[Dvdman]

I have been at my job for over 5 years. I search all types of stuff all day long at work. No porn but things like lamebook or failblog (4 CHAN) certain websites that are probably not appropriate for my job. (Stock broker at a major firm). Does anyone know how red flags are drawn? NO one has said anything to me. When I am bored I am on the internet since I cant leave my desk. Any opinions??

[Dvdman]

Also , lets say Im writing personal stuff on my Gmail from work. Can they intercept my email or see what I wrote?

[Kroy]

not in IT

not sure about reading your emails on gmail but they'll be able to tell what sites you've visited. if you use a proxy, they'll know you went on a proxy to hide your ish. you're probably not causing any waves so they don't do anything about you as it is fairly harmless. but if they want to, they can keep tabs on you.

[sistom]

Regardless if you're using a proxy or not, they can still see what you are doing. All of the information is still having to be processed through their servers to your desktop....

[ShakyDog]

Your email can be read by anyone on your network, if they know what they are doing. Email is not encrypted and is sent in plain text and can be read by anyone that has enough time to intercept. Are they? Who knows. Yes they can see every site you go to each day and depending on the type of hardware they can tell how long at each site and which computers.

Steve

[Tondtar]

You are the reason we are in this economic melt down now

[cindisargent]

I would suggest that you avoid doing such a thing; I had my friends getting fired from the company when they were found to be using facebook and only during break time. The office is pretty strict and does a review on the system usage of everyone. Its really scary to see how much data can they come up with.

[Dvdman]

Thanks for the advice. I am just wondering why they havent said anything for so long. Maybe they don't have an issue with my browsing history as long as there is no porn or anything too bad.

[UncleWede]

Yes, we CAN see what you are doing. What you need to study is the acceptable usage policy at your office.
The running joke here is that I know every web page people go to. I don't UNLESS HR asks me to review your history. I can retreive at least a year of history. I beleive some people were recently let go for facebook/dating website visits.

[DavidJS]

There is a sticker on my work laptop that says:

"This is a [company name] system restricted to Company Official Business and subject to being monitored at any time. Anyone using this system expressly consents to such monitoring and to any evidence of unauthorized access, use, or modification being used for criminal prosecution."

[vasillalov]

* Torify: https://www.torproject.org/

* Use privacy mode on browser

[radix]

Quote:

Originally Posted by Devestator

Also , lets say Im writing personal stuff on my Gmail from work. Can they intercept my email or see what I wrote?

If you are using HTTPS then the answer is more than likely no. It is possible to construct a man in the middle attack whereby they use a proxy that forges certificates and passes them off to both endpoints, however you should still be able to identify a phony cert pretty easily.

E.g. in Chrome, click the lock next to the URL, then click "certificate information".

There are other means they could read your email, such as key loggers and stealth screen recorders, but those clearly have their limitations. For instance, they could likely legally record the keystrokes of an email you typed, but they could not break into your gmail account after getting your username and password without getting into legal issues.

[radix]

Quote:

Originally Posted by Devestator

I have been at my job for over 5 years. I search all types of stuff all day long at work. No porn but things like lamebook or failblog (4 CHAN) certain websites that are probably not appropriate for my job. (Stock broker at a major firm). Does anyone know how red flags are drawn? NO one has said anything to me. When I am bored I am on the internet since I cant leave my desk. Any opinions??

I'll put it to you this way. Everytime you initiate a connection to another machine, it could easily be logged via several mechanisms. The first is a web proxy. The second is a firewall. For instance, if you go to www.google.com, you'll find that name maps to a series of IP addresses:

Code:

$ nslookup www.google.com
Server:		192.168.100.1
Address:	192.168.100.1#53

Non-authoritative answer:
www.google.com	canonical name = www.l.google.com.
Name:	www.l.google.com
Address: 74.125.225.82
Name:	www.l.google.com
Address: 74.125.225.81
Name:	www.l.google.com
Address: 74.125.225.83
Name:	www.l.google.com
Address: 74.125.225.80
Name:	www.l.google.com
Address: 74.125.225.84

Every connection you make to a machine has two endpoints called sockets, one on your side, and one on the other side. Each socket consists of an IP address and a port. In the case of HTTP (web), it's port 80.

In order to get to www.google.com you will likely have to traverse several networks, and ultimately be routed out a forward facing machine that is connected to the internet.

Each step of the way that a packet destined to www.google.com port 80 from your workstation traverses, there is the potential that it is logged by the device that routes the packet (e.g. firewall/router [technically firewalls are routers, but whatever]).

If your company uses a web proxy, then there is also that to deal with. In this case, they could potentially also view the cached page that you visited.

[blue dragon]

I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met
1. Your browser is configured to use a proxy server to access the internet (this will track where you have been)
2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

3. You go through a firewall which does deep packet inspection with the ability to do packet captures.

The financial services industry is so regulated, that I wouldn't do anything like that from work.

[Dvdman]

Great info guys thanks!

[radix]

Quote:

Originally Posted by blue dragon

I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met
1. Your browser is configured to use a proxy server to access the internet (this will track where you have been)
2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

3. You go through a firewall which does deep packet inspection with the ability to do packet captures.

The financial services industry is so regulated, that I wouldn't do anything like that from work.

You're absolutely right, but bluecoat is hardly transparent in the sense that it's easy to check for.

[NewNole2001]

Quote:

Originally Posted by blue dragon

2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

Are you saying that using blue coat they can peer inside my SSL+TLS packets? As in read decrypted contents?

[blue dragon]

^^ If they are doing SSL proxy, then yes. Lets say you are connecting to a bank, instead of the connection being encrypted all the way to the bank, its decrypted at the bluecoat, and then re-encrypted to the bank.

Have a look here

[NewNole2001]

Quote:

Originally Posted by blue dragon

^^ If they are doing SSL proxy, then yes. Lets say you are connecting to a bank, instead of the connection being encrypted all the way to the bank, its decrypted at the bluecoat, and then re-encrypted to the bank

Damn, good to know for when I'm in the office. Lucky for me, I mostly work from home.

[ttam]

Quote:

Originally Posted by blue dragon

I'm a network engineer at a financial institution, the answer is yes if any of the following conditions are met
1. Your browser is configured to use a proxy server to access the internet (this will track where you have been)
2. You go through a content filter such as blue coats (this can be transparent to you, and again, will track where you have been. Blue coats can even do SSL proxy, so that the company has access to anything you visit over https, which is normally encrypted.

3. You go through a firewall which does deep packet inspection with the ability to do packet captures.

The financial services industry is so regulated, that I wouldn't do anything like that from work.

About 3 years ago, I was able to easily circumvent any tracking done by my companies Blue Coat appliance. Dont know if Blue coat ever found a way to MiM SSH traffic

[blue dragon]

^^ That can be blocked on the firewall. Not only can you block tcp/22, you can block the protocol going out on any other port. Remember there is a protocol identifier field in the tcp header, that a firewall can see

[F82_SID]

Another way you might be able to get around the security if you really wanted to is to connect remotely to your home pc via a service like Go To My PC and then browse what ever sites you want on your home PC through the remote connection.

I am an IT Security Engineer too and plenty of my colleagues do this.