I got an email with a link to what turned out to be huge long list of porno web pages. Well, 30 minutes later (blushing) I realized that I had been surfing all over PornWorld. No big deal… except for the fact that I was at work at the time.
My morality with respect to this issue is firmly rooted in Kohlberg’s lowest level–I’m worried about getting caught!
My question is, how can I remove all evidence of this illicit web-journey? I didn’t bookmark the site or anything, but my computer must keep a record of this stuff, right?
Related question: Is there any way that my boss or the network guys can keep track of all the web sites that I visit during the day? I mean will some PornoAlarm sound in the network admin’s cubical alerting him to my scandalous surfing?
Can they? Abolutely. Will they or do they? I dunno. What’s your company’s policy on computer use?
If there is a clear statment in the policy that forbids what you were doing, they may have spent the money to actually buy the software that allows logging or constant monitoring. (Of course, the fact that they don’t have a net nanny program keeping you out, to begin with, argues against them having actually bought the spyware. “Argues against” should not be construed as “they didn’t”. Any given manager can foolishly buy or foolishly fail to buy whatever he chooses.)
It depends on your IT department and how they’ve set up security.
Most companies allow web access through a firewall, a piece of software acting as a gateway to the internet. It can be configured to block certain sites from you (I’m sure you can guess which ones) and block crackers from trying to access PCs on your company’s internal network. Firewalls will also log all websites you access, unfortunately for you.
I’ve yet to see a large company where accessing dodgy sites ‘rings bells’ or any other real-time event (it would just be too much hassle unless you employ someone to do it full-time). Generally, all web accesses are logged and that log should be reviewed periodically to check what employees are up to.
It doesn’t sound like your company is that restrictive (since they let you access the site in the first place) but it is likely that they logged the addresses of the sites you visited. Whether they read those logs and follow up to ask awkward questions is down to however they work where you are. Whether you can get into real trouble is down to your company IT security and appropriate usage policies.
Having said that, you should be okay (or at least avoid all but a slap on the wrists) if you can persuade them you didn’t know what the links were for - although if you looked at more than a couple, that might be a hard line of defence to pull off!
I don’t think firewalls aren’t spyware, since they don’t run on your PC without your permission (and anyway, it’s company property), but you can’t usually get round them. The logs are kept at the firewall, which usually runs on an entirely separate server. You could try clearing your Temporary Internet Files folder, and clearing your cookie files, and clearing your History folder, but it won’t erase the firewall logs.
Best bet is to keep your head down, admit it and plead innocence if confronted, and don’t open unknown emails or dubious addresses ever again. At my company, breaching the appropriate usage policy is an offence that can get you warned and/or fired.
Oh, one last word, in case anyone recommends ‘anonymous surfing’ websites.
While small companies may not check for these in their firewall logs, a lot of big companies with large IT admin areas will do. Again, where I work, accessing anonymous surfing websites is as grievous an offence under company policy as going straight to porn sites.
There are web sites out there that essentially act as web proxies. You access one of these anonymous web surfing sites in your web browser and type in the target Web address you wish to visit, typically through a form located on their page. The anonymous web server fetches the target web page for you and sends it your way. You see all the content of the target page you were trying to access through the form, but since the anonymous surfing site acts as an intermediary, in the company traffic logs, it looks like you just visited the anonymous web surfing site.
Most browsers keep a listing of all the sites you visited over the past few days, as well as copies of all the web pages you visited (until the local web cache space fills up, anyway, at which point it starts deleted the oldest pages). You can delete these files off your local machine if you wish. However, as other have said, your company may or may not record web traffic. If they do, the logs would be kept in server locations to which you wouldn’t likely have access, so there’s nothing you can do about these logs.
Will you get in trouble? Who knows. I’ve known administrators that kept the logs solely to prevent possible legal problems from arising; they never looked at the logs. I’ve also known administrators that fell on the other end of the spectrum, maintaining huge lists of innapropriate web sites, constantly had user monitoring software running, and generally policing network usage. And I’ve known administrators that didn’t bother with logging web traffic at all.
woohoo, something I can comment on. I am a unix admin in the IT dept for a fairly large company. We do log web traffic and the logs are kept on a separate server. We have let a couple of employees go for extreme abuse but generally what happens is this:
A copy of the relevant portion of the log will get sent to HR.
2)Presumably HR will talk with the offender’s manager and
offender gets told to stop doing that.
Umm, this doesn’t happen for 1 time offenses. We had to have a record of several visits though no specific number was specified. We have about 400+ users and our IT staff has about 8 folks. The logs grow kinda fast but it doesn’t take much effort to do a scan for certain terms and see who’s going where. Unless you have a BOFH type admin, I doubt you will be noticed unless you show a history of such offenses.
Beyond your own personal history folder which you can easily clear off your machine NT based networks often keep a list of the web sites addressed in a special directory on the server identifed by your login name which I would imagine (as a WAG) is cleared at some capacity limit or date set point. Unless you have access to this directory there is likely to be a record of your surfing available to the network admin.
Unless there is a lot of net abuse at you workplace the chances are probably pretty slim that you will be tagged this time, keep it up though and the laws of probability will catch up with you at some point.
I am a unix admin in the IT dept for a fairly large company. We do log web traffic and the logs are kept on a separate server. We have let a couple of employees go for extreme abuse but generally what happens is this: