Log-on at work?

[just1gurl]

There was a post a couple of days ago where someone mentioned having network skills and offered help to people here, I can't remember who it was....

but

Question 1

Who logs on from the office to SB?


Question 2

For network types: can you tell where I've been?



I'm working temps in the dc area and when I have the opportunity I like to check in and see whats going on....

prim business suit, viewing website with humping naked avatars. nice contrast. But my personal life is my personal life, so I'd kinda like to know if they know where I've been online. But as a temp, these people aren't going to remember me anyway so I don't care at assignments...(though I'd love to see the look on the temp agency women's face if she knew..)

[sexyshelby]

Yes, they can see what you're doing. They're watching you! Actually, it depends on the company. Some smaller companies don't have the people to monitor internet usage. But they do at least have the capabilities to see where you're going and what you're doing on line. I am very careful not to do anything personal on my work computer, no checking bank accounts, no sex sites and no personal email.

If you're not worried about being caught, since you're only temp, it's your call.

~SS

[just1gurl]

no not worried about being caught, if I was I wouldn't do it.

But I like to know how much they know behind those grins!

[VanHlebar]

I log on at work, but since it is my company who is going to catch me. I do have to tell a not so funny story though...

I was checking our email on our profile site one day and after reading the email the couple sent us, I went to their profile. I had their pics up when I saw one of my employees heading into my office. So I minimized the web browser and I saw it go down into my system tray. Well, for some reason it popped back up on my third monitor and I didn't know it. So here my employee is standing at my desk talking about a client problem and the entire time these pics of a couple, some nude are up on my third monitor. I noticed it after she left my office. She never said anything to me and I never mentioned it to her so who knows.

Loggin on from work is risky for anyone, but if you don't care if you are caught then so be it.

-Van

[CB_n_Red]

Like Van, I check the Board from work, and like him, I'm the boss so it's never a problem. Fortunately I don't have any employees (though Red helps out several days a week) so no chance of anything going wrong!

CB

[sterlingr]

First time poster - only looking to provide technical support. <EG>

Depending on where you work and how paranoid your company is there is nothing you can do to ensure privacy. Using an anonymous (encrypted) proxy is about the best you can do. (For those who are blankly staring at that sentence, this basically is a website you connect to that encrypts all traffic, and then allows you to surf the web from _that_ site, rather than your own computer, and returns the results to you over your encrypted connection to _that_ site. I.e., Joe connects to AnonProxy, AnonProxy connects to swingersboard.com, AnonProxy connects Joe and swingersboard.com behind the scenes). That will get around things like traffic logging and sniffing (capturing), because all of your traffic can only be tracked to AnonProxy instead of swingersboard.com, and it's all encrypted so no one can make anything of it.

Of course, if you work for a government agency, military, extremely paranoid company, forget it. They can log what you are doing at the keyboard level, capture screenshots of your screen, reconstruct web activity from temporary internet files, etc. If you require absolute certainty that you cannot be tracked, don't do it. Nothing is absolute if it's connected to a network.

[Paphian]

Quote:

Originally Posted by just1gurl

Question 1

Who logs on from the office to SB?

Never. But since I'm busier than a one-armed paper-hanger at work, doing network management, that shouldn't be surprising.

Quote:

Originally Posted by just1gurl

Question 2

For network types: can you tell where I've been?

It depends on the level of network monitoring being done. At a minimum, most sites can easily monitor for the IP address (and therefore just as easily the site name). If I'm running a real-time monitor for some reason (usually troubleshooting of some sort) I can see every single unencrypted byte being sent and received by any machine I care to observe.

So what's being tracked depends on things like the company's paranoia level, network conditions, level of boredom (and level of professional ethics) of personnel charged with maintaining the network, etc, etc. In my experience, most companies having any significant amount of concern have both an outbound traffic filter to block "inappropriate access" and a written policy about it.

Quote:

Originally Posted by just1gurl

I'm working temps in the dc area and when I have the opportunity I like to check in and see whats going on....

I would think it would only cause you a problem should a client report back about it and thus potentially impact your ability to gain new temp postings.

Quote:

Originally Posted by just1gurl

prim business suit, viewing website with humping naked avatars. nice contrast.

Umm... yeah. I'll just take that visual to work with me today. Thanks!

Quote:

Originally Posted by just1gurl

But my personal life is my personal life, so I'd kinda like to know if they know where I've been online.

The safest rule-of-thumb is that if you don't want them to know, don't do it at work. Since I am the network administrator where I work, I know exactly what our practice is:

1. We happen to have a legal obligation to block access to "inappropriate sites". We do so via a device through which the majority of our outbound traffic passes and which is maintained/updated automagically by a vendor. Solves two problems: restricting access as is legally required and removing site personnel (me!) from the line-of-fire regarding what's allowed. ("Terribly sorry, the box doesn't allow it. Nothing I can do..." )

2. We will not specifically monitor any user account without notice to the user unless:
a) it occurs during routine troubleshooting of other things (rare)
b) it's specifically requested by someone having proper authority (even rarer)

Professional ethics is the biggest potential problem here. As an old fart involved in this business of network communications for some 27 years now, I've already seen it all, don't really give a damn what you're doing, and have developed a really advanced ability to completely forget what I've seen on the network. It's not my business to eavesdrop, and frankly, the actual data being transferred is rarely relevant to solving network problems, so the data being sent mostly just flows by me without registering.

Where many companies have a huge (and unacknowledged) security and legal risk is in employing network administrators without sufficient ethics or experience. I'm not trying to knock young folks in general, but all-too-often a company hires someone for this sort of job based solely on getting decent help as cheaply as possible, and that usually means you get a young guy or gal (as those just getting started are usually willing to work far more cheaply) with way too much interest in what's being sent/received, and no where near enough experience to know it's none of their business.

Quote:

Originally Posted by just1gurl

But as a temp, these people aren't going to remember me anyway so I don't care at assignments...(though I'd love to see the look on the temp agency women's face if she knew..)

Methinks you could be difficult to forget, depending... As for the temp agency woman... maybe her profile is one you just haven't stumbled on yet

Probably way more than most folks want to know in response to your seemingly simple questions, but I figure forewarned is fore-armed. Better to have an idea how all this works than to suddenly be talking with HR about your severance package.

[Paphian]

Quote:

Originally Posted by sterlingr

Using an anonymous (encrypted) proxy is about the best you can do. (For those who are blankly staring at that sentence, this basically is a website you connect to that encrypts all traffic, and then allows you to surf the web from _that_ site, rather than your own computer, and returns the results to you over your encrypted connection to _that_ site. I.e., Joe connects to AnonProxy, AnonProxy connects to swingersboard.com, AnonProxy connects Joe and swingersboard.com behind the scenes). That will get around things like traffic logging and sniffing (capturing), because all of your traffic can only be tracked to AnonProxy instead of swingersboard.com, and it's all encrypted so no one can make anything of it.

Warning: At some companies, simply connecting to an anonymous proxy can get your ass reprimanded or fired. The assumption is that if you're doing that, you're doing something prohibited on their network, therefore, you're toast.

[sereneiders]

Companies doesn't like people to waste paid time, nor to waste bandwidth that could be required for something more serious.

Your computer at work is part of a private network where some computer works as a gateway to the rest of the world, everightin converges to that computer, so if the employee want to know what you're doing, they can log the activities, and this means which services you're using (www, mail, MSN, ICQ... whatever) and the contents of every data package sent and received. Encryption is meant to avoid someone able to get the packages at any point in the path they travel, to disclose the content nor alter it, thus encripted data are more safe, but then they will need you to give a well reason to use an encripted service. For example, checking your bank account or paying bills is a valid reason that would be most usually accepted, since t'd be an allowed activity and it's the bank policy the one forcing you to use an encrypted service. Using an encrypted proxy is not a valid reason, the only motivation for that would be to try do an unaccepted activity without being caught.

Some very paranoid companies may have their computers monitored at the operating system level, thus they may log all the activities in your computer, including the keyboard input (so they actually end up knowing your bank account password). In this scenario I wouldn't check my bank account.

Besides all of this, and unless configured otherwise, every browser holds a history log of the webpages visited, and store copies from the contents (typically pictures) to reduce the effort of gathering over and over from the web in a "cache". Unless you erase the logs and the caché, anyone is able to figure out what you did in the web.

Some geteways use proxies for the web to the rest of the computers, and holds a cache for the entire company to reduce bandwith, so there you have some other place where anyone able to reach it can know what you were doing.

More difficult but possible is to hihack encripted websites, with a computer in the middle way from the client one to the provider one (let say the gateway) that, once detecting a connection request will be encrypted, it acts as a proxy for the "secured" website, by means of a new encrypted service under it control. It's hard to notice for you because you're engaged in the same login procedure the website use to have, but you're stabilshing an encripted session with the proxy, and the proxy would be using the data it get from you to validate the original encripted session with the website. But this is way more complicated to achieve than monitor a computer keyboard so Id say it doesn't worth the effort (unless someone wants to steal private data).

So, I'd assume Big Brother have his eyes over my shoulders and I'd avoid using a corporate computer to browse SLS.

[mitzi54]

I luckilly own my own small company. I am the only one in the office all day so I don;t have to worry. I do most of my reading of SB at work when I have the spare time. When I get home at night I spend my time with the wife and kids.

[Thrax]

My company is me. I do 75% of my work at home. Not only can I access this Board and dozens of other "questionable" sites here at "work", I don't even have to dress for the occasion. Er...actually, sometimes I AM attired for the occasion, depending on what you consider the appropriate level of clothing to be.

I just have to remember that SOME clothing is (usually) required the other 25% o' my working time. Some of those non-employees can be picky.

And I'm looking forward to slightly warmer weather.

Thrax

[just1gurl]

Quote:

Originally Posted by Paphian

but I figure forewarned is fore-armed.

Four-armed, sounds like a swinging thing.


I have to stop with my lame jokes.

How's about wireless networks? I moved into a roommate situation here and there is a wireless network in the house from a highspeed connection (though it truly sucks)

Is my activity logged onto a situation like this?

residential highspeed cable to the wireless thingie then out and about the house in the air I breath, and zap onto my computer. Just your basic wireless g linksys thing.

Thanks for sharing your knowledge. Knowledge is POWER.


(makes you look at those temps a little differently now doesn't it?? )

[Deptydog]

i have internet access at work, but because of the firewall, I can only access certain sites. And since we're on a network, anyone can log-on and see what I'm seeing, so No, I don't log on at work.

Wish I could though.

[Mephisto]

Proxies only work once you are outside the network -- the problem is getting outside the network first-

Consider this - More and more companies be they big or small are concerned with privacy. If you dont want some one to know where you have been, or what you are doing on the internet, then don't do it at work.

Many employer's, now log all internet traffic and audit the logs on a regular basis. Depending on what they find may mean focusing their attention on you.

Even small companies can do spot checks to see what employee's are doing. As a matter of fact, I often log onto my staff's systems to see what they are doing. Unless I make my presence known, by messaging them, or taking control of the computer, they never know i have been there.

As a manager, I am responsible to my employer for the bottom line of my program. We don't pay people to (and don't take this the wrong way please ) look for someone to hook up with, or to arrange their next fix ect etc.

[Paphian]

Quote:

Originally Posted by just1gurl

Four-armed, sounds like a swinging thing.

I have to stop with my lame jokes.

Pun-nishment will be forthcoming.

Quote:

Originally Posted by just1gurl

How's about wireless networks? I moved into a roommate situation here and there is a wireless network in the house from a highspeed connection (though it truly sucks)

Is my activity logged onto a situation like this?

Depends on your roomie--if it were me I'd probably be suggestin' you sit on my lap while we both look. More seriously, I doubt much of anyone bothers at home. After all, that's what home nets are for, right? Surfing the places you shouldn't at work?

Quote:

Originally Posted by just1gurl

Thanks for sharing your knowledge. Knowledge is POWER.

You're welcome.

Quote:

Originally Posted by just1gurl

(makes you look at those temps a little differently now doesn't it?? )

Does this mean I have to quit ogling them?