So, it has come to my attention that there are several powerful computer applications out there being used to monitor and track employee’s computer usage. Some of them even implement algorithms and can ‘red flag’ potential problem behavior.
I had this rescuetime software, I forget that actual name, installed on my home computer that does similar things, before I uninstalled it because it reminded me of the brutal fact of how much time I waste on this site, the internet in general, and checking out internet porn.
Regardless, I was hoping someone may have some insider info or knowledge on what software a company, large or small, may be running to check out what employees are doing on the computer.
Are these mainly client side services, where I may be able to spot a process running on my work computer that is transmitting all this information, including every key I may press on the keyboard or be taking intermittent screen shots?
Can they do it from the server, and just check all connections going out and map that to a computer/employee?
Is there a way I could fuck with them and just programmatically do google searches 100 times/second for nsfw material and see what happens?
Really any info on this I think would be interesting and probably applicable to the fair to moderate amount of people who browse this site from work. Its not a problem for me anymore since they changed the url back to T-Nation.com and its blocked.
I’m a network engineer at a college so I get to see it from the other perspective. It all depends on your company policy and how strictly they enforce. None of your data is private at the work place. Not your email, not your IM’s, not you web browsing. If I wanted to I can see every packet of data that is going over my network and have the tools and know how of how to decode most of it. If my boss is suspicious of “Dave”, I would basically track down where Dave’s computer is plugged into network and copy every single packet onto my own computer. It’s called port mirroring.
Now, you can use encryption (like V-tunnel). So let’s say you use that. When I mirror your data onto my computer, I will see a bunch of encrypted data going to a server that is registered a certain server IP. This raises a red flag so I investigate:
1)I used vtunnel to go to a website and captured the data using wireshark just like I would at work.
2)I open my packet decoder and notice a bunch of encrypted data going to an off campus site. In the screen shot the giveway is “TLS” under protocol. This mean it’s encrypted. Also, you’ll notice the source and destination IP addresses. My IP is the 192.168.1.10 address, the 89.238.154.105 IP address looks suspicious to me.
So I use a tool every PC has to look it up. Thats in the black screen. BAM, vtunnel.
I go to vtunnel.com find out what it is and now I know you’re hiding something.
Depending on the corporate policy, you can get in a shitload of trouble for this. In financials, you may even get fired since the encrypted data could be client lists or corporate secrets.
Some other great products that will block even encrypted data:
Can this packet decoding be done in real time and how automated is the process?
Say, I was sending a gmail to a friend. Would have to go in and actually find the text inside all the other markup, handshaking, and other data?
Is this an easy process with a lot of software support, or will it require a lot of effort by a human to go in and look at the translated packets to figure out which data I actually typed and what was just relics of the gmail process?
My company used to use websense but I think they switched over and are using there own thing now.
That vtunnel is nice but the ads are annoying and I just look at borderline get me in trouble stuff on my phone anyway.
I have used wireshark to see what I’m putting on the network.
I am permitted to use wireshark because much of the nature of my job and I use it regularly for debugging already.
Our usage is tracked and logged (except for some special VMs) and we get little pie charts periodically showing how much we’re wasting resources on various non-work related items, but to my knowledge it isn’t enforced or is at least up to the manager. My manager has set up a raw connection for us to look up things that will get us into trouble just in case. That sounds bad but it’s because we have needed to venture into sites that get categorized and flagged as warez or hacking for legitimate work purposes.
Can this packet decoding be done in real time and how automated is the process?
Say, I was sending a gmail to a friend. Would have to go in and actually find the text inside all the other markup, handshaking, and other data?
Is this an easy process with a lot of software support, or will it require a lot of effort by a human to go in and look at the translated packets to figure out which data I actually typed and what was just relics of the gmail process?
My company used to use websense but I think they switched over and are using there own thing now.
That vtunnel is nice but the ads are annoying and I just look at borderline get me in trouble stuff on my phone anyway.
[/quote]
Gmail is encrypted. I just tested it out so no problems there. But hotmail is not. Hotmail only encrypts your password . Your messages can be read by your network admin.
The process can be automated or real time. It works both ways. When I see someone hacking, I look at it in real time. In the example I posted before , i would automated it and check it out later using some tools so I’m not looking at raw data. There are products that we buy (I put them in the edit of last post) that will alert us via email when something fishy is going on. Now that I know of vtunnel, I can enter the IP in the device and I’ll get emailed whenever someone uses that service.
So to answer your question, it depends. When you have the right equipment, its easy an ez process. If not, it’s more time consuming but still possible. Gmail is safe, hotmail sucks.
[quote]debraD wrote:
I have used wireshark to see what I’m putting on the network.
I am permitted to use wireshark because much of the nature of my job and I use it regularly for debugging already.
[/quote]
I wish our programmers were smart enough to use wireshark for their debugging. It’d save me alot of time and grief when their network applications aren’t even leaving their servers. Yet they blame the network every time.
[quote]debraD wrote:
I have used wireshark to see what I’m putting on the network.
[/quote]
Interesting. So, I may be able to use wireshark to see if there is some sort of client on my computer logging keystrokes, taking screen shots, or doing something more active than just monitoring all incoming/outgoing packets at the server level?
[quote]debraD wrote:
I have used wireshark to see what I’m putting on the network.
I am permitted to use wireshark because much of the nature of my job and I use it regularly for debugging already.
[/quote]
I wish our programmers were smart enough to use wireshark for their debugging. It’d save me alot of time and grief when their network applications aren’t even leaving their servers. Yet they blame the network every time. [/quote]
I couldn’t live without it. A lot of my programming is on a low level and I’m building messages byte by byte rather than using an API and I’m using non-standard message formats so I really need to see the message. I check all messages on wireshark to make sure I’m not sending garbage. At least in the development and testing phase, the network is the last culprit for bugs!
We also have some stuff that is proprietary and poorly documented and have used it to reverse engineer the communication portion of some devices while waiting for vendors to answer our support calls we often end up figuring it out ourselves.
[quote]debraD wrote:
I have used wireshark to see what I’m putting on the network.
[/quote]
Interesting. So, I may be able to use wireshark to see if there is some sort of client on my computer logging keystrokes, taking screen shots, or doing something more active than just monitoring all incoming/outgoing packets at the server level?
[/quote]
It would only show you what it coming and going over your network interface. Keylogging or taking screenshots, unless it transmit messages, wouldn’t show up, if that’s what you meant. I can’t imagine it being useful for network administration to use keyloggers or screenshots though! That doesn’t seem efficient.
A lot of guys I know use a remote desktop connection or to connect to their home pc and do their inappropriate surfing and activities.
That sounds bad but it’s because we have needed to venture into sites that get categorized and flagged as warez or hacking for legitimate work purposes.
