-15

Because of the place I work has some real issues (people) especially in IT and the owner, I wonder if we are being sniffed.

Is there any way to tell if on a Vista 64-bit machine:

1) In system logs some identification that would tell me that someone might log into my PC such as an Admin

2) Something in the logs that would give me a flag about maybe I'm being monitored some other way?

3) How can I be sure that my gmail, hotmail, and chat is not being sniffed. I know there are things like Simp, etc. I'm talking about specific hidden system signs either in registry or logs.

Obviously I'm not going to raise any suspicion by me asking our network admin. I don't trust anyone at this company.

is there a good way to basically monitor for this as an end user? Could someone log in and basically watch me work and if so, would there be any goodies left behind for me to find out if this has happened other than visual signs which would not be present...maybe some running processes?

WeDoTDD.com
  • 245
  • 2
  • 5
  • 14
  • 8
    Why worry about it? It's work, and the company's computer. Do your work on it, don't use it for anything you're not supposed to, and everything is fine. You have a computer at home with Internet access for your personal business. – Evan Anderson Sep 17 '09 at 03:15
  • negative. I worry about it because I don't think it's cool if my company monitors chat or outside email. Regardless if it's "legal" and your argument, I want to know if they are. – WeDoTDD.com Sep 17 '09 at 04:27
  • 1
    And lets face it you WILL use outside email like gmail, hotmail, etc. And no most people cannot go to work without checking and using that outside Outlook, etc. So I would want to know that interacting with that mail which is personal to me is safe regardless of the argument "don't check it at work then" because that's not realistic my friend. – WeDoTDD.com Sep 17 '09 at 04:30
  • It's not about the legality. I obviously know it's legal. I'm just asking a simple question. Please put all "advice" aside. I'm not ignorant. – WeDoTDD.com Sep 17 '09 at 04:31
  • Honestly I really don't care about the -1. – WeDoTDD.com Sep 17 '09 at 04:59
  • 7
    This is clearly an end user issue and not system administration and should therefore be taken elsewhere. – John Gardeniers Sep 17 '09 at 07:52
  • 3
    This question appears to be off-topic because it is asked by an end user having trouble at work. – Falcon Momot Sep 23 '13 at 03:00
  • 2
    This question appears to be off-topic because it is about circumvention of security or policy, or system misuse. – Andrew Sep 23 '13 at 03:02

3 Answers3

18

Nothing you do on your local area network is private. Nothing. If someone is sniffing traffic at the router, you can't tell. If someone has attached a hub and is using a promiscuous sniffer, you can't tell. This is the reality of being on a corporate network.

That said, there are usually some exceptions.

If you are visiting a website that uses SSL or TLS encryption, then the content of your messages is probably safe. They will know WHERE the content is heading, but not what is in it. This can be compromised by something called 'man-in-the-middle' attack, but that requires intimate knowledge of the network. That said, if it's your own IT manager who's doing it, it's a possibility.

The fact of the matter is that all this monitoring happens outside the realm of your local machine, which means that it's undetectable.

Whether or not it is legal for your employer to do this to you though is another matter, and it varies GREATLY depending on where you live (UK, USA, Australia, etc)

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • Yea, something like gmail. It's over SSL. But I can't be sure it's completely safe...is it? – WeDoTDD.com Sep 17 '09 at 04:28
  • Nope. Nothing you ever do on the internet can be guaranteed as 100% safe. Gmail itself is actually completely un-encrypted. It's only the login and authentication procedure that is encrypted. Check the URL that your gmail page is sitting on... – Mark Henderson Sep 17 '09 at 04:57
  • 3
    If the computer you're using isn't yours, and you don't personally control the software on it, even SSL isn't "safe". Your IT people could easily install a rather vile device that will automatically do SSL main-in-the-middle attacks w/o your knowledge. I appreciate that you don't think it's "cool" and that you don't want advice, but the fact of the matter is that if you're not using your computer you can't be sure of anything re: privacy, so why not just treat it like you have none just to be safe? – Evan Anderson Sep 17 '09 at 04:57
  • Because I could be acting totally "safe" and using something like Hotmail on a work PC should be allowed and I should know that my employer has enough sense to let someone view their external email without interfering with that. – WeDoTDD.com Sep 17 '09 at 05:01
  • there's a point where employers go too far to sniff. There has to be limits somewhere to allow some sort of privacy even if its on their PC again using something like Hotmail. – WeDoTDD.com Sep 17 '09 at 05:02
  • Gmail is encrypted. Every url passes through https. In fact Gmail even said if you go to their site via https instead of http, it's encrypted. But they automatically switch you to https nowdays anway even when you go to http://www.gmail.com – WeDoTDD.com Sep 17 '09 at 05:04
  • A man in the middle attack is as simple as installing cain.exe from www.oxid.it/cain.html Read up on wiki to know more. – Agnel Kurian Sep 17 '09 at 05:55
  • 1
    @coffeeaddict: at the end of the day, the desktop, network and internet connection all belong to your employer, which gives them the final say it what they can and cannot be used for. In a good company, there will be a well defined acceptable usage policy which makes clear what is and isn't permitted, but if the company says 'no webmail', they are fully within their rights to do so. As Evan says, if you don't trust your admins, treat your work network as completely untrusted, and don't do anything that you wouldn't want recorded by someone malicious. – Murali Suriar Sep 17 '09 at 06:54
  • God I hate that phrase "at the end of the day". You sound like a cheeeseball exec. Sorry but it's true. – WeDoTDD.com Sep 17 '09 at 14:45
  • companies who do no web mail are lame. I'm about to start a .com and would never think about limiting my employees using gmail, hotmail, yahoo. – WeDoTDD.com Sep 17 '09 at 14:46
  • Murali, Even Iknow you're right, I'm just not happy with the mommy talk here. I don't agree with everything you say, just wanted to know some insight into more networking questions. Thanks for putting up with me, I'm real....I am not a corporate robot type. – WeDoTDD.com Sep 17 '09 at 14:47
  • in case you're wondering, I'm not some young chump, I'm 30+ and still believe what I'm saying and have worked with many network admins...most would agree with me. When I run a .com, I will not be a "lame" owner and prohibit gmail for god sakes. – WeDoTDD.com Sep 17 '09 at 14:49
  • Agnel, thanks, that's the kind of info I wanted to know! – WeDoTDD.com Sep 17 '09 at 14:49
  • I'm fairly certain that "man-in-the-middle" sniffing of SSL connections is ONLY possible if they company has replaced the root certificates on your workstation. Otherwise any kind of "man-in-the-middle" attack against SSL would cause your browser to give you an invalid certificate error. – Bob McCormick Sep 17 '09 at 15:17
4

For preventing them sniffing elsewhere on the network you can run a web proxy on an external machine you do trust that lets you connect over SSL. That'll let you browse non SSL sites without anyone on the LAN being able to sniff it.

Beyond that, if they've tampered with their computer that you're using, I'm not sure you can ever detect that.

You also can't really detect if they've put pinhole cameras or microphones around the place, or are listening through laser mics or watching you through telescopes.

At some point you just have to trust your employer and, if you don't, find one you can trust. I've had employers who knew that I would occasionally have a rant on IRC or spend an hour reading blogs. As long as my work was done they didn't care. I've had other employers (briefly) where if you accessed anything that wasn't directly, provably, work related, it'd be a serious disciplinary matter. That's their call, not yours.

This also goes both ways, if you distrust them that much, you'll find they'll start to distrust you.

Colin Coghill
  • 245
  • 1
  • 4
  • 11
  • As others have already pointed out, on a corporate network (e.g. where a third party controls the DNS, PC root certificates and routers) then TSL/SSL content cannot be relied upon to be secure. – mas Sep 17 '09 at 07:48
-1

I don't know anything about windows, so can't answer that part of the question.

You can't detect network sniffing because it happens outside of your machine.

If the company owns the computer, they have the legal right to read every character you type (not that I agree with that, it's just a fact). They can replace the SSL certificates and read even what appears to be secure web connections if they like.

If I were in that situation and I could get away with it, I would do my work from an operating system running off of a CD which I brought with me.

Devin Ceartas
  • 1,478
  • 9
  • 12
  • 9
    I'm tempted to go "-1" on the whole "work from an operating system running off a CD" bit of your comment. It's *WORK*. You're there to DO WORK. It's not your computer... Grrr... – Evan Anderson Sep 17 '09 at 03:14
  • Evan, you're too invested in your users being perfect little workers. Guess what, that's not how human beings are. Deal with it (fellow programmer) – WeDoTDD.com Sep 17 '09 at 04:44
  • I don't care if corporations have the "right". I'm ok with them owning Email. That's why I only email "work" related emails and never flame people. however, I don't care that the company "owns" your PC. A person should have some kind of privacy in chat and external resource useage such as gmail. And if you're one of those sticklers limiting any access to outside email, that's gay. That's so old school and so lame. – WeDoTDD.com Sep 17 '09 at 04:45
  • Companies should be able to monitor certain things. But monitoring chat and external emails going over non SSL sites such as Hotmail is just wrong. – WeDoTDD.com Sep 17 '09 at 04:46
  • that's why I fight against it and if I wanna use chat at work and bitch about the p lace I work at to fellow co-workers, it's my opinion and my right to. Companies don't have the right to fire an employee (just as an example) for bitching about work at times...we're all human. Everyone has to blow off steam. Whether that's on chat, in the break room or outside, everyone does it. – WeDoTDD.com Sep 17 '09 at 04:48
  • Funny you should mention that. A bunch of employees at a prison in Sydney are taking their employer to court because they were disciplined and were about to be fired because they posted highly un-professional messages about their boss on a public Facebook group. So, depending on where you live, you may not have that right. I doubt that people in China have the right to rag on their prime minister... everything is relative. – Mark Henderson Sep 17 '09 at 04:59
  • 1
    @Devin Ceartas, even a livecd won't protect you against something like a hardware keylogger. – Zoredache Sep 17 '09 at 07:42