    I haven't had an "office" of my own for a few years. I express the need every so often and I'm actually getting space for one now. But that didn't come about for any reason other than my boss getting tired of hearing about it.

    All of the documentation for our dispatch center has been stored in a bookshelf within dispatch. That's a controlled area but the dispatchers can all view it. As I predicted, one of the dispatchers did dig through it and made copies of certain documents. She then supplied those documents to one of the deputies who is now using that information as part of a suit against the county (long story, he thinks we intentionally have bad radio coverage).

    Management didn't give a shit about that. The insurance folks shook thier heads in disgust but then they've seen it all with our county so nothing shocks them anymore. When that documentation made it to the internet it still didn't phase anyone.

    Privacy? You want privacy? Around here they either think you're being a prima donna or you're up to something. There can't actually be a need for privacy.

  • Cubicles? Doors? (Score:4, Interesting)

    by Tim C ( 15259 ) on Saturday November 05, 2005 @06:40PM (#13959689)
    I've never seen an office that isn't completely open plan. I work on sensitive government projects (RESTRICTED in the Official Secrets Act sense) and my desk is accessible to anyone who gets in through the front doors. (2 of, plus building security and office reception, but still)

    So the network admins have been moved out of their offices? Cry me a river, and welcome to the 21st century along with the rest of us.
  • by krokodil ( 110356 ) on Saturday November 05, 2005 @10:04PM (#13960535) Homepage
    I understand your frustration, but yellow stickers with root passwords attached to your monitor must go.

  • by Whatchamacallit ( 21721 ) on Saturday November 05, 2005 @10:38PM (#13960636) Homepage
    I haven't had an office in 10 years! Not since getting a high paying job for one of the Fortune 100. Nothing but cubicles for as far as the eye can see! Office space is reserved on the outer perimeter where the windows are. Anyone with an office is a manager of at least 100 people. If they have a corner office then they have those managers reporting to them and they are ultimately responsible for several hundred employees. Were it not for the skylights there would be no sunlight in the cubical farm. The good thing is conference rooms are on the outer wall as well so you can kinda stare out the window during boring meetings.

    IT people are in cubicles and have been for at least 20 years. The servers are locked up in secured environmentally controlled data centers. You wouldn't want to work there, it sucks typing when your hands are freezing. The noise of the cooling fans and air conditioning is pretty darn loud too.

    Due to Sarbanes/Oxley the customer data is secured to such a ridiculous degree that the IT staff doesn't have access to production data anymore! Yeah, that's right, the IT staff cannot see production data! When there is a problem we have to request a special temporary user name that expires in like 8 eight hours. That id is issued to you and the password is reset. You then use that account to examine the production system. Everything that account sees or does is logged extensively. When you are done, you give the account back and it's reset. If you forget, it will expire soon enough. Those with access to issue the accounts and reset them are at the highest levels of security and are located in our mainframe operations center where they are under constant surveillance including by closed circuit digital cameras. These guys have to go through several card access points to reach the data center. They are not even in cubicles but what looks like a college lecture hall of desks on stepped risers with projection screens on the main wall. Looks like a NASA control center. This helps a lot in major outages to have all the experts in the same room.

    The call center staff obviously has access to production client data because they need to. But that doesn't mean they aren't being watched all the time. Every read is logged and if it's found that they should not be reading that customers data at that time, they will be caught. Random audits are performed constantly. We have a special investigations team which is constantly on the lookout for potential fraudsters, etc.

    Security performs periodic physical security audits. i.e. going around looking for people who keep their ID/Passwords under their keyboards or on post-it notes; leaving their desks unlocked, leaving confidential information out in the open, etc. This happens at night after most people go home.

    Cell phones with cameras and USB devices are forbidden in some places. The call center computers USB ports have been filled with an insulating epoxy from a hot glue gun. Of course that doesn't stop someone from writing down notes and sticking it in their pants. I mean if Sandy Berger can enter the national archives and stuff top secret documents down his pants and walk right out then so can a call center employee who makes less then $15 / hour. What the hot glue in the USB / Firewire slot does is stop someone from moving gigabytes of data out the door in one move. There are also no CD/DVD burners in the call center for the same reason.

    Arguing security isn't a good thing, it will just lead to a security crackdown that isn't going to stop someone whose diligent and determined. It will just inconvenience you further... Take a look at those 4 Chinese Spies they just caught in California! They worked for defense contractors and gave away military secrets to the Chinese. I mean if we can't stop our military secrets from walking how can we stop everyday business data theft and industrial or corporate espionage?

Money is better than poverty, if only for financial reasons.