How can I ensure my laptop running Kubuntu is impervious to remote viewing by the IT department of the company when I plug the network cable into the my laptop and use the company internet connection? There was never any disclaimer that plugging in to use the network would be consenting to remote viewing, but I think it is possible that it is happening. Please don’t ask for a story on why I have my suspicions, but please do provide information on how I can prevent intrusion. :eek: I’ve not installed any remote viewing software, and the company has not asked me to install any software. I’m running Kubuntu 14.04, and it is a pretty stock setup. TYIA for any advice.
I think you are going to have to resign yourself to understanding that regardless of what you may or may not have consented to, as long as your using company resources, they can at least monitor your traffic. If you are concerned that they are able to inject a key logger or similar software, without handling the laptop, the most that you can really do is to hotspot off a cellphone connection.
Declan
Yeah, it’s much more likely that they are just monitoring your traffic to see what you are up to rather than remote viewing, and they’ll still be able to do that as long as you connect your linux box to their network. It’s their network. They are allowed to monitor all traffic on it.
Also note that intentionally circumventing the IT department like this is grounds for firing in some companies.
Set up your firewall to prevent any incoming connections. That way they won’t be able to see what your are doing or what services you are running.
However they will be able to monitor your traffic unless everything you do is encrypted. It may be safer to establish a secure tunnel /VPN to a remote computer and use that to cruise the Internet.
I know nothing of these things, and have no idea how this is used, but yesterday I came across the EFF’s Switzerland network testing tool, which is * for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.*
…
One advantage this architecture has over other network testing tools is that it can spot arbitrary kinds of packet modifications in any protocol — it doesn’t assume that the interference comes in the form of TCP reset packets or web page modifications, and it isn’t limited to BitTorrent or any other specific application.
I’m only guessing but such a thing may enable you to detect spying. Don’t really know.
I downloaded it from Sourceforge because it was only 592.9 kB, therefore trivial to keep.
Hi, thanks for the replies. I am going to just highlight one part of my original post…
I said, "There was never any disclaimer that plugging in to use the network would be consenting to remote viewing, but I think it is possible that it is happening."
I said ‘Remote Viewing’ which means looking at someone’s desktop remotely as with a program such as Teamviewer. I am concerned that there may be some way that by plugging in, the IT department may be able to remotely view my desktop.
This is not the same as simple network traffic monitoring, which I would expect would be going on and of which I am not writing about here on SD. **‘Remote viewing’ would be highly illegal for any IT Department to conduct without consent, and this is the type of activity I am trying to prevent. ** I encourage all who have posted to repost after re-reading my original post and this new post of mine here. Thank you.
A bit more clarification…
Now that you all may have a better understanding of the topic of concern…
I’ll rephrase my post again…The question breaks down to:
-
Is it physically possible for an IT Dept. to illegally hack any PC connecting to the LAN and remote view (as I’ve described above).
-
It #1 above is true, can I prevent this type of access in Linux? Would switching to a wireless connection prevent this type of access?
TYIA
For them to do remote viewing - something has to be installed - either you instlled it or they did.
Has your laptop been out of your possession? Are you using a common ROOT password?
Any other symptoms that the system has been compromised?
Have you checked for VNC to be on the machine and running - I know its included in some runs of linux and would be easy to turn on (by you, unless you have a remote password- and even then, there are config settings and a password for it that has to be set - see previous questions )
IF ‘no’ to the above - you’re being a bit paranoid AND confrontational to the folks here for no reason.
As for it being ‘illegal’ - this entirely depends on what you have signed and/or agreed to in order to be on the company’s network and whether or not this part of it is in that agreement.
Unless they have good reason to do it - then it is unlikely that this is happening as a “matter of course” - the only other aspect of it that is remotely possible is if you’ve been “hacked” by a nefarious person - but the above 3 questions still apply.
Switchng to wireless DOE NOT take you off the companies network - why would you think it would?
Have a pleasant day.
[quote=“simster, post:8, topic:715365”]
I have Teamviewer installed, but no one can connect without a password.
I always lock the screen when I leave it alone in the office. Is this sufficient safety?
Have I noticed anything other symptoms of being hacked? Is that your question?
I have teamviewer installed. Does this answer this question?
Yes, for the sake of argument, maybe we can hypothetically discuss ‘hacked by a nefarious person’
I am just asking if wireless is more secure than wired with regards to being hacked.
Standard Kubuntu installs do not support remote X access, and any other remote viewing tool (vnc et al) would have to be deliberately installed and configured.
If this is your own Linux system and you have set the root password/administrative rights, then you will be safe from direct monitoring. It would be extremely unlikely that the IT department could install such a toolset without your knowledge or assistance. It could possibly be done, but such activities would be serious hacking and not standard IT process.
However, as others have noted, all network traffic can easily be monitored upstream. Also, given that it is the companies network, they can set the access conditions. Any device that does not meet the access policies could well find itself shuffled into a section of the network where monitoring is increased and access restricted.
Not to be too alarmist - but this is pretty thin protection. If you don’t want to use a service, don’t run it.
No. Again, trying not to be alarmist - but if someone has physical access to a machine they can compromise the security. OTOH, to do so would be very hard without leaving any trace, they would almost certainly need to reboot the machine, unless they knew your lock password. So there would be some indication.
Depends upon from whom you wish to be secure. You are never fully secure from the owner of the network. Wireless is less secure than wired because the information is open to anyone with a receiver in range. However wireless is usually encrypted, with varying levels of strength, strength that varies from an annoying speed hump to the attacker, though to solid enough not to be a concern unless you have upset the NSA. Wired traffic is not encrypted unless you add a layer of encryption yourself. Internet access via a cellular network is encrypted pretty solidly. WiFi has varying levels, usually not all that robust, and will usually go over a wired link at some point anyway.
In general, a Linux box won’t exhibit the sort of wildly open security issues a Windows box used to present. But they are not bolted down super solidly either. If you are worried about the environment you are in, you would always want to nail down the exposed services. Any sysadmin with a few neurons would port scan your machine as soon as they saw it on the network. Whether they wanted to mount any sort of attack is an entirely different matter.
It isn’t usual to allow a personal machine to connect to an internal company network. Companies can provide access to the internet for employees or contractors who have need to use their own machines, and should do so via a separately firewalled network, one that does not have access to company internal services or machines.
Is this a personal machine? I have never heard of a corporate or Government network with any real security allowing personal machines to connect to their network. If a compromised machine were to connect, the whole network would be compromised. So step one is to make sure that you are allowed to connect at all. And if it is a company machine, then IT has access to the machine anyway and whatever you do can be circumvented/undone the next time an admin logs on as superuser. You are using company resources, don’t do anything that the company would object to and remember that the company makes the rules. Inside their building/network, you really don’t have any “rights” or protections from monitoring.
Its the same question, can they break into your linux or not ?
Well it all depends on how well you secure your linux is…
But you install a firewall that disallowed inbound connections. This might break FTP, but perhaps the FTP helper solves that automatically, or you can add a rule to allow FTP
In the old days we just left UDP open, but these days you can say that the UDP session is only opened up by outgoing packets…
Your question about traffic ? Your traffic can be watched
There would not have to be any modification of the packets for them to watch the packets. If you use a VPN they only see the VPN packets, not the content of them.
The buzzword is BYOD/BYOT (Bring Your Own Device/Technology). It allows companies to allow users to use their own iPad/Android Tablet/Laptop etc to do work on the network. Generally, the client device attaches to a network. If it is not trusted, then it is isolated to a restricted VLAN. An agent is installed and executed by the user (probably via a web captive portal) that checks that the client has suitable up-to-date antivirus and OS security updates installed. Once the device is checked out it can be connected to the general network.
For example, I tried installing the new Microsoft Outlook Android app for my work emails. The policy set on our Exchange server meant that rooted phones were not permitted to connect. So I deleted the app - I wasn’t that committed to looking at work emails on my phone. On the other hand, I can access work systems from my personal laptop via a VPN - the VPN agent verifies that I have updated my laptop and have antivirus installed and updated.
You have no way of knowing this. TeamViewer is proprietary software and could very easily have undiscovered or unpatched security flaws, or an undisclosed backdoor.
It’s a reasonable precaution, but not absolute security if you have a weak password that others can guess, or if other people have physical access to the machine. If you’re gone long enough, someone could pop in a bootable CD-ROM or USB drive, reboot the machine, and then poke around your hard drive. Or they could just temporarily remove your hard drive, make a copy, and put it back. Of course, in this case you’d notice that the machine had been reset, since it would no longer be locked.
I’m rather surprised that a random laptop can just be plugged into the network and get on it.
Well, it worked for Aaron Schwartz.
What makes you “remote viewing” would be any different legally than packet sniffing? They own the network. They’re paying you to do work on it. Does your state have specific protections for electronic privacy in the workplace?
The only question is whether they hacked into your computer to enable this functionality. It’s highly unlikely unless you’re, what, Snowden?
Maybe they just have a little camera set up behind you.
Because not every use of a computer involves network traffic?
I don’t understand what you’re getting at. How are they viewing it remotely if it’s not networked?
It’s not so much the technical aspects, just… isn’t it reasonable for your employer to watch what you’re doing on the work network, while they’re paying you to work? Every place I’ve worked, the IT dept can and did remote in to view or take over our computers.