1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

IT department security?

Discussion in 'Networking & Security' started by runevirage, Aug 27, 2012.

  1. OnePostWonder

    Joined:
    Dec 27, 2008
    Messages:
    582 (0.27/day)
    Thanks Received:
    107
    When I was in school, the IT department had the capability of seeing everything you were doing as if they were sitting there with you. The only way this was possible was by having software installed on each individual machine to make this possible or by having each machine configured to allow them unrestricted access.

    In your case, as temp02 said, they would be able to see the URLs of the sites you are visiting. They would not be able to access your programs or files, as that would involve allowing them, from your machine, to do so. The only other means of doing this would be to break the law and use software (such as BackTrack) or other means to access your stuff. The same is true for passwords; groups like Hak5 have demonstrated successful MITM (Man-in-the-middle) attacks to steal users' passwords.

    This is all written as I have come to understand it.
     
  2. OnePostWonder

    Joined:
    Dec 27, 2008
    Messages:
    582 (0.27/day)
    Thanks Received:
    107
    To elaborate on this further, they are able to see passwords for accounts established on their networks, services, website, etc., especially if it's one of thoSe cOmpaNies who stores Your passwords in plain text.

    There's no reason they would be able to see the passwords you enter to log onto an IM program, website outside of their control (Amazon, Google and its services [Gmail], uzw.).

    If that were the case, how the hell could anyone use public WiFi reasonably?

    EDIT: Thanks in part to 95Viper, I went back and read what I wrote here. If it seems like I'm saying public WiFi is perfectly secure, I'm not. I'm saying that it is "secure" enough that the average user isn't going to happen upon your info. Anyone willing to break the law and equipped with the right stuff will certainly be able to.

    I don't feel like looking back, but one other user mentioned about using HTTPS. As one example, this alleviated the issue of session hi-jacking by way of capturing a session cookie. Some of you may remember Firesheep; this little program made it literally as easy as clicking a button to access someone's account by becoming their session. I observed someone successfully jump from one Facebook account to the next because of its (and other websites) fundamental operation. You can search for Firesheep and find more about it at Codebutler.
     
    Last edited: Aug 28, 2012
  3. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,442 (1.98/day)
    Thanks Received:
    1,623
    Location:
    στο άλφα έως ωμέγα
    Reasonably means, in the case of public wifi, don't use it unless you don't care who may see it.

    They are able to see and capture any stream of data across their network.

    And, public wifi is not secure. It can be captured and no moron would ever send sensitive data across public wifi.

    You are living in dreamland if you think your info is safe on public wifi.
     
  4. OnePostWonder

    Joined:
    Dec 27, 2008
    Messages:
    582 (0.27/day)
    Thanks Received:
    107
    I think you need to elaborate a bit more. As I said in my post, there is no legal means to access your stuff and the average user isn't going to simply happen on it. If you actually read what I wrote, you'd see that I said the individual who is intending to access your stuff would need to make use of software or some other means to do so.

    No, I don't think my information is safe on public WiFi, so when I go to a hotel or wherever that has it, I do my best to not send anything important via plain text. I also make an effort not to log into accounts that I care about because there is always the possibility that someone out there is going to the MITM.
     
  5. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,367 (5.12/day)
    Thanks Received:
    3,677
    Location:
    Florida
    more like IT department sorcery
     
    Steevo says thanks.
  6. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,442 (1.98/day)
    Thanks Received:
    1,623
    Location:
    στο άλφα έως ωμέγα
    First, you double posted, so I was posting in response to your response in which you quoted me.
    And, you brought up public networks.

    The discussion I was involved in had to do with, as far as my understanding, a schools network, which usually is open, but secured and operated by that institution.

    And, just about anyone with good computer skill sets, training, understanding, and a will to do so can hack.... legal or not is a moot point.
     
  7. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,367 (5.12/day)
    Thanks Received:
    3,677
    Location:
    Florida
    wat
     
    95Viper says thanks.
  8. OnePostWonder

    Joined:
    Dec 27, 2008
    Messages:
    582 (0.27/day)
    Thanks Received:
    107
    I'm kinda with Solaris on the "wat" part because you read as though you're agreeing with me. "...just about anyone with good computer skill sets, training, understanding, a will to do so can hack...", wasn't this what I said? Also, legal or not isn't a moot point in the case of addressing what the OP originally asked.
     
  9. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,442 (1.98/day)
    Thanks Received:
    1,623
    Location:
    στο άλφα έως ωμέγα
    I was responding to this post, before your edit; and, I see you have amended your post.

    So,I guess there is agreement.
     
  10. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,432 (2.55/day)
    Thanks Received:
    1,253
    Quite.


    It always amazes my users when they visit a site a few times and all of a sudden its blocked. Magic..........of the dark arts.

    It isn't hacking if you are doing it on their network. YOu are at fault for doing any personal things on their network, they pay for it, pay to maintain it, pay to secure it, and pay to have it monitored. And monitored it is, even if you never know about it.


    I can force every person who accesses the network or internet to sign in. Every connection is monitored to domain and IP level, can be logged, filtered, and e-mailed to me, I can log the data from any connection and export it. All of this from a firewall that costs less than a grand.



    Plus there are about 5 simple hacks I can think of that will allow any power user to watch all the traffic on a network and save it, then you can take it home and spend time breaking it.
     
    10 Million points folded for TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page