Question for IT workers out there

[KeithTalent]

If I am exchanging e-mails with someone using Gmail, can people in IT, and by proxy management, see what I am receiving and/or typing?

Nothing illegal or anything; just words and no links or pictures, but some relatively racy things have been coming in to me from someone. I just need to know whether I need to ask her to stop or just wait until I get home to read them.

Thanks in advance for the help. :beer:

KT

 

[VoteQuimby]

your fired. pack your things and leave.

 

[Ramma2]

I want to say yes it is possible, but it is very complicated and requires some expensive software.

I would be more concerned with a desktop manager program taking a snapshot of the screen or something.

 

[FoBoT]

it is possible, but isn't likely
too much work

 

[KeithTalent]

Originally posted by: VoteQuimby
your fired. pack your things and leave.

Damn.

KT

 

[melchoir]

If you're going to question it, wait until you're home to be safe. Yes they can see what you're doing on company time, and is it worth losing your job over?

 

[KeithTalent]

Originally posted by: Ramma2
I want to say yes it is possible, but it is very complicated and requires some expensive software.

I would be more concerned with a desktop manager program taking a snapshot of the screen or something.

Are these common?

KT

 

[KeithTalent]

Originally posted by: melchoir
If you're going to question it, wait until you're home to be safe. Yes they can see what you're doing on company time, and is it worth losing your job over?

Well I'm not going to get fired for a first offense, I would just get a warning, but I don't want it to even come to that of course, so I guess I'll just wait.

KT

 

[spidey07]

It's done all the time. Some places even go so far as to capture all traffic, store it, and back it up everyday in case it's needed for security purposes.

 

[Capt Caveman]

They can easily tell that you're using gmail but what you're actually sending/reading is a whole lot more difficult but possible.

 

[trmiv]

Possible, not probable. The smaller the company the more likely they are monitoring you that closely in my experience. In large companies it's too resource consuming to monitor everyone down to that level unless they have done something in the past to warrant being looked at closely.

 

[Platypus]

Even when using SSL Gmail it is possible for IT to read your conversations. Whether or not they do this is most likely not probable but it depends on your company and what your company does.

I've worked at places that read my gmail conversations in the past because of the sensitive nature of my job, my current job does not employ such products.

So bottom line, they're probably not reading your gmail but you shouldn't be doing things on company time that could be considered questionable in any way.

 

[eldorado99]

Originally posted by: Ramma2
I want to say yes it is possible, but it is very complicated and requires some expensive software.

I would be more concerned with a desktop manager program taking a snapshot of the screen or something.

Wireshark isn't expensive... It may take a while but you could do it with Wireshark.

 

[torpid]

In order to read what is happening over SSL would they need to install some sort of program on each workstation that could intercept what the browser is doing or something? I don't understand how they would do it otherwise.

 

[Patt]

Originally posted by: Capt Caveman
They can easily tell that you're using gmail but what you're actually sending/reading is a whole lot more difficult but possible.

I know we keep track of the fact you're on Google, but don't bother with anything deeper than that. Our best option is the desktop snapshot, but we are rarely requested for something like that.

Myself, I use LogMeIn which uses a secure connection to my home PC, where i can check my emails etc. If someone took a snapshot, they could see it, but not intercept the traffic without undue hassle.

 

[gsellis]

Originally posted by: Platypus
Even when using SSL Gmail it is possible for IT to read your conversations. Whether or not they do this is most likely not probable but it depends on your company and what your company does.

I've worked at places that read my gmail conversations in the past because of the sensitive nature of my job, my current job does not employ such products.

So bottom line, they're probably not reading your gmail but you shouldn't be doing things on company time that could be considered questionable in any way.

+1

The Exchange client probably isn't encrypting it either, so it is pretty easy with the stuff that big companies usually have online anyway. But it is a pita with the volume.

 

[Platypus]

Originally posted by: torpid
In order to read what is happening over SSL would they need to install some sort of program on each workstation that could intercept what the browser is doing or something? I don't understand how they would do it otherwise.

No, there are a few appliances on the market that do this. The BlueCoat SG is a popular one, google it and read up on it.

 

[KeithTalent]

I'm mainly just reading, not doing much typing, and the typing I do is relatively innocuous.

Thanks for all of the information though guys. I'll just play it safe and wait until I get home.

KT

 

[alien42]

everyone in this thread is making this out to be a difficult task to achieve.

my company uses monitoring software that takes screen shots of your desktop. its very easy for them to monitor anything that goes on.

 

[torpid]

Originally posted by: Platypus

Originally posted by: torpid
In order to read what is happening over SSL would they need to install some sort of program on each workstation that could intercept what the browser is doing or something? I don't understand how they would do it otherwise.

No, there are a few appliances on the market that do this. The BlueCoat SG is a popular one, google it and read up on it.

Cool. Or maybe not.

 

[torpid]

Hm... but how does it inspect SSL sent from client to server if the appliance only has the public key and not the private key? Wouldn't it theoretically only be able to inspect SSL in one direction (from server to client)? I guess that would be good enough in this case.

Edit: N/m I figured out how it would work.

 

[Pheran]

Originally posted by: torpid
Hm... but how does it inspect SSL sent from client to server if the appliance only has the public key and not the private key? Wouldn't it theoretically only be able to inspect SSL in one direction (from server to client)? I guess that would be good enough in this case.

Edit: N/m I figured out how it would work.

In case others are interested, basically IT would insert an extra CA (certificate authority) into all the deployed browsers. Then when the proxy intercepts the SSL it creates a fake certificate for the site that is signed by that CA, which your browser trusts since the CA is installed. If you were using a browser without the extra CA it would throw up a warning at that point.

 

[KeithTalent]

Ok, I just talked to a buddy of mine that helps run the IT security department and he said they do not have any specific monitoring software to watch people.

He said they only really look at people (I'm not sure how) if they receive a specific request to do so and they are more concerned with those that are dealing directly with clients.

He also said he would give me a heads up if my name ever came up, though he doubts it ever will due to the nature and level of my job. I told him I'm just going to play it safe and read them when I get home.

Interesting information though guys, thanks again.

KT

 

[Deviant Grasshopper]

I would absolutely 'play it safe'. If I see someone doing non-work related activities 10 times a day I'll take a look at what they're doing using a screen capture utility.


Nothing done on your work computer is sacred. It's unlikely that they'll randomly target you but it definitely could happen. It's very unlikely that they're pulling packets but there are plenty of remote capture utilities that most dept's use.

That being said, even if I saw someone getting some nudies from their GF I wouldn't do anything about it except show the other guys in the department

 

[KeithTalent]

Holy necro Batman!

Thanks for the information though. :beer: I am sort of playing it safe.

KT