One of my clients has a problem. We’ll call him Melvin, because I like changing names when I tell stories.
Melvin doesn’t like network guys, and takes every possible opportunity to tell anyone within earshot. “You network guys don’t understand what’s going on over that wire, and you don’t want to.”
We do understand, but not the way he thinks network guys should. Melvin is wrong.
Read the training manuals for Security+ or CISSP, and, presumably, Network+, and at its very simplest, they boil the goal of IT down to three things: Confidentiality, Integrity, and Availability. We’ll take it from the bottom:
Availability: Does the system work when the user sits down to use it? 99.999% of the time the answer should be yes, if you follow industry standards.
Integrity: When the user enters data, will it be the same when the user comes back later to retrieve the data? That answer should also be yes, but precisely 100% of the time.
Confidentiality: Will the system protect the data from being read by anyone other than its intended recipients?
So if I’m snooping around on the network the way Melvin wants me to do, so he can further whatever his agenda is (I haven’t figured that out yet), then I’ve blown that tenet. I guess I’d have to mail my Security+ certificate back to CompTIA. It would be the right thing to do, at least.
Network sniffers are wonderful troubleshooting tools. When two computers aren’t talking correctly, they’re what you use to see what part of the conversation is being dropped. But when things are working the way they are designed, the proper place for tools that expose and/or capture the conversation on the wire is inside a locked drawer or cabinet.
I’ll let the guy who signs my annual reviews decide whether I’m an effective IT guy or not. I want no one to question my ethics.
As an ethical IT guy, it’s not my place to snoop around on the network and tell Melvin what people are doing. Not unless he hands me some decree from high above. Very high above. Certainly not for curiosity, and certainly not to feed someone’s messiah complex.
Here’s the correct approach. Melvin needs to find and define a requirement–whatever work needs to be done that isn’t presently–bring it to me, and I’ll figure out who needs to talk in order to make it happen.
In the meantime, I’ll just keep on doing what I’ve been doing. When my phone rings because a real, live user can’t send an attachment to someone else and wants to know why, I’ll figure out why the antispam software we use doesn’t like that attachment and find a workaround or solution.
I told him that. He called me a geek and waved his hand dismissively.
I should have told him I appreciate not being called offensive names.