PGP in the workplace
Here's one I figure you all would just love: Yesterday afternoon, I was told by some higher-level associates of mine (not Management level, mind you, just people higher on the food chain) that my use of PGP in the coporate environment was not appreciated and could result in my being looked upon *very* unfavorably by the managerial crowd. Without even delving into security reasons, I politely explained to them that due to my job (which has several crypto-related applications) I needed PGP to communicate with people and list-bots in the outside world (or they could gladly pay for my formal training). The just shook their heads and said "be careful, you've been noticed". I was then told to stop 'messing around' in my shell account. I asked what was meant by this, and apparently it had been noticed that I had done a few things, which I had done to simply check the security of my account, which could be viewed as 'inappropriate'. You know what they were? 1. I checked to see if the passwd file was available to anyone (was it shadowed, etc.). This was seen as an attempt to GET the passwd file, and thereby have access to sensitive data. 2. I change my password regularly (once a week). Now this may seem excessive (it apparently did to them), but you must understand that the entire IS department is extremely buddy-buddy here. Over half of the users have root passwords on any given system. I don't feel like sharing, horrible me. I guess my regular chaning of passwords was seen as a strain on the system (ha!), as they didn't elaborate *why* I had been flagged for this. Upon explaining to them that I was simply trying to make sure of my own security, I was told that I was to just assume that I was secure, and that *any* 'poking around' was found to be "highly aggravating" and could only only "exascerbate the situation further." Luckily, I had to get to class, so I cut the conversation before it could get any more out of control. Now, seeing as I'm fairly new to the Corporate world, but is this something common? I know when I was at college, poking around was expected and encouraged, as it helped find and plug holes in the system. But this is almost like some kind of protection racket here! ____________________________________________________________ Rick Osborne osborne@gateway.grumman.com "Yes, evil comes in many forms, whether it be a man-eating cow or Joseph Stalin, but you can't let the package hide the pudding! Evil is just plain bad! You don't cotton to it. You gotta smack it in the nose with the rolled-up newspaper of goodness! Bad dog! Bad dog!" - The Tick
On Tue, 17 Sep 1996, Rick Osborne wrote: [clueless sysadmin story elided]
Now, seeing as I'm fairly new to the Corporate world, but is this something common? I know when I was at college, poking around was expected and encouraged, as it helped find and plug holes in the system. But this is almost like some kind of protection racket here!
This never happend in any company I worked for. Don't think I'd last in such an environment. Neither, one should think, will a company where half the people have root. Three man operations excepted. Just my $0.02, --Lucky
Rick Osborne writes:
Here's one I figure you all would just love:
[...]
Upon explaining to them that I was simply trying to make sure of my own security, I was told that I was to just assume that I was secure, and that *any* 'poking around' was found to be "highly aggravating" and could only only "exascerbate the situation further."
Quit and go work somewhere that's reasonable. A decent IS department doesn't play games like these; one that's full of morons does. Talented people, especially those who know security, are in demand at the moment. So you shouldn't have to put up with petty-tyrant bullshit- go find a company that is staffed by human beings. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
participants (3)
-
Eric Murray -
Lucky Green -
Rick Osborne