Traffic Sniff - NOT ALLOWED

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Has anybody ever heard of an organization that does not permit their
Network Support (routing/switch) Group to sniff traffic.

Now I have been in the industry as a network professional for about 15
years and have worked for at least 10+ major organizations during this
time, ranging from utility, education, to private industry. And each
had their own security policy that limited certain actions, e.g. types
of installed software, access to systems, but I have never come access
this sniffing limitation for network support staff.

To me this would be like asking your night-time cleaning staff to clean
with the lights off, as they could do an okay job cleaning.  And in
turn avoid the potential risk that documents on certain desks being
viewed by the cleaning staff.

Essentially I believe that his in the paranoia in this organization.
The thought that users data could be viewed "secretively" by network
geeks is just unthinkable.

Has anybody come across this before and if so where you able to over
come it  through the proper channels.

Re: Traffic Sniff - NOT ALLOWED spilled the following:

Quoted text here. Click to load it
Quoted text here. Click to load it

Nope. Never heard of anything so absurd.


Re: Traffic Sniff - NOT ALLOWED

Colin McKinnon wrote:
Quoted text here. Click to load it
Being a systems administrator is a big responsibility and there are
serious privacy issues. Having said that, it is usually necessary that a
system admin have pretty broad access and visibility to what is going on
over the networks.

I can understand your companies concerns. On the other hand I am sure
they want not only privacy but security and that requires a careful
balancing act. I would suggest that when you attempt to "over come it"
you act with a lot of diplomacy and understanding, otherwise you will
just reinforce your companies fears of invasion of privacy. One thing
you should probably have when you discuss the issue is a well thought
out written policy that discusses what, when, and how the system will be
monitored. Describe what will and will not be monitored and in what
form. For example, packet sniffing and monitoring email headers may be
acceptable but reading the body of the message may not. The same goes
for monitoring account or payroll data. It is one thing to look at
binary data and another to read the data in English (or whatever
language it is written in).

Try the look at both sides of this issue before you rush in. I hope this

Re: Traffic Sniff - NOT ALLOWED

Barton L. Phillips wrote:

Quoted text here. Click to load it
While I agree with the previous posters, yes I have been the victim of
such a policy. I work for a company that initially had no Network
Security monitoring back in 1998. I new it would be important, so I
trained, and educated myself on the techniques of "safe computing on the
Internet" and being a Sr. Sys Admin responsible for most corporate
servers, thought I was doing the right thing. Having completed the
training and having been a part of many Intranet anomaly issues, I asked
for permission to start monitoring and  being proactive about watching
network use. I was denied all access. I dropped the issue and continued
my education at home and with others that were just as interested as I was.

Later, this same company hired a new Network Manager (as the previous
one wasn't keeping things secure by any means) and instead of asking for
permission, he just did what comes natural for a Network Security Admin.
As a result, he found and reported many vulnerabilities and proceeded to
close the holes. I then realized my mistake, being a conscientious
employee, I made the mistake of asking for permission.

If I had just gone ahead and done the scanning / sniffing and provided
the evidence and results, without asking, I probably would have been
fine. Because of the security and privacy issues upper management didn't
want to be responsible for, they took a, "don't tell, don't see, don't
know" attitude and only cared about the fix, if one was needed.

How it was determined that a fix was required, they didn't want to know
the details. As a result, I was never allowed to pursue a Network
Security career, and I even came under scrutiny even though I had a 6+
years of proven capability and loyalty. I even got reprimanded when I
complained, (and rightfully so), that peak hour scanning was impacting
network productivity and client / server operations. I wasn't against
the scanning, I just thought it was irresponsible to not manage the
scanning so that Company operations were not affected. Silly me! Later,
it was mysteriously determined that we needed more bandwidth on the
Intranet. Well, Duhhh!

Roger A.

Re: Traffic Sniff - NOT ALLOWED

Roger A. wrote:
Quoted text here. Click to load it
It is easier to get forgiveness than it is to get permission. I learned
this a long long time ago.

Re: Traffic Sniff - NOT ALLOWED

Barton L. Phillips wrote:

Quoted text here. Click to load it

That depends on who the boss is.  Some feel threatened when you do things
they do not know how to do.  One female boss of mine wrote in a report she
thought I wanted her job more than six months after I had left the company
and was working elsewhere.

I am unsure why but it may have been she just couldn't understand technical

Site Timeline