Can administrator watch my activity on Web?

[Computernerd22]

Can the administrator wath my activity on the Web, i.e what sites i'm visiting and/or the volume of data transfered/received from my computer?
Is there any legal tool to block this ?
Thanks in advance.

The ISP I work for they use snort to monitor network traffic running on Apache 1.3.27 snort can be found @ http://www.snort.org/
another way networks get in trouble/infected is by the 'employees' send mail out side the network (example to hotmail) and also allowing incomming e-mail from external resources (outside the network) which is also a security issue. johnny_xp when you connect to the LAN do you have to sign in? Are you prompted for a username & password? If so, then yes you logged into the network under your username therefore whatever websites you go to are being recorded and all network traffic aswell under your username. Hope this helps, Computernerd22

[ShagDevil]

Neorage, and how does he hide his MAC address? He can change his hostname and IP address all day, but all it will take is any decent network traffic analyzer to resolve a MAC address to a computer predefined by the Admin (when he initially set-up the network).
example: 00-01-02-5F-B0-42 = Johnn'y XP's notebook computer
So irregardless of what IP or host name he's using, the Admin will know exactly what computer is connected to the network. Unless of course I'm missing something

[MrLinus]

Unless he Changes his MAC regularly (now I never said it was easy). I would suspect however that the way to avoid an admin (thinking with a black mind here) is to setup an individual AP that doesn't connect to an internal wireless network and go out on that by finding another network to connect to. Depending on the size and budget of the company they may or may not have methods to detect this kind of activity and may shut you down (a la Air Defense or other wireless IDS tools). Nothing is guaranteed or impossible.

But this opens up the discussion to an ethical point: should employees be allowed to 1) circumvent a company's security policy because it's inconvient or whatever 2) should the administrator be allowed to monitor where employees go?




For those interested in more on changing MAC addresses visit Google.

[Tiger Shark]

But this opens up the discussion to an ethical point: should employees be allowed to
1) circumvent a company's security policy because it's inconvient or whatever

Well, I own the equipiment, I own the bandwidth, I own the electricity to run your equipment and I own the square footage you take up while you try to circumvent my policies, (ok, my company does....). In addition, when you are employed by my company , you are provided with an AUP, one of the statements within it is "Users shall not try to circumvent the policies put in place by the IT staff"..... So.... They aren't allowed.... period.... Go ahead try.... See the next point.....

2) should the administrator be allowed to monitor where employees go?

See above.... I own it.... It's mine to do with as I please and you have been clearly warned in the AUP that I can and will monitor any and all traffic that passed through company owned resources. Bring yourself to my attention by making a single mistake trying to get around me and I will hunt you down.... You will be found and you will be disciplined.... If your supervisor is a bloody "softie" I will go to the administrator if your attempts were egregious enough and have the supervisor over-ridden. If they don't want to cooperate then I lock the IP tothe machine and block it from all internet communication..... If the administrator wants their employee to be able to do their job they can take it to the CEO and explain why they won;t discipline a worker that isn't doing any work but we are still paying them..... They conform....

It happened on my network just a few weeks ago. A user was running a real estate business using my network..... Spent all day logged in as an agent searching real estate listings. I gave her a "friendly" warning while pointing out that users get just one warning..... She clearly doesn't have enough work to do because she continued for another three weeks in the same fashion, ( I gave her three weeks, c'mon......I'm not unreasonable.....), then I "dropped her docs" to her supervisor.... Dunno what transpired.... She's still employed but she hasn't even opened IE since then........

[Tedob1]

even putting aside the fact of ownership (but not dismissing it for its a big point), the amount of trouble one person's surfing habbits can cause an entire company require web surfing be monitored...i really have better things to do but i have to watch out.

[Tiger Shark]

Liability is the word..... It only takes one moron to be surfing the pr0n when his female colleague enters his office to see a nice little lawsuit..... against the company..... not the moron.....

The company pays me..... if it loses money my raises are less.... It's my a$$ i'm covering too....

[Cemetric]

What if it is your boss who is surfing the net to "forbidden" sites ... oh let me guess he can because he is the boss ...

Luckely we know the excitance of ad-aware and alikes ... but this guy get's on my nerves ... sorry for the rant here.

Job anyone

[embro1001]

Originally posted here by Cemetric
What if it is your boss who is surfing the net to "forbidden" sites ... oh let me guess he can because he is the boss ...

Luckely we know the excitance of ad-aware and alikes ... but this guy get's on my nerves ... sorry for the rant here.

Job anyone

Highly unlikely that the Boss would be the violator. Not only would he be putting the company at risk, but himself as well.

And if he is, then just follow the chain of command. Go to the boss's boss. If he is the top rung, take it outside the company.

Tiger Shark: You friggin' rock.

[ShagDevil]

MsMittens, good find on changing MAC addy's. . You'll have to forgive me for being presumptious but, I'm not so sure Johnny XP would be ambitious enough to go around changing his MAC address for the sake of downloading mp3's and movies ( I believe he's just looking for a quick fix to his dilemma). Maybe I'm wrong?
In any event, I found this article on the possible cost(s) to the company from non-business related browsing. It's a bit old but it makes quite a clear point.

[MrLinus]

You'll have to forgive me for being presumptious but, I'm not so sure Johnny XP would be ambitious enough to go around changing his MAC address for the sake of downloading mp3's and movies ( I believe he's just looking for a quick fix to his dilemma). Maybe I'm wrong?

Never make assumptions about what users know or don't know. You'd be surprised. How do you know it isn't a social engineering feat? "Let me pretend I'm stupid and fly under the radar so they won't know what I'm doing or suspect me". Think about it. When something goes wrong, you usually go after the one that annoys you the most, not the quiet one that is polite and timid and doesn't bother you.

Highly unlikely that the Boss would be the violator. Not only would he be putting the company at risk, but himself as well.

Highly unlikely? Bit of a generalization from my experience and seems a small proportion that would support it. I've seen some bosses threaten their admin that if they didn't get what they wanted, the admin would be brushing up their resume (doesn't make for a good work environment). Heck, I got told on a consultanting contract by the OWNER of the company (this company booked short and long term "apartment" gigs for VPs, CEOs, etc. when travelling) I was trying to secure that the password on the machine that stored the Credit card info and personal info of these VIPs shouldn't be changed. This was an NT box, no firewall, no Service Packs and the password was... you guessed it, password. His belief was that the ISP's provided router (whose password on there was also.. password) would be sufficient). No amount of arguing would work. I insisted on getting in writing that I wouldn't be held liable for any break-ins because he chose to not follow my advice -- even the obvious simple stuff of applying appropriate service packs, strong passwords, a firewall and anti-virus on it.

Unfortunately, in my experience bosses and CEOs often view themselves as kings above the law. This probably explains the lack of interest in security and the view that it costs more than it saves (I don't have hard figures -- if anyone finds them, please post -- but I have a strong suspicion that companies save a lot more when security is applied, encouraged and supported due to the fact that less is spent on OT, data recovery and wasted user time).