What can the information technology department of the large corporation I work for find out about my web surfing habits, besides from what’s in my history window and cache? Do they know every site I access, or just that I’m “on the net”? When I try to access a blocked site, is there a red light that flashes in the IT office?
They know as much as they want to find out.
It all depends on what software they’re using, and if they have a reason to check. It’s possible to buy packages that keep track of every website every employee is going to. I suspect they have more important things to do than check on the browsing habits of everyone, but if they have a reason to, they can find out.
As said, I don’t think they’re going to bother with details. Don’t be so paranoid. F’r instance, I stopped getting the email notices from the Straight Dope once a firewall was installed, probably because “Dope” was in the name. (How dopey can you get.) So the emails were blocked, but no one came knocking down my door.
I have to say I got more paranoid after I installed Ethereal, and was able to effortlessly reconstruct images that I had downloaded, view my chats, and read my passwords.
After that I switched to ssh, stunnel, and was a lot more cautious in my web surfing.
Anyone on your network could view anyone else’s traffic (on the usual network setup). Promiscuous interfaces can be detected, although one easy way around it is to fix up a network cable with the “out” disconnected. I don’t know which that is, but there is a how-to somewhere, I am sure.
My company has a log of urls that is automatically generated. Every url you visit is logged. Considering the large number of employees who have internet access, it’s one heck of a log. And it’s boring too. Yahoo, google, code bulletin boards… It’s not something they look through unless they have good cause.
Am I reading this correctly? Are you suggesting that you splice into the network cable and only attach “in” wires?
If so, that doesn’t work
You can’t have a network connection without in/out communication. And if you are in a ring lan, you’ll screw up other’s connections if you try it.
Maybe I misunderstood. If so, would somebody please fill me in. Thanks.
What about an ip masking service like http://www.ipmask.com
This service launches a java applet that they claim scrambles the URLs that your IT department would see.
Any legitimacy to this claim? I do know that it masks your ip# from outside sources, but I’m not sure that this applet will spoof the IT guys.
Thoughts?
Ring lan? Who uses that anymore? 
Next thing you know, you’ll be talking about tokens.
Yes, you won’t be communicating, but that’s the whole point.
You don’t want your machine responding to any administrative checks.
You can still, however, receive packets fine (which is all you need for sniffing).
Uh, exactly how could you surf the web if there is no data going out?
I suppose the fact that I’d be purposely hiding something from them would send up a red flag, if they even care.
If the large corporation you work for is a Bank or an Investment Firm of some kind, there’s a good chance they are looking at the logs of who went where. You’re probably going through a proxy server to get to the internet and they can log where everyone goes from there. Because the logs are so huge, they will probably miss or not care about one or two visits to a “bad” site, but you’re better safe than sorry. If the site doesn’t have any obvious clues in its url, then you will probably be safe.
You’ll probably be safe either way, but depending on how strict they are, there is risk.
PeeQueue
I work in a large bank, and a couple of years ago an email was sent around which basically said the following:
Our company uses a software called Tivoli which can keep track of all web usage and performs inventory functions on a regular basis (they also frown on personal software on company hardware…especially because of licensing concerns).
That said, I agree that the logs are huge and no-one is going to read them. However, there will be monitors of usage times to send up flags (an example of presenteeism, as opposed to absenteeism). I’m sure they scan the logs for sites with key words in them…XXX, sex, nude, etc.
I hope they didn’t flag this post because of the XXX, sex,…
As I said above, the whole point isn’t to “surf the web” it is to snoop on other people “surfing the web.”
I was explaining how to do this to point out that everyone on the network, not just IT, can get away with snooping.
And of course, disconnecting the “out” is only if IT in your company cares about promiscuous interfaces.
Many do not.
The company I used to work for had software that allowed them to see everything that came up on your monitor as you looked at it - not only could they see where you were going on the 'net, if you typed something into Notepad (without saving it) they would see it - if you opened a file on a floppy disk, they would see it.
As mentioned above, the main thing protecting you is the sheer amount of data they have about you and the laziness of the people monitoring it. Most companies will check individual people at random, or if there is some reason to suspect they might be doing something inappropriate, or if they are looking for a reason to get rid of you.
It’s a matter of priority. If the IT staff sees this as something important they can see about anything we want to, but on the other hand it usually has little to do with the core mission of safeguarding computer data and maintaining the network. The smaller the shop the less likely some one is monitoring traffic. Usually even if the traffic is monitored no one looks at the logs unless there is a problem. My boss, coworker and I maintain a LAN used by about 180 people. Since we also maintain PC’s we generally do not have time to bother looking at this information unless there is a problem user.
However we do monitor unathorized software and remove it when found.
Odds are, no one is looking at your surfing in particular. Speaking as a network admin, the only time I look at the logs is when the boss requests it, or someone pisses me off. But to answer the OP; yes, they can see everything you do.