IT Monitoring of Employee Forum use Query

[GDW]

Quick question for the techies in here. What details exactly can an IT dept see about employees who browse forums

The main questions I have are:

1 Can they see the contents of a post

2 Can they see contents of other peoples posts:uhoh:


Ta

Grandad

 

[Summo]

It would have to be an incredibly anal company who would track the text entered into web forms (or posts on a forum, if you like). Most companies are easily able to generate proxy reports on web usage, active time, idle time, number of visits over a certain period based on username and/or IP address.

One thing to be aware of is to edit your forum options to enable the use of cookies. If this isn't checked then your entire account information is transmitted with each post which has three problems I can see:

• Possible security risk as your account info is easily 'grab-able' to a malicious user who knew what they were looking for.
• The log entry on a standard proxy list report would be very long and full of 'random' characters which would stand out a mile, particularly if they kept appearing.
• Your IT department would be able to view your posts simply be entering the full URL on their reports.

So enable cookies, ppl!

 

[tris-]

To see what you have type they could just be using a key logger and can view the out put file using a remote admin tool.

 

[Summo]

What company is going to use a key logger over its network?

 

[tris-]

Originally posted by Summo
What company is going to use a key logger over its network?

One that hasnt got the intelect to find another way?

 

[GDW]

Thanks guys just wanted to be sure.

Our IT department are very fair in terms of their Internet policy but I m restricting personal use to outside normal working hours just in case

 

[old.Jas]

ROFL @ http://chroniclesofgeorge.nanc.com/

 

[tris-]

my fav one is something along the lines of

"she needs nt network reinstalled on her desktop, bah just replace it"

 

[Testin da Cable]

http://www.el-espia.net/cyberium/animation.htm


(http://www.bigbrsoft.com/)

 

[lecter]

1. Yes
2. Yes

There is a third question you should have asked
3 Do they care?
ans. probably not, however if they are LOOKING to make people redundant, they will probably tell the it/security guy to monitor a certain person to see if they do anything dogdy, use that evidence to fire someone and avoid paying redundancy etc. I know I have had to do it in the past, and it happened recently at compaq too.

Back to points 1 and 2.
Most corporations use programs like websense, to monitor the browsing characteristics of its users. This just produces statistics on visited sites. Now content stripping technology like pornsweeper, depending on how it is implemented is what you have to worry about. It can check for strings like swearwords etc. There is an interesting article on dansdata about pornsweeper which is amusing available here > http://www.dansdata.com/pornsweeper.htm

How to circumnavigate firewalls/security and not fucking get caught.
Answer: ssh
SSH is like the greatest tool in teh world. Basically it contains portforwarding tools so you can TUNNEL traffic through it encrypted so there is no way they can decrypt what you see or do. (except if they can see your screen of course). You need a shell on a *nix box and a friendly admin. www.doosh.net for example. SSH runs on port 22 normally but can be run on any port that is free. One of the FEW ports that is normally open is 443 (the https protocol). If this all works there is not a damn thing they can do.

Caveats.
If they use a keystroke logger to catch you out, or VNC to view your screen. Beat them with a lawyer stick. Its an invasion of privacy (data protection act) amongst other things.

 

[lecter]

I forgot to add this amusing bit. Scunthorpe county council implemented a swearword blocking system on their email server. The staff were confused as to why they could receive no email for a week until some chap worked out the @s*CUNT*horpe was getting blocked.

Tee Hee

 

[Summo]

Heh. There was a similar problem a while back at EsSEX County Council.

 

[Scooba Da Bass]

Because it says Sex in the name?

 

[caLLous]

No, because it's a shit place to want to send email to...

 

[Testin da Cable]

Originally posted by lecter
You need a shell on a *nix box and a friendly admin.

FAIL!!

Were I to find internal servers connecting to firewalls without MY express permission...YOU would be speaking in a very high voice for a few days.


One might say I'm a very unfriendly admin, and if one of my admins isn't just as unfriendly [or more so] than I am he or she will be shuttled off to the place stupid unthinking idiots go.

 

[lecter]

Obviously I wasnt clear in what I meant. I was implying that the friendly admin(external) would run an sshd on 443, in my experience this happens to be one of the few ports that is open to outward traffic. Moreover the admin would be EXPECTING encrypted traffic on this port. Of course I wouldnt actually tell you, the local admin, what I was doing. From an admin perspective, if they are clever enough to get round standard firewall practises then fine. They are clever enough not to introduce viruses and other such evil onto the network. I would be more worried about manager/secretary stupidity than anything else.

 

[Testin da Cable]

oh sure thing, you won't be one of the people who happily execute the clickme.exe's they get in their mailbox or plug their private laptops into the companies' lan. no sweat.
just so you know, I do not agree with your statement. from my perspective I distrust both the internal and external networks and the denizens that kark about in them. were the firewall [or my other methods] to tell me that sombody was, shall we say, karking about then the route to the outside would close for that user or users. sorry, but it's the way my company expects me to work.

 

[caLLous]

Hmm... kark... it's not a word but I like it.

 

[Testin da Cable]

not mine. I read it in some SF novel somewhere iirc. I think it's somewhere along the same lines as 'schlepp'

 

[Will]

Originally posted by Testin da Cable
I read it in some SF novel somewhere iirc.

That doesn't make it a real word.

 

[Testin da Cable]

no, it doesn't. but it rolls off the tounge well imo

 

[Wij]

Liek tremas bell !!!1

 

[Will]

So do a lot of things..ah hell, it is kind of cool.

 

[Testin da Cable]

I wasn't thinking quite along the lines of trem's smelly cheese-encrusted knobtop but...whatever gets you going wij

 

[Wilier]

Originally posted by lecter
I forgot to add this amusing bit. Scunthorpe county council implemented a swearword blocking system on their email server. The staff were confused as to why they could receive no email for a week until some chap worked out the @s*CUNT*horpe was getting blocked.

Tee Hee

True enough, Scunny is a cunt of a place to live and is a piece of shit on the beautiful Lincolnshire countryside.

I know.

I live there. (well near there)

 

[James-]

I've heard 'kark' or maybe 'cark' before. If someone was to 'cark it' they'd be dead.

 

[Testin da Cable]

would that be alon the same lines as "prang"?

 

[Will]

Nah, carking it is dieing, a prang is a bump in a car, causing just enough damage to be annoying, but not hurting anyone.

 

[Testin da Cable]

ah ok. ta

 

[Mellow-]

See what happens when people aren't allowed access to a dictionary? They end up making up words for no reason ... because they're all silly