IP Security Emergency

[MindyLynne]

I submitted this in another and probably incorrect formum so I am reposting it here.

I am trying to learn how someone can learn the IP address of my office computer without physically tampering with my computer. I believe this has happened. Also, once they have the IP address, what can they do? Can they read my emails? Know where I have been on the Internet?

I really need help and do not want to ask my computer department for personal reasons.

Thank you to anyone who can help me!!!

[.:front2back:.]

Originally posted here by MindyLynne
I submitted this in another and probably incorrect formum so I am reposting it here.

Firstly maybe delete the other post you made in the other forum..

I am trying to learn how someone can learn the IP address of my office computer without physically tampering with my computer.

Ok there are many of ways that some one can obtain your IP addresse, either Remotely or by gaining Physical Access to your Computer.

I believe this has happened.

And why do you think that someone has obtained your IP addresse.?

Also, once they have the IP address, what can they do? Can they read my emails? Know where I have been on the Internet?

There is not much really that they can do to your computer IF you have the latest updates for your computer, the latest Virus Definitions, and your Firewall is configured and enabled.

As far as reading your emails, it would be very difficult for them to read your emails, unless they have your password.
If you think that your password has been compromised, then change it immediatly.
And if you are worried about them knowing what sites you have looked at while on the internet, then simply clear your internet cache via your Browser Tools -> Options then just choose the Privacy Tab and click clear entire cache.

I really need help and do not want to ask my computer department for personal reasons.

And why don't you want your computer department to get involved? They would be the correct people to get involved.

cheers
front2back

[Tiger Shark]

If you have a computer department who has your network firewalled you are probably also NATed, (Network Address Translation). This being the case no-one really has your IP address. There are exceptions to this but either way they are benign.

1. They could have some script that they con you into running that will reveal your internal IP address BUT this is harmless to you since your internal IP address is not reachable across the public internet.

2. They can easily find your public IP address, (the IP of the device that is NATing your connection), BUT that is also benign because while s/he can connect/see/whatever the device it isn't your computer and unless ports have been opened and forwarded to your internal address from that device, which is highly unlikely, then they are only attacking the device rather than your computer.

[nihil]

MindyLynne

A lot depends on how your system is set up. If you are connected via a network, you really shouldn't have anything to worry about, as Tiger~ has explained.

If, on the other hand, you have a direct connection to the internet, then the story could well be different.

If you are on a corporate network, you would be wise to assume that your internet activity is already being logged by your IT department. They might also be logging your mail traffic.............volumes, destinations etc.

[XTC46]

of course, if you are worried that it is somone you work with that has done this (maybe the IT departent, which would explain not wanting to talk to them and the worry of them seeing what sites you have looked at and possibly the type of emails you are viewing durring work hours) than it would be very simple. A network scan with some very easy to get tools could look for active computers, enumerate users on that computer and then if they wanted to crack the password with some effort. Of course this would be noticable by the it staff if they monitor logs of network traffic and such. this would be even easier if you have no firewall on your computer directly. you can also get your ip address from the emails you send out.

but on the upside, if it is your IT department you are avoiding, chances are they already have your IP address from when they deployed your computer, along with a log in. or they can check NAT tables(also can be done from the outside if somone got your outside IP address and was able to get into the router) and if the company is large enough, or the IT guys are efficient enough they may have remote access software on the computer already to help you if you need to, but also allows (although unethical) them to view your screen in some cases. and as for your email, then they could just look on the mail server (possibly exchange?) and see what emails you are getting and who they are comming from.

of course, this is all assuming its somone in your IT department you are worried about, and that you are doing something that is not allowed, which is causing you to worry.

[Tiger Shark]

although unethical

Not at all. If the AUP states that a user has "no expectation of privacy" and that "this is a business network for business use only" then such tools are perfectly reasonable. If my other systems detect activity deemed inappropriate I will use such tools to obtain screen shots if necessary and will send a staff member to that office to determine the identity of the person using the computer. If it gets to a court, (which it has in my case), those two pieces of evidence are priceless these days. When I had to go to court I only had the logs of the Kazaa usage and an eye witness as to the identity of the user in question..... The judge was a pain for some time because he didn't understand that concept of port usage etc. If I had had a screen shot that said Kazaa in big pretty letters we would have been out of there in minutes.

[nihil]

Hi Tiger~

I don't know how it is with you guys, but over here an organisation is expected to comply with the law.

If they recklessly permit employees to violate the law, they are also liable. If they have reasonable suspicion that civil or criminal law is being broken then they may take steps to investigate, irrespective of the AUP. Otherwise they leave themselves open to charges of accessory after the fact, complicity etc..............

We have already seen this with filesharing and the use of unlicensed software, not to mention CP............the basic rule is that the law of the land outranks the AUP by a long way

I think that educational establishments are starting to get the message on the copyright front?

[Tiger Shark]

John,

Thats all well and good and such things as Kazaa etc. are blocked from their default ports so I am not at all complicit and 55 pages of logs in 8 point font prove that we were blocking it. But since the judge needs to be convinced that all that traffic was, indeed, Kazaa, (regardless of the fact that we found it installed in the machine but it was minimized when the witness arrived in the room so she couldn't see it), it would have been much nicer to have had a screenshot where I could have shown it minimized.....

Since our AUP is written the way it is and since it complies with the law here we can, if necessary, "spy" on the screens of our users - and we make it quite clear that we are allowed to because it is our equipment and we have warned them - every three months - that they have no expectation of privacy our a$$ is covered and theirs is "swinging in the breeze" should they break the AUP.

[nihil]

Hi Tiger~

I agree entirely on the advantages of having a properly phrased AUP, and even go as far as to say that this should (ideally) dovetail into the Security Policy (passwords and authorisations, for example).

As you know, we do not have a written constitution so a lot of legal decisions are based on Tort, Equity and precedent.

Without a well defined AUP, I would have the devil's own job with a disciplinary; because that would be a terms and conditions of employment issue, and would probably go to a tribunal rather than court. To be honest, I think that the ruling would not be in my favour.

If, on the other hand, I catch someone breaking the law (civil, or criminal) they are history.............because we are not granted the privacy to break the law and getting caught basically negates any privacy rights you might have had.

/off topic

From a security viewpoint I am very fascist. I wanted three machines connected to different network segments, and two stand alones with local admin rights................I was told "you have Sysadmin......you set them up" Ack! Phtt!

So, I dug these old 266's (MHz) out of a store (I had the key) and got all the proper forms and authorisations signed. I then insisted that these were signed off and someone else set up the accounts.

When the infrastructure guys asked me why, I just asked them what they would say to the auditors?



Difficult when you are helping out, but are in an area where you should be excluded?.............I even had to spend half of the Christmas parties with infrastructure and the other half with development.

[zencoder]

Originally posted here by MindyLynne
I submitted this in another and probably incorrect formum so I am reposting it here.

I am trying to learn how someone can learn the IP address of my office computer without physically tampering with my computer. I believe this has happened. Also, once they have the IP address, what can they do? Can they read my emails? Know where I have been on the Internet?

I really need help and do not want to ask my computer department for personal reasons.

Thank you to anyone who can help me!!!

MindyLynne, I answered your query in the other forum, so I won't go into all the details here. Suffice to say, go read the answers to this question that have been posted elsewhere.

While my colleagues seem to be genuinely interested in helping, I really think you are going about this the wrong way. You have not provided any details, so I am going to make some assumptions. If I am wrong, you should provide more info so we can trully provide some insight.

Your organization has an IT staff (Computer Department as you call it) that handles problems, user requests, and whatnot. If you want to do something that falls under their domain without involving them, this could be considered a violation of policy, and could get you into trouble. Depending on what you do and the situation, it could mean termination. If the reasons for NOT involving the IT staff are because they are your antagonist or related to such, then you have an HR problem and need to go through appropriate channels.

Basically, taking matters into your own hands is not a great idea when confronting such problems...at the least, it can back fire and damage your reputation or ability to have your concerns taken seriously, at the worst it can get your fired and possibly indicted.

If you have a legitimate reason for NOT using the IT staff, you need to take it up with your superiors, legal counsel, or HR advocate.

I'm not trying to be intentionally obstinate, but from the language you use and questions you pose, any technical advice we give would probably do you more harm than good.