Do the network guys at work know what I'm typing? (1 Viewer)

[Marty Christion]

I'm just curious about how much the network/IS guys at work know about what I type. I work for a huge company, so we have a big Novell type network. I don't know much more about it than that.
What I want to know is, if I log on to check my Wells Fargo account balance, can they see my account, or my password as I type it in? I understand they have a record of the sites I've visited, but if I visit a forum (like the HTF) or a chatroom, do they have a record of everything I've typed? Or just a record that I've been there?
[Edited last by Marty Christion on October 11, 2001 at 11:28 PM]

 

[tim55]

A guy from the IS dept took me into the server room at work once to show me the web server. It had a display that showed every web site someone was on, no specific information was shown. The thing that got me was how many porn sites were accessed!
------------------

 

[brian a]

It all depends on how much time your IT guys have on their hands. It's very doubtful that they are capturing keystrokes from everyone in the company, but they could. I've done it on more than one occasion for the companies that I've worked for.
It's always best to remember that the machines at work are the property of the company as is all information on them. As unlikely as it is that someone is watching, there are plenty of people without jobs who didn't expect to get caught doing something questionable. It's the wrong time to be looking for a job.
brianca..

 

[Mitty]

I know for a fact that in my office, the network people use "PC Anywhere," so they can fix any computer (well, except for actual physical problems) remotely. They can sit in their cubicles and access your computer.
So, not only can they access what sites you've been surfing, but they can watch you surfing them. They can even manipulate your computer - kick you out of sites, close your browser, etc. Would they bother? I don't know. But, they can.
------------------
Do you like SCARY MOVIES?
Scary Movie Challenge: 13, 12, 11 10 to go!

 

[Greg Rakaska]

They could if they wanted to do so. "Packet sniffers" could be used to see plain text, but could not easily see encrypted passwords.
There are, however several clandestine monitoring programs that can easily display your actual screen on their monitors. It is *highly unlikely* that they are doing this, but never assume that they cannot see what you are doing if they are so motivated. This is one reason many password fields are masked with asterisks.
To be safe, never visit any site, send any message, or type anything that you would not do if someone were looking over shoulder.
From the corporate point of view, millions of dollars of lost productivity are lost every year by employees using their computer equipment for non-business use. It is in their best interest to monitor such things.
From the human weakness perspective, systems analysts and net admins suffer from the same frailities as the general population. Sometimes the temptation to "snoop" takes control. I have found some of my systems people looking at payroll records, personnel records, etc. without any reason to do so, other than that they could.

 

[AjayM]

Well as an IT manager you would be suprised at the types of software out there for monitoring other computers, everything from being able to see what's on your screen to capturing keystrokes, so if your company wanted to know what you were doing, they can easily find out. They also have the right to monitor your computer, audit what's on it, they can even monitor your phone calls if they choose.
However, let's step back into the real world, all of the above takes time, and lots of it. And with the kinds of down-sizing that has been taking place the past few months most companies don't have the manpower to just monitor everybody, so I think you're pretty safe in that regard. But to add a little to the other side, it's very easy to log the sites you are going to with something like the company firewall, and that's quick and easy to go over...that will tell the IT dept who is going to what websites and when and probably for how long (well, you can get a decent idea anyways).
Now as an IT manager I'm pretty much against any kinds of monitoring software as it's usually a waste of time to monitor random stuff. And usually the employees who waste lots of time online with non-work related stuff are easy to pick out, once that's done I have no problem monitoring their system, auditing contents of their machines, etc but bring me your suspicion's and we'll take it from there. I don't report "general" web browsing to my boss's (VP of Ops) unless it's constant or inappropriate (porn), when we ask employees to work long hours, we understand the need to sometimes get personal things done during regular hours.
Also, I know a few people have recommended bring the IT guys donuts or something along those lines, that's either going to make it or break it (so to speak), you'll either win their favor, or make them suspect you of doing something you shouldn't be (IT guys are very fearful of viruses, un-licensed software, etc) which will raise some eyebrows.
Just some thoughts from the IT side.
Andrew
------------------

 

[Brian Harnish]

Wow. Hrrrmmm. I'm lucky I don't actually sit at a computer desk all day. I'd probably be tempted to browse the HTF instead of getting the necessary work done!!! Of course, I'd end up realizing the consequences of doing such things and would immediately get back to work...errrrmmm...maybe!

------------------
- Brian
My DVD Collection
Want Sliders on DVD? Then please SIGN the petition!

 

[Kirk Gunn]

Andrews comment's are right on the money. I supervise the admins of a 5000 user network and it's a matter of resources. We can't spend the $$$ to track every keystroke in the company, but if you raise suspicions, we'll be all over you !!!
Even back in '87 there were ways of tracking keystrokes (the example was to "track how many times secretaries used the 'backspace key'"). Monitoring technology has progressed incredibly since then.
Your company owns the equipment, pays you a fair salary for your brainpower and has every right to be Draconian. However, they want to keep morale up so they don't "advertise" their Orwellian potential. Just don't tick 'em off !
We just gave a Corrective Action to a Sr guy who designed our entire web-access infrastructure and it's security ! Temptation got the best of him and he "thought" he had a back door. What a CLM !!!! (Career Limiting Move) While I occasionally access HTF and commentary/news sites at work, I never access anything deemed socially inappopropriate.
So... don't worry about your bank passwords. If we want them, we'll just shuffle through your desk the next time we are working at 2am recovering a crashed server...

Oh yeah, don't forget to leave us the doughnuts !
[Edited last by Kirk Gunn on October 12, 2001 at 05:21 AM]

 

[Philip_G]

I saw a keyboard on slashdot a year or so ago that could record and store keystrokes.. but like they said who has the time.
when i worked for an ISP we used to dig through the DNS logs to see where people went.. it's fascinating (lots of gay porn sites)

 

[Shayne Lebrun]

Things we can and do monitor easily, and check:
what websites you're visiting and when.
Things we can and do monitor easily, but don't check:
who you're sending email to/recieving email from
what programs you run, and for how long (SMS, ZenWorks)
what other Internet programs/protocols you're using
Things we can monitor, but don't on average, but could if we really wanted to:
exactly what you're doing; screen captures, keystrokes, and so on.

 

[Bill Eberhardt]

Speaking as an IT professional, I can tell you that nice people get numerous warnings before any kind of action is taken. Like, "I know everyone is doing that, but if the wrong person sees you doing it, you could get into trouble." And yes, doughnut providers are nice people. Don't forget about chocolate. Chocolate is nice, too.
Bad people on the other hand...
Standard disclaimer: Let it be known that I do not discriminate against anyone based on race, creed, sex, and all that other stuff. But doughnuts? Ooooo, I'll be right there!

 

[Ryan Wright]

Quote:

You got it. Remember, network admins are people. Even if they're all a bunch of geeks, they're still people with real feelings and emotions. If they like you, you can get away with a lot. Be on your best behavior: Please, thank you, how are you doing today, I really appreciate your help. As long as you're nice to them and don't bitch all the time, you'll likely get some leeway. This week I had a guy visit some sites of a questionable nature (not porn). Typically a user audit would be run and his supervisors notified. However, he's a nice guy who treats everyone with respect, so rather than turning him in I simply blocked the sites so he can't access them anymore. If he were to continue accessing similar sites, I'd call him up and say "Hey, you need to knock this off, ok?" A not-so-nice person would not get this treatment; I'd fire off the audit to their supervisors like I do for everyone else.
Note that I'm looking out for the company's best interests and would not allow anyone to constantly access inappropriate material, nor would I give anyone (nice or not) a second chance if the material was particularly nasty or if it could cause the company problems. Most nerds are loyal and won't let you get away with hurting the company.
------------------
-Ryan (http://www.ryanwright.com )
Before you criticize someone, walk a mile in their shoes.
That way, when you do criticize them, you'll be a mile away and you'll have their shoes.

 

[Scott Merryfield]

I am responsible for managing the data network for a multi-hospital health care system, and as others have stated, it is possible for your computer usage and transactions to be monitored. To what detail is dependant on the time and resources that your IT staff has available -- in most organizations, resources are limited, so monitoring only happens if suspicion has been raised.
I will relate one story that happened here several months ago. We had been having intermittent problems with a network printer at a remote location, and the user was being quite vocal to upper management about the problem not getting resolved quickly. Well, one night one of my staff was called to fix a problem with the printer, and found a rather compromising JPEG from an adult porn site stuck in the queue (sent from this vocal user's id). While we did not forward the print job on to the user's management, we easily could have.
The moral of the story -- don't do stupid stuff on company equipment and time.
------------------
My DVD Collection
AFI 100 Films to watch: 40 -> 4
[Edited last by Scott Merryfield on October 12, 2001 at 12:54 PM]

 

[Marty Christion]

Wow...very interesting info that I probably should have already know.
What about "safeweb"? Is that more secure? Of course, I'm not looking for Porn or Warez or anything naughty, I'm just curious.

 

[LDfan]

SafeWeb should be very secure however using it is sort of a double-edged blade.
Whatever you look at on the web should be safe BUT if any of the IT guys happen to be doing any kind of audit on internet usage then you may be calling attention to yourself when they see your using it. That may prompt them to pay real close attention to what you're doing.
Jeff

 

[John Anderson]

IS/network guys are people too. I have the thankless task of monitoring email and internet usage for a 250 user network. To make things worse its a government site, and to make things really bad its a local politicians office. As a political office in Florida, which has a public records law making everything on our computers a matter of public record, we get a lot of public records requests wanting to know who's getting what email and who's surfing where. Because of this we have spent a lot of money on monitoring and tracking software, and use it everyday. I've been called Big Brother, the Email Nazi (No email for you) and several other colorful non-endearing terms. Everyone thinks I'm out to get them and I'm not, I'm just doing my job. I let tons of infractions slide, but I can see where they are surfing, even watch as they surf, block secure surfing sights, banking sites, web mail accounts and of course porn. But I don't unless you send up the before mentioned red flags.
I'm really not an Email Nazi

 

[Ryan Wright]

SafeWeb should be very secure however using it is sort of a double-edged blade. Whatever you look at on the web should be safe

Not really. If you're behind a company firewall we can still tell exactly where you've been. Safeweb embeds the URLs you visit into it's URL. For instance, if you go to Hotmail through Safeweb, you'll access the following URL:
Link Removed
Likewise, if you go to an adult site, it will look similar:
Link Removed
The software I use logs all URLs. I'd know immediately where you've been. And, any activity to a site such as Safeweb would attract a ton of attention to yourself. I'd run an audit on your account immediately to see what you were trying to hide...
Basically, there is no way around it if your IS people know what they're doing, and in any moderately sized company, they do. Just behave yourself, don't rip your company off by spending hours online and don't visit any sites from work you wouldn't tell your mother about. Then you'll be fine.
------------------
-Ryan (http://www.ryanwright.com )
Before you criticize someone, walk a mile in their shoes.
That way, when you do criticize them, you'll be a mile away and you'll have their shoes.

 

[Eric Scott]

Now that the question has been answered, how many of you are on "Pink Slip Alert?"

 

[Scott Strang]

I work in the IS dept of a hospital. We have many means to monitor any kind of activity on the network.
SMS-system management server- we use this to "push" builds, transfer files to other user's pc instead of using email attachments. Also it comes in handy when trying to show someone how to do something on their pc without having to physically go there.
Microsoft Proxy server- We use this for controlling user's access to the internet and the type of connections allowed such as HTTP, FTP, NNTP etc. When I first went to work there we didn't use anything to monitor internet activity. However, some users started surfing porn sites. Some even did this from nurses stations. The first big complaint came when a patient actually saw an AT looking at a porno site and reported it. Contracting viruses via IRC clients is another reason for doing this. It generates logs of every website that users visit but doesn't capture pages. All users think we watch everything and that's really what we want them to think.
In reality though, we simply don't have the resources to spend time actually reviewing the logs. We will however if someone raises suspicion or a dept head requests that we review the proxy logs of a user's account. As long as people don't visit sites that are sexually explicit we really don't care who looks at what. Since the only people allowed to have internet access are now upper level people, we don't really worry about it since these people know to be productive and not spend large amounts of time surfing sites for personal use.
Looking up porno sites while at work is moronic. I would think that common sense would dictate that this kind of activity not be committed.
Our strickest rules involve e-mail. We use Exchange as our platform. Sometimes people will do really stupid things like send a joke to an all users "z-list" which means everybody see's it including top brass. Some users will send out chain letters and email attachments to all email users which really eats up disc space. Users are given 2 chances to not do this and save their accounts. The 3rd offense gets them account revokation which means they won't be able to do their jobs. YOu can complete the picture of what happens next.
To be honest, I doubt anyone in our dept really cares about who does what as long as it doesn't result in us having to do more work due to a user's action.
------------------
"What did Mr Spock see when he looked in the toilet? The Captain's Log."
Stolen from a BBS in 1985

 

[Joseph DeMartino]

I have to go along with everyone else. As a (currently unemployed ) network administrator, I can tell you that we can do a great deal, but as a rule we don't without "probable cause" for all the reasons mentioned above. OTOH, a lot of this comes down to company policy.
I actually worked at a law firm that had seven offices in different cities, and an on-site IT presence in only two of them, that refused our request to install remote-control software, which wasted untold hours as we tried to get users to describe what was on their screens. (Which never works. They always read you either the first of the last line of a six line error message or dialogue box which gives you no information about what is happening. )
After I left they finally relented. (The senior partner had retired, and apparently he was the one most paranoid about people seeing what he was doing on his PC.) Still, they limited the use to active troubleshooting work, not random snooping, required IT to get the permission of the user (or manager if the user refused and remote access was really necessary) before starting the remote control software, and forbade use of the "stealth" mode of the software - meanining that anytime the software was used a clear warning would appear on the user's screen to tell them that they were being monitored. I know of several other companies with similar rules.
There was a loophole in the rule to allow stealth monitoring of user workstations on the express order of two senior partners if there was reason to suspect criminal activity or imminent threat - although I'm not sure exactly what the last phrase was supposed to mean. This loophole is also common in corporate security policies, usually requiring the authorization of two or more senior managers. Kind of like the police needing a court order for a wiretap.
So it is generally true that in the real world IT Departments have the ability to do a lot of monitoring, but neither the time or the authority to do so. I doubt your company can afford to have one IT person for every three employees, sitting in front of a bank of monitors eight hours a day watching what everyone is doing, which is exactly what they'd need to keep an eye on everything going on.
Regards,
Joe