mailing list archives
RE: RE: Securing workstations from IT guys
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 27 Nov 2007 13:51:35 -0800
I quite agree.
And in my experience, when steps are taken to keep "IT guys"
from accessing specific systems, the eventual result is that
*EVERYONE* (including on the Internet) has access to those
systems *except* the people whose job it is to protect them.
That users do not regard this as a problem is a critical
issue at layer 9 or 10 (layer 8 is Money; 9 and 10 are
Politics and Religion) and does not admit of a technological
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of
kurt.kessler () umb com
Sent: Tuesday, November 27, 2007 7:29 AM
To: security-basics () securityfocus com
Subject: Re: RE: Securing workstations from IT guys
"This being said, to effectively do their jobs the IT staff
needs to have access to everything. You have personnel
problems if you cannot keep your IT staff from snooping where
they should not.."
The IT staff should have the absolute minimum amount of
rights that they need to do their job. Any more, is *ASKING*
for this kind of problem.
There should be several groups, where users are placed based
on rights needed to perform their particular job.
- Re: Securing workstations from IT guys, (continued)