ANY IT guys answer this?

Dvdman · 10-19-2011, 02:41 PM

I have been at my job for over 5 years. I search all types of stuff all day long at work. No porn but things like lamebook or failblog (4 CHAN) certain websites that are probably not appropriate for my job. (Stock broker at a major firm). Does anyone know how red flags are drawn? NO one has said anything to me. When I am bored I am on the internet since I cant leave my desk. Any opinions??

Dvdman · 10-19-2011, 03:25 PM

Also , lets say Im writing personal stuff on my Gmail from work. Can they intercept my email or see what I wrote?

Kroy · 10-19-2011, 05:29 PM

not in IT

not sure about reading your emails on gmail but they'll be able to tell what sites you've visited. if you use a proxy, they'll know you went on a proxy to hide your ish. you're probably not causing any waves so they don't do anything about you as it is fairly harmless. but if they want to, they can keep tabs on you.

sistom · 10-19-2011, 07:43 PM

Regardless if you're using a proxy or not, they can still see what you are doing. All of the information is still having to be processed through their servers to your desktop....

ShakyDog · 10-20-2011, 03:28 PM

Your email can be read by anyone on your network, if they know what they are doing. Email is not encrypted and is sent in plain text and can be read by anyone that has enough time to intercept. Are they? Who knows. Yes they can see every site you go to each day and depending on the type of hardware they can tell how long at each site and which computers.

Steve

Tondtar · 10-20-2011, 11:50 PM

You are the reason we are in this economic melt down now

cindisargent · 10-21-2011, 06:42 AM

I would suggest that you avoid doing such a thing; I had my friends getting fired from the company when they were found to be using facebook and only during break time. The office is pretty strict and does a review on the system usage of everyone. Its really scary to see how much data can they come up with.

Dvdman · 10-21-2011, 10:18 AM

Thanks for the advice. I am just wondering why they havent said anything for so long. Maybe they don't have an issue with my browsing history as long as there is no porn or anything too bad.

UncleWede · 11-23-2011, 12:18 PM

Yes, we CAN see what you are doing. What you need to study is the acceptable usage policy at your office.
The running joke here is that I know every web page people go to. I don't UNLESS HR asks me to review your history. I can retreive at least a year of history. I beleive some people were recently let go for facebook/dating website visits.

DavidJS · 11-23-2011, 01:52 PM

There is a sticker on my work laptop that says:

"This is a [company name] system restricted to Company Official Business and subject to being monitored at any time. Anyone using this system expressly consents to such monitoring and to any evidence of unauthorized access, use, or modification being used for criminal prosecution."

vasillalov · 12-29-2011, 04:36 PM

* Torify: https://www.torproject.org/

* Use privacy mode on browser

radix · 12-31-2011, 07:42 AM

Quote:

Originally Posted by Devestator

Also , lets say Im writing personal stuff on my Gmail from work. Can they intercept my email or see what I wrote?

If you are using HTTPS then the answer is more than likely no. It is possible to construct a man in the middle attack whereby they use a proxy that forges certificates and passes them off to both endpoints, however you should still be able to identify a phony cert pretty easily.

E.g. in Chrome, click the lock next to the URL, then click "certificate information".

There are other means they could read your email, such as key loggers and stealth screen recorders, but those clearly have their limitations. For instance, they could likely legally record the keystrokes of an email you typed, but they could not break into your gmail account after getting your username and password without getting into legal issues.

radix · 12-31-2011, 07:56 AM

Quote:

Originally Posted by Devestator

I have been at my job for over 5 years. I search all types of stuff all day long at work. No porn but things like lamebook or failblog (4 CHAN) certain websites that are probably not appropriate for my job. (Stock broker at a major firm). Does anyone know how red flags are drawn? NO one has said anything to me. When I am bored I am on the internet since I cant leave my desk. Any opinions??

I'll put it to you this way. Everytime you initiate a connection to another machine, it could easily be logged via several mechanisms. The first is a web proxy. The second is a firewall. For instance, if you go to www.google.com, you'll find that name maps to a series of IP addresses:

Code:

$ nslookup www.google.com
Server:		192.168.100.1
Address:	192.168.100.1#53

Non-authoritative answer:
www.google.com	canonical name = www.l.google.com.
Name:	www.l.google.com
Address: 74.125.225.82
Name:	www.l.google.com
Address: 74.125.225.81
Name:	www.l.google.com
Address: 74.125.225.83
Name:	www.l.google.com
Address: 74.125.225.80
Name:	www.l.google.com
Address: 74.125.225.84

Every connection you make to a machine has two endpoints called sockets, one on your side, and one on the other side. Each socket consists of an IP address and a port. In the case of HTTP (web), it's port 80.

In order to get to www.google.com you will likely have to traverse several networks, and ultimately be routed out a forward facing machine that is connected to the internet.

Each step of the way that a packet destined to www.google.com port 80 from your workstation traverses, there is the potential that it is logged by the device that routes the packet (e.g. firewall/router [technically firewalls are routers, but whatever]).

If your company uses a web proxy, then there is also that to deal with. In this case, they could potentially also view the cached page that you visited.

blue dragon · 12-31-2011, 08:14 AM

I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met
1. Your browser is configured to use a proxy server to access the internet (this will track where you have been)
2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

3. You go through a firewall which does deep packet inspection with the ability to do packet captures.

The financial services industry is so regulated, that I wouldn't do anything like that from work.

Dvdman · 12-31-2011, 08:20 AM

Great info guys thanks!

radix · 12-31-2011, 09:58 PM

Quote:

Originally Posted by blue dragon

I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met
1. Your browser is configured to use a proxy server to access the internet (this will track where you have been)
2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

3. You go through a firewall which does deep packet inspection with the ability to do packet captures.

The financial services industry is so regulated, that I wouldn't do anything like that from work.

You're absolutely right, but bluecoat is hardly transparent in the sense that it's easy to check for.

NewNole2001 · 01-04-2012, 01:24 PM

Quote:

Originally Posted by blue dragon

2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

Are you saying that using blue coat they can peer inside my SSL+TLS packets? As in read decrypted contents?

blue dragon · 01-04-2012, 01:46 PM

^^ If they are doing SSL proxy, then yes. Lets say you are connecting to a bank, instead of the connection being encrypted all the way to the bank, its decrypted at the bluecoat, and then re-encrypted to the bank.

Have a look here

NewNole2001 · 01-04-2012, 01:47 PM

Quote:

Originally Posted by blue dragon

^^ If they are doing SSL proxy, then yes. Lets say you are connecting to a bank, instead of the connection being encrypted all the way to the bank, its decrypted at the bluecoat, and then re-encrypted to the bank

Damn, good to know for when I'm in the office. Lucky for me, I mostly work from home.

ttam · 01-04-2012, 04:01 PM

Quote:

Originally Posted by blue dragon

I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met
1. Your browser is configured to use a proxy server to access the internet (this will track where you have been)
2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

3. You go through a firewall which does deep packet inspection with the ability to do packet captures.

The financial services industry is so regulated, that I wouldn't do anything like that from work.

About 3 years ago, I was able to easily circumvent any tracking done by my companies Blue Coat appliance. Dont know if Blue coat ever found a way to MiM SSH traffic

blue dragon · 01-04-2012, 09:39 PM

^^ That can be blocked on the firewall. Not only can you block tcp/22, you can block the protocol going out on any other port. Remember there is a protocol identifier field in the tcp header, that a firewall can see

F82_SID · 01-06-2012, 01:53 PM

Another way you might be able to get around the security if you really wanted to is to connect remotely to your home pc via a service like Go To My PC and then browse what ever sites you want on your home PC through the remote connection.

I am an IT Security Engineer too and plenty of my colleagues do this.

10-19-2011, 02:41 PM	#1
Dvdman Major 168 Rep 1,000 Posts Drives: 2022 X5 and 2007 M6 Join Date: Aug 2009 Location: Chicago, IL iTrader: (2)	ANY IT guys answer this? I have been at my job for over 5 years. I search all types of stuff all day long at work. No porn but things like lamebook or failblog (4 CHAN) certain websites that are probably not appropriate for my job. (Stock broker at a major firm). Does anyone know how red flags are drawn? NO one has said anything to me. When I am bored I am on the internet since I cant leave my desk. Any opinions??
	Appreciate 0 Tweet Quote

10-19-2011, 03:25 PM	#2
Dvdman Major 168 Rep 1,000 Posts Drives: 2022 X5 and 2007 M6 Join Date: Aug 2009 Location: Chicago, IL iTrader: (2)	Also , lets say Im writing personal stuff on my Gmail from work. Can they intercept my email or see what I wrote?
	Appreciate 0 Quote

10-19-2011, 05:29 PM	#3
Kroy Brigadier General 173 Rep 3,032 Posts Drives: E90 Join Date: Jul 2009 Location: Los Angeles, CA iTrader: (1)	not in IT not sure about reading your emails on gmail but they'll be able to tell what sites you've visited. if you use a proxy, they'll know you went on a proxy to hide your ish. you're probably not causing any waves so they don't do anything about you as it is fairly harmless. but if they want to, they can keep tabs on you.
	Appreciate 0 Quote

10-19-2011, 07:43 PM	#4
sistom Second Lieutenant 61 Rep 253 Posts Drives: '08 135i M-Sport Coupé Join Date: Feb 2011 Location: Saint Simons Island, Georgia iTrader: (3) Garage List 2023 M440xi Gran Coupe [0.00]	Regardless if you're using a proxy or not, they can still see what you are doing. All of the information is still having to be processed through their servers to your desktop....
	Appreciate 0 Quote

10-20-2011, 11:50 PM	#6
Tondtar 12 yr old Juvie 1072 Rep 881 Posts Drives: His Mom Crazy Join Date: Apr 2008 Location: El Lay iTrader: (2) Garage List 2008 (RIP in 2011) ... [0.00]	You are the reason we are in this economic melt down now
	Appreciate 0 Quote

10-20-2011, 03:28 PM	#5
ShakyDog Captain 181 Rep 623 Posts Drives: 2007 Z4 3.0i Alpine White/Red Join Date: Mar 2010 Location: Missouri iTrader: (4)	Your email can be read by anyone on your network, if they know what they are doing. Email is not encrypted and is sent in plain text and can be read by anyone that has enough time to intercept. Are they? Who knows. Yes they can see every site you go to each day and depending on the type of hardware they can tell how long at each site and which computers. Steve
	Appreciate 0 Quote

10-21-2011, 06:42 AM	#7
cindisargent Registered 0 Rep 3 Posts Drives: BMW X6 Join Date: Oct 2011 Location: Atlanta, Georgia iTrader: (0)	I would suggest that you avoid doing such a thing; I had my friends getting fired from the company when they were found to be using facebook and only during break time. The office is pretty strict and does a review on the system usage of everyone. Its really scary to see how much data can they come up with.
	Appreciate 0 Quote

10-21-2011, 10:18 AM	#8
Dvdman Major 168 Rep 1,000 Posts Drives: 2022 X5 and 2007 M6 Join Date: Aug 2009 Location: Chicago, IL iTrader: (2)	Thanks for the advice. I am just wondering why they havent said anything for so long. Maybe they don't have an issue with my browsing history as long as there is no porn or anything too bad.
	Appreciate 0 Quote

11-23-2011, 12:18 PM	#9
UncleWede Long Time Admirer, First Time Owner 17963 Rep 9,377 Posts Drives: G01 X3 M40i Dark Graphite Join Date: Jun 2005 Location: Oxnard, CA iTrader: (0)	Yes, we CAN see what you are doing. What you need to study is the acceptable usage policy at your office. The running joke here is that I know every web page people go to. I don't UNLESS HR asks me to review your history. I can retreive at least a year of history. I beleive some people were recently let go for facebook/dating website visits.
	Appreciate 0 Quote

11-23-2011, 01:52 PM	#10
DavidJS Private First Class 4 Rep 119 Posts Drives: Z4 sDrive 35is Join Date: Oct 2011 Location: New Jersey iTrader: (0)	There is a sticker on my work laptop that says: "This is a [company name] system restricted to Company Official Business and subject to being monitored at any time. Anyone using this system expressly consents to such monitoring and to any evidence of unauthorized access, use, or modification being used for criminal prosecution."
	Appreciate 0 Quote

12-29-2011, 04:36 PM	#11
vasillalov Mad Linux Guru On The Loose 1121 Rep 5,396 Posts Drives: 2008 335i Sedan, 2023 M3 Join Date: Aug 2009 Location: Chicago, IL iTrader: (5) Garage List 2023 BMW M3 [0.00] 2008 335i E90 [8.00]	* Torify: https://www.torproject.org/ * Use privacy mode on browser __________________ 6MT \| COBB \| AR \| AE \| Forge DV \| HPF \| P3 Gauge \| Hybrid Intake \| O.S.Giken TCD \| All M3 bits \| TCKLine \| StopTech \| UUC \| ER \| SPEC
	Appreciate 0 Quote

12-31-2011, 08:14 AM	#14
blue dragon Lieutenant Colonel 1190 Rep 1,544 Posts Drives: '22 Tesla MY + '23 Tesla MY Join Date: Jul 2010 Location: Land of high taxes and crappy healthcare iTrader: (2)	I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met 1. Your browser is configured to use a proxy server to access the internet (this will track where you have been) 2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted. 3. You go through a firewall which does deep packet inspection with the ability to do packet captures. The financial services industry is so regulated, that I wouldn't do anything like that from work. __________________ \| '22 Tesla Model Y P - My daily \| '23 Tesla Model Y LR - Wife's daily \| '17 F15 35D - missed daily \|
	Appreciate 0 Quote

12-31-2011, 08:20 AM	#15
Dvdman Major 168 Rep 1,000 Posts Drives: 2022 X5 and 2007 M6 Join Date: Aug 2009 Location: Chicago, IL iTrader: (2)	Great info guys thanks!
	Appreciate 0 Quote

01-04-2012, 01:46 PM	#18
blue dragon Lieutenant Colonel 1190 Rep 1,544 Posts Drives: '22 Tesla MY + '23 Tesla MY Join Date: Jul 2010 Location: Land of high taxes and crappy healthcare iTrader: (2)	^^ If they are doing SSL proxy, then yes. Lets say you are connecting to a bank, instead of the connection being encrypted all the way to the bank, its decrypted at the bluecoat, and then re-encrypted to the bank. Have a look here __________________ \| '22 Tesla Model Y P - My daily \| '23 Tesla Model Y LR - Wife's daily \| '17 F15 35D - missed daily \|
	Appreciate 0 Quote

01-04-2012, 09:39 PM	#21
blue dragon Lieutenant Colonel 1190 Rep 1,544 Posts Drives: '22 Tesla MY + '23 Tesla MY Join Date: Jul 2010 Location: Land of high taxes and crappy healthcare iTrader: (2)	^^ That can be blocked on the firewall. Not only can you block tcp/22, you can block the protocol going out on any other port. Remember there is a protocol identifier field in the tcp header, that a firewall can see __________________ \| '22 Tesla Model Y P - My daily \| '23 Tesla Model Y LR - Wife's daily \| '17 F15 35D - missed daily \|
	Appreciate 0 Quote

01-06-2012, 01:53 PM	#22
F82_SID Brigadier General 207 Rep 3,153 Posts Drives: 2020 M2C 6mt HK Silver Join Date: Jan 2008 Location: Denver, CO. USA iTrader: (2)	Another way you might be able to get around the security if you really wanted to is to connect remotely to your home pc via a service like Go To My PC and then browse what ever sites you want on your home PC through the remote connection. I am an IT Security Engineer too and plenty of my colleagues do this. __________________ 2011/E92/M3/MR/BB/ZCV/ZP2/EDC/2MT
	Appreciate 0 Quote