Need help working around Orwellian employer...

[ax57]

OK, here goes. My networking skills are somewhat limited, so I hope that I can explain this in such a way that one of the geniuses here can help me out.

I work for a fairly large national company in a job where myself and my coworkers sit around for anywhere from 12 to 48 hours waiting for something bad to happen. When something bad happens, we work for several hours and then return to our crew quarters which somewhat resembles a typical American home. Needless to say, we spend a lot of time just hanging out in quarters fighting off boredom.

Up until now, we've had unfettered internet access. (Employer provided.) We bought our own wireless router, as just about everybody uses their own personal laptops to surf the internet. I've never seen anybody abuse the privilege, i.e., I don't think that anyone is surfing pr0n. Just the usual personal email, ebay, etc.

Corporate HQ hired a new IT director and he decided to exert total control on our internet habits. He shipped VPN firewall routers and WAPs to each base. (We have two DSL modems at our base so we got two of the VPN routers.) At first we just bought a switch and connected his VPN router and our wireless router to it. As it was explained to me by someone more knowledgeable than myself, he wouldn't see what we were doing on our router.

Now, he's purchased static IP addresses for each DSL modem. As I understand it, he wants to give us a static IP address for each of our modems and have us set a login and password for each of them that he would then use to configure his precious VPN. He could then monitor everything we do from 2,000 miles away. (None of us like the idea of somone looking over our shoulder as we surf the internet, and in this job you spend a lot of time on the internet if you don't like to watch TV.)

So here are my questions:

1. Is there any way to still use our wireless router so that the traffic through it is not visible on the VPN?

2. Could we use one of the modems to spoof both static IP addresses? One of the DSL modems is only rarely used and we wouldn't care if it is monitored.

Any help is appreciated,

ax57

 

[spidey07]

Oh my.

This thread is gonna go places.

 

[jlazzaro]

i had a big long response typed out...but i think i'll grab myself some popcorn and enjoy the show instead.

 

[InlineFive]

What the others aren't saying is that you have no chance of being able to get around this.

 

[spidey07]

Originally posted by: jlazzaro
i had a big long response typed out...but i think i'll grab myself some popcorn and enjoy the show instead.

It's not fair that my right to the Intarweb is restricted!!!

It's draconian I tell ya! Whose do these people think they are anyway inteferring with my right to Internet???!!! Much less a government owned network?

National security be damned!!!!

Hats off to the new IT director for what he should be doing. Probably why he's the "new" IT director.

 

[jlazzaro]

Originally posted by: spidey07

Originally posted by: jlazzaro
i had a big long response typed out...but i think i'll grab myself some popcorn and enjoy the show instead.

It's not fair that my right to the Intarweb is restricted!!!

It's draconian I tell ya! Whose do these people think they are anyway inteferring with my right to Internet???!!! Much less a government owned network?

National security be damned!!!!

Hats off to the new IT director for what he should be doing. Probably why he's the "new" IT director.

you mean to tell me our tax dollars dont pay for ebay auctions, youtube videos, and streaming radio stations? blasphemy.

 

[ax57]

I'd hoped for a technical response, not a lecture. (And my job has nothing to do with the government or national security.)

Nevermind.

 

[spidey07]

Originally posted by: jlazzaro
you mean to tell me our tax dollars dont pay for ebay auctions, youtube videos, and streaming radio stations? blasphemy.

Am I to understand that such things are NOT required or entitled to? This is very confusing really. Surely there must be someway to circumvent the security in place. It simply must be!

I have a right to the Internet! It's in the constitution!

 

[jlazzaro]

Originally posted by: ax57
I'd hoped for a technical response, not a lecture. (And my job has nothing to do with the government or national security.)

Nevermind.

nothing to do with the government, just kind of adds fuel to the fire.

we are the ones that lock down networks, secure devices, and "look over your shoulder" to make sure your doing what your supposed to do.

circumventing each others hardwork is not something we encourage.

 

[InlineFive]

Give it a rest you guys.

 

[spidey07]

Originally posted by: ax57
I'd hoped for a technical response, not a lecture. (And my job has nothing to do with the government or national security.)

Nevermind.

Technical answer is you are exactly why these policies are in place.

 

[spidey07]

Originally posted by: InlineFive
Give it a rest you guys.

NO.

This is a public forum. People that want assistance on this kind of activity need to be shut down immediately.

I thought I was a lot smarter than other people in control of the network once. Once.

 

[InlineFive]

Originally posted by: spidey07

Originally posted by: InlineFive
Give it a rest you guys.

NO.

This is a public forum. People that want assistance on this kind of activity need to be shut down immediately.

I thought I was a lot smarter than other people in control of the network once. Once.

He wasn't boasting that he knew a lot more and was going to find some l337 way around the new IT department. In fact I specifically remember him saying, "my networking skills are somewhat limited."

Since you didn't provide an adequate answer I simply told him "No" so that he wouldn't keep wondering. But what does it matter? He could go to Arstechnica where they seem to be more open to this (although I am firmly against that practice). And what would we have accomplished? Nothing.

Just trust that the new admin is no hollow shell and has taken every necessary precaution. Since you said that you once thought you were smarter I gather that the admin outsmarted you. No sweat.

Now you're getting all fired up like a rabid bulldog.

 

[spidey07]

meh, we've gotta liven up the networking forum a little bit.

Make it more fun.

 

[RebateMonger]

Originally posted by: spidey07
meh, we've gotta liven up the networking forum a little bit.

Make it more fun.

Hmmm...that last time that I tried to liven up the Networking Forum, I got reamed for doing a review of the newly-released Robert Redford film, "Firewall".

But, speaking of livening up....

I, for one, don't see the harm in discussing ways to get around firewalls. I'd MUCH rather see a discussion here (where I can be made aware of how folks are sneaking around my firewalls), then have to monitor the "seamier" forums, where you are liable to pick up a trojan just by surfing the forum's web site.

 

[spidey07]

Originally posted by: RebateMonger

Originally posted by: spidey07
meh, we've gotta liven up the networking forum a little bit.

Make it more fun.

Hmmm...that last time that I tried to liven up the Networking Forum, I got reamed for doing a review of the newly-released Robert Redford film, "Firewall".

hey, at least he need physical access so it was somewhat true.

 

[RebateMonger]

Originally posted by: spidey07
hey, at least he need physical access so it was somewhat true.

The heck with that. All I need to break past a firewall is a terminal and Halle Berry.

(ref.: Swordfish)

 

[jlazzaro]

your forgetting a multiscreen hydra setup as well as clairvoyancy. most of today's hackers "envision" passwords...right?

 

[RebateMonger]

Originally posted by: jlazzaro
that and clairvoyancy. most of today's hackers "envision" passwords...right?

With all the poor passwords out there, it's worth trying. A book I recently read, by somebody who specializes in studying passwords, told how he'd "broken" his first password.
----------------------------------------------
The System Administrator at his office quit. The company was desperate to get the password. So, he started making guesses, based on family names, dogs, hobbies, etc. In a couple of hours, he had the password.

also your forgetting a 10 LCD hydra setup~!

You take the Hydra. I'll take Halle.

 

[ax57]

Could you guys at least answer a few legitimate questions? Our IT director certainly can't be bothered to educate us as to how this affects us. (And none of us have ever had to deal with censorship and tracking before. To me this is akin to tracking cookies or spyware.) By the way, we employees originally paid for the internet service at our quarters. Our employer only started paying for it after requiring us to complete some recurring training online.

I googled the hardware. It's a Netgear ProSafe VPN Firewall model FVS318.

I determined that besides providing for a secure connection over the internet, it can block specific sites and has keyword filtering. It can also be set to email certain logs at certain times.

Here are my questions:

Does admin specify the sites to block or is there a default list that is updated like a virus definition file?

Does it log all traffic or only attempts to go to banned sites?

Does it log a site that was filtered because of a banned keyword?

Does it filter keywords just in the URL or in the text of the site as well? (I've seen words in banner ads on Yahoo that would probably be filtered.)

 

[n0cmonkey]

Originally posted by: ax57
Could you guys at least answer a few legitimate questions? Our IT director certainly can't be bothered to educate us as to how this affects us. (And none of us have ever had to deal with censorship and tracking before. To me this is akin to tracking cookies or spyware.) By the way, we employees originally paid for the internet service at our quarters. Our employer only started paying for it after requiring us to complete some recurring training online.

If they're paying for it they can monitor it. Hell, they have to monitor it to cover their asses. Lawyers get paid a lot to make the world a worse place, companies feel it the hardest.

I googled the hardware. It's a Netgear ProSafe VPN Firewall model FVS318.

I determined that besides providing for a secure connection over the internet, it can block specific sites and has keyword filtering. It can also be set to email certain logs at certain times.

Sounds all right. Not the best, but probably cheap and "good enough" for this situation.

Here are my questions:

Does admin specify the sites to block or is there a default list that is updated like a virus definition file?

Does it log all traffic or only attempts to go to banned sites?

Does it log a site that was filtered because of a banned keyword?

Does it filter keywords just in the URL or in the text of the site as well? (I've seen words in banner ads on Yahoo that would probably be filtered.)

I wish I knew enough about that hardware to tell you. Generally proxies and what not can do it all. But then they require probably a bit more hardware than is in that thing.

Your best bet is to get off the grid. They pay for that internet connection and they have a responsibility to monitor it, just like a company has a responsibility to monitor their own premises.

Go EVDO or edge or whatever sprint calls their service. If the company is paying for cable, get a DSL line installed. Hell, get a dialup account if you're hard up.

 

[skyking]

OP, it is really quite simple. Really, I'm not kidding, a serious reply to your post.
First, answer some questions for me.

1) Did you sign an Acceptable Use Policy(AUP), or other similar document outlining what you can and can't do on the company's network?

2) Have you recieved any policy letters regarding internet usage?

If the answer to those questions is no, keep on using your internet connection as you were, with the exception of breaking any laws.

If it is yes, please read what the AUP ( that you and your co-workers signed) allows for and follow it.

The IT manager must exert control for liability reasons. If nothing that breaks policy or violates laws ( MPAA/RIAA copyright violations, child pornography to name a very few) takes place, he is not going to pore over all your ebay searches or myspace friends pages. He does not have time for that.
He could monitor all traffic, and so can your ISP or anyone who can sniff your traffic on the way in or out. That has always been the reality.

It is really that simple. if you don't violate laws or written policy, you are in the clear until they change policy.

 

[Muscles]

Originally posted by: spidey07

Originally posted by: jlazzaro
you mean to tell me our tax dollars dont pay for ebay auctions, youtube videos, and streaming radio stations? blasphemy.

Am I to understand that such things are NOT required or entitled to? This is very confusing really. Surely there must be someway to circumvent the security in place. It simply must be!

I have a right to the Internet! It's in the constitution!

I'd say the ops job sounds similar to a firefighter that lives in a firehouse bored the majority of the day so it's particularly annoying when we have simpletons on the forum making the above assumptions about tax dollars going to waste. If you don't want to offer any assistance then ignore the thread. Save the ethics lessons for another forum that actually cares.

ax57: I doubt he's trying to monitor everything you do from 2000 miles away. He needed the static IP's obviously because he doesn't want to have to find out what the new IP is everytime it gets renewed. Blocking a few sites that he specified in the firewall is probably the extent of his security. If you're really concerned about it and among a group of people then splurging for your own internet may be the way to go.

 

[jlazzaro]

hate it or love it, ethics and network security go together like white on rice...

 

[NuroMancer]

So, from your above post, the obvious answer is, purchase your own hardward for your internet connection?

The new director is following a vision
He wants to have work machines, only used for work. Which since they most likely own the machines, seems reasonable.

To answer your questions: The admins specify the sites. There can, depending on the router, be a list that gets updated, but it gets updates from your companies Datacenter.

It can log ALL traffic and 99% of the time does.

Usually they don't lock down keywords on sites, thats usually left to another piece of software like netnanny.