Tiggs

At the moment i work for myself and work from home......one company i give a lot of business has said i can have my own office in their building as a perk and use it when i want. I may end up spending most of my time there BUT they have an IT policy.....i was speaking to a guy that works there who mentioned he cant get on youtube and myspace etc.

Now, i will still be working for myself so i'm not too fussed about them seeing that i spend 15 hours on ebay...i just need to know if i can! Is it as simple as using safari or firefox for those sites or will they "see" that?

Also...will they spot downloads if i "obtain" a few bittorrent movies while i'm in the office?

In short......what can the IT guys "see".......also, i assume that they can only monitor whats "on line".....they wont suddenly get access to my laptop when i plug it in their broadband will they? I need confidentiality from them as i have other clients they should have access to information on.


Tiggs

JackClark

I'd install my own telephone line.

richs2891

All depends on how they have set their network up and what software / hardware they are using. - Ie simply proxy server which records every website visited regardless of browser. And yes can see if have down loaded any movies etc
One of our customer records every single keystroke that the users do (an insurance broker) and can see whats open on every desktop and have cameras covering every desk.
If your just renting space & not part of their company then ask if you can have no restrictions on your web access.

Richard

Boro

iTrader: (1)

What would be the advantage of working from their building? I would have thought working from home would be much better.

HankScorpio

Traffic to/from your PC - easily everything (potentially).
Items on your PC - potentially everything but depends what security you have on it.

If you just want the office rather than the connection, get a 3g dongle and contract for your laptop and stay independent of them technology wise.

They are just looking to protect themselves and their bandwidth with their policies, not worth the hassle IMHO. Plugging your laptop on their LAN also exposes you to their environment, do you trust it...?

ScoobyDoo555

As Hank says really - the old adage....

their game, their rules.....

Otherwise, insist on a separate line....

HTH

Dan

Tiggs

worked from home for years....fancy a change and an office with free secretarial/phone/post/coffee/other humans/cafe/etc seems cool.

ok - so the stuff down the line is easily monitored......what can i run on my pc to keep them off my laptop though?

eggy790

iTrader: (20)

side question thats related. what can my workplace see on my computer? with regards to the internet? i know its monitored but what do they know?

and with regards to personal browising i disconnect from the wirelass and use my 3g internet for personal then reconnect when i need to do work.. will they know about the sites ive been browsing on? while on the 3g?

NXG

If the company has a Communications Policy that includes net usage, and you're required to sign it, then you have to adhere to it. If they don't, you can do what you like.

Andy Tang

iTrader: (3)

Depending on what they are using to monitor you, on the corporate network, they will be able to either see:

1) All traffic on the browser with proxy settings, but can be bypassed and unmonitored using another browser (if you have rights to install one)

2) All traffic on all browsers whether there are proxy settings or not.

3) All traffic originating from your machine and hitting the main gateway out to the internet, including IM, P2P, etc.

All of it will be recorded, and irrespective of whether they catch you at the time or not, there will be records that can be recovered. The reports are valid in business tribunals. They should be able to see the site or IP address that you used, probably bandwidth used, time online, data transferred (up and down), as well as being able to catergorise your browsing habits (business, legally dodgy, time wasting, etc)

If the IT team is not great, and only register on IP address then you could suggest it wasn't you as someone can minic your IP. If they have it on name, then your IP address has been assoicated with your login, and they will be tied together. You could argue someone has your password or your machine was unlocked at the time, but this may conflict with your IT policy as you should be taking due care from a security prespective!

If you use a 3G dongle, which may conflict with your IT policy as you are plugging in "unknown" devices to the corporate network, then although they may not see your traffic, your cache files are still on your PC.

Seriously, if you need the internet that can potentially lose you your job, is it worth it?

Andy Tang

iTrader: (3)

Forgot to mention, that the IT guys rarely look at the data and reports, but if it's set up right, then the IT manager, Senior management and HR team are already aware of your "habits"!!!

BTW - I know a little about this arena, as I have installed a number of these solutions, specialising in Websense and ISA, with experience of Barracuda Web Filter, Cyberoam UTM, SonicWALL UTM and some Bloxx.

corradoboy

Hmm, clandestine monitoring if ever I heard it. FFS, what do they think people are going to do on the interweb ? Fair enough, if you suspect anything illegal occurring, or too much wasted time, but for the sake of morale why can't employers just chill out a little ? I wouldn't work for anyone under such untrusting scrutiny !

bioforger

iTrader: (1)

Just install logmein n remote into your PC at home for any illegal activites Most of the BW used for the remote session is from your home pc so they can't complain about that

StickyMicky

Get one of them "dongle" things?

Tiggs

that sounds perfect...i suppose if i wanted to start up a few bittoreents downloading on my home pc that the IT guys in the office couldnt see what i was doing if i use logmein?

boxst

My company blocks LogMeIn as it does most other protocols. You can start to mess around with VNC across port 80 or 21 if no other ports are available. I got bored trying to get around the IT restrictions and just bought myself a dongle that I use at work for all my dodgy browsing needs.

I still use LogMeIn, but I use the dongle to connect to my computer at home to start Bit Torrents etc...

Steve

judgejules

Just let them know you dont want to be on their internal network as you will be using your own hardware and ask them to put you on a separate VLAN (virtual LAN). Any decent switching hardware and respectable network admin will be able to sort you out with this. You will then be separate from their corporate network even though you are using their network cables and your next hop on the network will be the router then the internet.

Your internet activity can still technically be monitored via the switch so dont rest on your laurels in terms of security, but its a little more involved that just looking through web proxy logs.

However, they might not allow this, as they might not want someone in their building having such access to the outside world with the ability to use up more network resource than the rest of their employees by not going through their existing setup.

If all that fails, just use https://secure.logmein.com/products/hamachi/vpn.asp on your laptop and at home. Then VNC over this secure VPN to your home PC to do your web browsing or just set up a web proxy at home and point your laptop at it as a proxy. Your web traffic will then go via your home pc over a secure and unsniffable VPN.

Andy Tang

iTrader: (3)

The dongles are great until they are the reason that the corporate have been compromised.

Then your IT Managers will be looking at solutions like Lumension where devices and applications have to be whitelisted, and therefore non approved devices and software will not run on your work PC.

So if any IT Managers need more information, drop me a PM!!

boxst

The dongles do not really compromise corporate networks. It is no worse than using my laptop in a wireless network (such as at home / airport etc...).

Steve

ScoobyDoo555

This may sound like a daft question, but are these detection protocols OS-native?

Ie if the "personal" machine is say, a Mac, would the IT lot be able to see the same things?
The only reason being is that the Mac HD is formatted differently to the PC....

I may have made it FAR too simple (no change there!), but does what I'm attempting to explain make sense? Or have I missed the point?

Dan

corradoboy

They will still see the URL of every website, and every piece of content within each visited web page as it comes through their system. They'd struggle with monitoring keystrokes that's all.

HankScorpio

Not daft at all.

The traffic flow to/from the device is OS independent so doesn't matter if you're using Windows 3, Vista, Mac or Unix, data flow can be observed/captured.

Viewing what's on the device depends what's on the device to be viewed but what OS doesn't make a lot of difference, if it's on a network, it can be interrogated by pretty much anything else on the network with the right tools.

Andy Tang

iTrader: (3)

I'm not sure I agree with your whole statement! I agree wireless is not secure!!

The dongles are allowing access to the internet, probably on your work machine. You could (although I'm not saying you do) introduce all manner of malware onto your work machine, which your existing web filtering solution may prevent.

boxst

Why? I'm genuinely interested.

When I use my 3G modem at work I am not connected to the corporate network (I disable the ethernet connection), so there is no access to corporate at all. It is exactly the same when I am wandering aimlessly around and use a wireless connection?

Edit: As you edited yours I agree with that. But it isn't worse than using my laptop in a hotel for example (which I have to do way too frequently).

Steve

Andy Tang

iTrader: (3)

When you go to the internet you are asking your machine to make a communication to the destination via your work connection.

As the work connection is being monitored, it will see either the URL or the IP address you are accessing, as well which protocols are being used. If these go against the policies set in the web filtering solution, it will block access.

Normally all this activity is logged.

For example, work should know that at 14:25 on 19th January 2009, the user ATang was connected to Subaru Impreza - ScoobyNet using HTTP on port 80.

judgejules

If their network is well designed, anything that can be taken away from the site or can contact the internet off its own back will be treated as if it IS infected at all times. This also goes for USB ports, harddrive caddies, optical drives, floppies, anything that could put a foreign file onto their network.

Cell and wifi access are as bad as each other.