Re: administrator permissions mail server



On Tuesday 06 February 2007 04:51, Step0ut wrote:
Hi everyone,

I am sorry if this is not the exact forum to post this question but seemed
the most relevant.
I am working in a network with 40/50 PC's managed by 3 people with
administrator passwords.
The OS used is GNU/Linux.
There is also a webmail service provided by the same server, which is also
maintained
by the same people.
My question is the following:
Since the administrator has of course access to all user files, does this
mean that
one with administrator privileges can read everybody's emails?

Cheers,
step0ut
Short answer is yes. You may want to research SELinux, but be advised that you
would have to go beyond protecting files/directories. You probably have to
deal with lots of scope for network sniffers, etc., as well.

Protecting an internal network against it's own administrators is going to be
extremely difficult. Even if you build some sort of uber-bastion host that
checks everything on other servers, client machines, etc., at the end of the
day you have to trust at least one admin.

It *might* be possible to at least set up an audit system that's likely to
catch bad actors. But I wouldn't bet on it, unless your budget allows for
defense mechanisms commonly found in financial institutions, highly secure
military systems, etc.

As always, it comes down to the value of what you're trying to protect, the
likely threats, and the cost tradeoffs.

--
Greg Metcalfe



Relevant Pages

  • Re: I need Job Blobb
    ... > Windows and Network administratation. ... > In a job I would like to administrate servers, ... > Title: ISP Network Administrator ... > o Building, installation, configuration and tuning ...
    (microsoft.public.cert.exam.mcse)
  • Re: I need Job Blobb
    ... > Windows and Network administratation. ... > In a job I would like to administrate servers, ... > Title: ISP Network Administrator ... > o Building, installation, configuration and tuning ...
    (microsoft.public.cert.exam.mcse)
  • Re: [fw-wiz] Host based vs network firewall in datacenter
    ... > network administrator in a small datacenter. ... > I'd like to solicit some advice on a firewall implementation. ... Keeping the hosts locked down tight, and open services to a minimum is a ...
    (Firewall-Wizards)
  • Re: Recent Documents Not Showing
    ... This should be of significant concern for you as Group Policies only go into ... In addition to what Steve told you, do you VPN to the company network ... think you're the administrator of your PC, ... The message said the feature had ...
    (microsoft.public.powerpoint)
  • Re: Draft I: Why You Dont Want to Install Software
    ... that evil IT guy-- the party pooper who runs his network with an iron fist. ... > been made members of the 'local administrator' group. ... >> idea of contacting your network consultant to install software probably ... >> could install software. ...
    (microsoft.public.windows.server.sbs)