Just curious… honestly. Want the straight dope, and depending on the answer, it may be a useful caution for any of usl.
I’ve heard a wide range of stories about what your friendly neighborhood IT guy can find out about what you have been doing with company equipment online. I believe employers can easily find out as much about your web habits as you can see by viewing a browsing history. But what else? Can they see messages posted and received via, for example, yahoo mail, if they had been read at work? Or messages posted to this board, for another example? Just what traces of past internet activity are left on a company’s server, and for how long?
I don’t know exactly what sort of activity might be logged as a natural consequence of computing, but I do know that your emloyer could install keyloggers and screen grabbers to get a file of your keystrokes and screenshots at any predetermined intervals.
Well, my employer can log and view everything - every keystroke. Thems the breaks when you work for Uncle Sam. That’s not to say I don’t sometimes post from work; we’re actually allowed some personal time on the computers. But they can track and view everything if they had a reason to.
Web based e-mails are a big no-no - something about circumventing the firewall or somesuch. But they can view (remotely) whatever it is that you’re viewing: e-mails, message boards, the works. I believe they do all this with plain commercially available software as well.
Far as I know, they can find out everything that isn’t encrypted. If they have access to your computer, which is very likely, then every single thing you do on there can be monitored.
The only safe route that I know of is to bring in your own, secure hardware - like a laptop - and connect to the internet remotely through a private, encrypted network.
Unless you have an ancient machine with dialup through a dedicated phone line, your business Internet connection is probably through a dedicated company server. And whatever passes through that serve can be, and probably is, logged. Remember that whenever you use a browser, what effectively happens is that the HTML (or PHP or XML or whatever) page you are viewing, with any accompanying graphics, is downloaded to your machine, and stored in a directory, most likely “Temporary Internet Files.” To get there, it must pass through the server, which is probably keeping tabs on what passes through it and in what direction.
As one of those IT guys, we can find out lots if we’ve got the appropriate equipment and logging set up. I’d suggest the OP read up on firewalls, gateways, and proxy servers.
I’m sure you IT guys out there can fill in some of this:
How well can you hide these loggers? I’m not concerned about keystrokes, as I’m mostly using mouse input, and not concerned with trafic monitoring, as I proxy all private internet activities out across port 80 and to my home PC, but screengrabbers are worrysome.
I know programs can be hidden well from showing up in WinTop or other process monitors, but wouldn’t I at least be able to see the connection in netstat? I imagine this would either take a lot of bandwidth or a lot of local disk access.
Yes yes, I know - do work at work. It just seems like everyone else in my office has declared x-mas through New Year’s as holiday time - not much to get done lately.
I’m actually kind of worried because for some reason one of the pop-ups over at Snopes goes to a site that the work filter reads as pornography. I got a “this incident has been logged for audit” message from it today. (I was reading Snopes at lunch, not during on-the-clock time, so I’m not worried about that)
Unless the connection to your home machine is encrypted, your employer can still observe your traffic. And, even if it is encrypted, your employer can still determine the presence of encrypted traffic. That looks suspicious all by itself. Plus, even if you determine that logging software is present on the machine you use, it is likely your employer will take a dim view of disabling or circumventing it.
Yeah. Don’t talk about it here. Seriously - discussion of circumventing controls established by your employer is a sure-fire way to get your butt kicked by a mod and the thread locked.
Network management can watch every byte that gets into or out of your PC via any means.
We can install tools that you CANNOT find, period, which record the scene on your screen, keystrokes, mousemoves, etc. With the output from that system we can replay your day’s work instant by instant, just like a combination movie/clavinova.
If you use an encrypted connection, we can probably decrypt it, particularly if the settings are sotred on your PC. If you never store the key on your PC but key it in every time you start up, we’re stuck … until we install the keylogger to capture it. But if it’s stored somehow in your PC, we’ve already got it.
That’s the state of the art. Now what YOUR employer does may be much less than that. But if you’re at all concerned, just assume the company’s HR jerk & the lawyer are standing behind your chair watching over your shoulder with a video camera every second of every day. It shouldn’t be legal in a civilized society, but it is.
Do you really think they can break 128-bit SSL encrypted communications? Getting someone’s password to an encrypted one thing, but decrypting an SSL session is another ball game entirely.
Note I’m not asking if it is possible to decrypt SSL - I know it is, with efficient brainpower and enough factoring time - but I question whether the average corporate IT department generally has those kinds of resources.
Why shouldn’t an employee be entitled to some expectation of privacy? If there is some reason to suspect that a worker is surfing the net or maybe using the firm’s equipment and work time for some sort of personal gain that would be different. Or if there is a reason to expect that the employee is goofing off, missing deadlines, showing poor performance etc. Without this reasonable suspicion, it seems like spying, to me at least.
I approve of the idea of having “checks in place”, for instance preventing an employee from visiting certain web sites. But I would disapprove of having my employer noting that during clock hours I visited a news site or bought a book from Amazon.com or checked traffic before my drive home etc.
Not really. What I’m suggesting is they can get in upstream of the SSL encyption, or downstream of the decryption. If they control the machine that’d doing your crypting for you, it’s no longer secure from your perspective.
I agree that SSL with its per-session keying is not something where they can(practically) record the encyrpted bytestream and decode it later at their leisure. But also recall that they also (potentially) recorded the entire key-generation and exchange process that occurred during the setup of the SSL session. That gives them a leg up.
The easiest way remains to monitor at the presentation layer, where the data is in human-readable form.
As a home user, you can’t be 100% sure that some other person in your house hasn’t installed such a thing.
If you’re the only person with administrator-level access to your PC, then you’re pretty safe unless your roomate is a professional, or very motivated.
If anyone else has admin access, well then you have no assurance whatsoever.
In a corporate setting, internet traffic sniffing is easier because the traffic has to pass through machines down in the basement which they control that you’ve never seen and have no influence over. They do the sniffing there and there is no logical possibility of you knowing whether they’re sniffing or not.
In a typical home environment, the sniffing has to be on your machine, which makes it at least logically possible (though not necessarily practically possible) for you to know that you’re being sniffed.
Before anyone gets their panties in a wad, remember that it’s usually IT staff doing the monitoring. They can install stuff like ** LSLGuy** talks about, but there’d have to be a reason, I’d think. Otherwise, those guys have better things to do.
So just don’t trip very many of the filters and you’ll sail right under the radar, provided you’re doing a good job otherwise. Everywhere I’ve worked, we just occasionally checked the firewall/proxy logs, and had a quiet word with the porn hounds.
There were the occasions where managers asked us about someone’s usage patterns because performance was suffering, but that was rare.
