1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

IT department security?

Discussion in 'Networking & Security' started by runevirage, Aug 27, 2012.

  1. runevirage New Member

    Joined:
    Mar 30, 2010
    Messages:
    80 (0.05/day)
    Thanks Received:
    6
    If your IT department has access to network info like that needed to log on to a WPA2-Enterprise network, could they possibly log onto the network and act as you? If they have the logon info can they track things like your passwords while you are using the network, or access any program or files therein? I trust most IT departments are full of responsible individuals but I was wondering if this capability is even possible in the first place.
     
    Last edited: Aug 27, 2012
  2. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,450 (1.97/day)
    Thanks Received:
    1,627
    Location:
    στο άλφα έως ωμέγα
    YES, Skynet has total control and access.

    They are the IT Dept. for a reason... to manage their (the company's) network.

    Usually, the Administrators have full access. Others are given access as needed.
     
  3. runevirage New Member

    Joined:
    Mar 30, 2010
    Messages:
    80 (0.05/day)
    Thanks Received:
    6
    So if I log on to the network with my personal laptop, are they able to see things like passwords?
     
  4. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,450 (1.97/day)
    Thanks Received:
    1,627
    Location:
    στο άλφα έως ωμέγα
    Yes, admins with total control, in most larger organizations have the capabilities for this.

    How else are they going to monitor, control, secure, etc. their network.
     
  5. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    They will be able to see it anyway on wired networks if they are really interested due to being the man in the middle so to speak.

    What should you learn from this? Don't do personal business at work. besides, you are there to work.
     
    95Viper says thanks.
    10 Million points folded for TPU
  6. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.23/day)
    Thanks Received:
    166
    AFAIK, with WPA2 the communication between the AP and your NIC is encrypted with a different set of keys then the other users, so even if other authenticated user is eavesdropping the wireless network they won't/shouldn't be able to decode/see your traffic/packets.
    IT personnel should however be able to see the URLs of the pages you visit, if they have some kind of firewall logging.
    Still, if you are afraid of someone stealing your passwords, login only on secure (HTTPS) websites.
     
  7. runevirage New Member

    Joined:
    Mar 30, 2010
    Messages:
    80 (0.05/day)
    Thanks Received:
    6
    It's not really "work", it's school, and my laptop is both personal and work related. I also use my personal email to contact teachers and prospective employers. I am wondering if my gmail password is logged somewhere when I log onto a WPA2-Enterprise network at my school.
     
  8. 3870x2

    3870x2

    Joined:
    Feb 26, 2008
    Messages:
    4,875 (1.96/day)
    Thanks Received:
    689
    Location:
    Joplin, Mo
    On windows systems I don't believe it is entirely possible to see someones passwords without cracking something. They can only change them.

    If you haven't commited your computer to the domain, then they have no rights other than to see the data passed through. Joining the domain however gives them access that is susceptible to the network configuration and rights.
     
  9. runevirage New Member

    Joined:
    Mar 30, 2010
    Messages:
    80 (0.05/day)
    Thanks Received:
    6
    So if someone else uses my login credentials to use the network, that session will be separate from my current session? What if I am currently offline and someone decides to use my login credentials acting as an imposter; do network logs take into account things like MAC addresses so that I have plausible deniability in case they try to do something illegal on my network account?
     
  10. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    Are we talking "rights" now, or real life?

    This has nothing to do with even logging onto the domain, and everything to do with networking basics.
     
    10 Million points folded for TPU
  11. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,450 (1.97/day)
    Thanks Received:
    1,627
    Location:
    στο άλφα έως ωμέγα
    If, your laptop sends it encrypted/secured, then no, not unless they crack it. <-- this speaking of your passwords and data

    And, if you are on someone's network, they have ability to see what you are doing and sending/receiving. (If they have any training or know what they are doing)
     
  12. runevirage New Member

    Joined:
    Mar 30, 2010
    Messages:
    80 (0.05/day)
    Thanks Received:
    6
    Does a Windows login password help in this regard in any way? Or is that more for protection against local/physical unauthorized access?
     
  13. ShiBDiB

    ShiBDiB

    Joined:
    Jul 21, 2008
    Messages:
    4,126 (1.76/day)
    Thanks Received:
    790
    Location:
    Clifton Park, NY
    No... not at all

    Use https sites and avoid using public networks.
     
  14. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,450 (1.97/day)
    Thanks Received:
    1,627
    Location:
    στο άλφα έως ωμέγα
  15. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    Does it remain encrypted after it his wire? Nope. Moot pint.
     
    10 Million points folded for TPU
  16. 3870x2

    3870x2

    Joined:
    Feb 26, 2008
    Messages:
    4,875 (1.96/day)
    Thanks Received:
    689
    Location:
    Joplin, Mo
    I would hope that the IT department isn't doing any "Real Life" cracking or they can kiss their career goodbye, possible with jailtime.

    This could also happen regardless of if he is connected to their network, making the point irrelevant.

    Also you are being very short with everyone on this topic. Had a bad day?
     
  17. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    Just ready to be home with my kids.


    And trying to be to the point with information. He was asking about security within the IT department, and really they are the last piece of the puzzle. They could see everything before your information goes out the proverbial door.
     
    10 Million points folded for TPU
  18. 3870x2

    3870x2

    Joined:
    Feb 26, 2008
    Messages:
    4,875 (1.96/day)
    Thanks Received:
    689
    Location:
    Joplin, Mo
    Best to assume any information is available when running through another network, that is for sure.
     
  19. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,774 (9.73/day)
    Thanks Received:
    6,236
    Location:
    Chatsworth, GA
    IT departments own the network and most things that connect to it so they really can do whatever they want to monitor it. I don't see them creating a whole domain and put blind folds on.
     
    Crunching for Team TPU
  20. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    Just another reason the internet should remain private give the government a challenge like reading all the data on the net, and put them in strategic locations like backbone, or entry point and your freedom isn't so free anymore. At least with multiple competing companies they should be focused on customer satisfaction and not customer snooping. Not that it hasn't happened int he past.


    SA had a stooge run a redirect from the hosting company.
     
    10 Million points folded for TPU
  21. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,450 (1.97/day)
    Thanks Received:
    1,627
    Location:
    στο άλφα έως ωμέγα
    Not my point, here.

    My point was to the OP, as, he thought someone was possibly signing on GMail with his info.
    Gmail has the 2-step verification, so if it was not him the person or persons doing this would not be able to sign into his GMail.
     
  22. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    http://en.wikipedia.org/wiki/Man-in-the-middle_attack

    Would it matter if they had all of his information?
     
    10 Million points folded for TPU
  23. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,450 (1.97/day)
    Thanks Received:
    1,627
    Location:
    στο άλφα έως ωμέγα
    Unless, they clone his phones, too.


    EDIT:

    Quoted from Gmail 2-step verification:
     
  24. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,520 (2.56/day)
    Thanks Received:
    1,300
    Most likely not worth it, unless they were bored and the phone was connected to the network also to receive the message.
     
    10 Million points folded for TPU
  25. temp02 New Member

    Joined:
    Mar 18, 2009
    Messages:
    493 (0.23/day)
    Thanks Received:
    166
    One thing is your network login credentials, other thing is your other/websites login credentials, even if someone has your network login details they won't be able to eavesdrop your session. But why would anyone else have your network login details (I mean besides the IT personnel)? IT personnel won't do any "wrong stuff" with your network account (why would they?), so no need for any "plausible deniability", also it is your "job" to keep your network access details a secret.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page