• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

IT department security?

runevirage

New Member
Joined
Mar 30, 2010
Messages
80 (0.02/day)
If your IT department has access to network info like that needed to log on to a WPA2-Enterprise network, could they possibly log onto the network and act as you? If they have the logon info can they track things like your passwords while you are using the network, or access any program or files therein? I trust most IT departments are full of responsible individuals but I was wondering if this capability is even possible in the first place.
 
Last edited:

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,645 (2.24/day)
YES, Skynet has total control and access.

They are the IT Dept. for a reason... to manage their (the company's) network.

Usually, the Administrators have full access. Others are given access as needed.
 

runevirage

New Member
Joined
Mar 30, 2010
Messages
80 (0.02/day)
YES, Skynet has total control and access.

They are the IT Dept. for a reason... to manage their (the company's) network.

Usually, the Administrators have full access. Others are given access as needed.

So if I log on to the network with my personal laptop, are they able to see things like passwords?
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,645 (2.24/day)
Yes, admins with total control, in most larger organizations have the capabilities for this.

How else are they going to monitor, control, secure, etc. their network.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
They will be able to see it anyway on wired networks if they are really interested due to being the man in the middle so to speak.

What should you learn from this? Don't do personal business at work. besides, you are there to work.
 

temp02

New Member
Joined
Mar 18, 2009
Messages
493 (0.09/day)
AFAIK, with WPA2 the communication between the AP and your NIC is encrypted with a different set of keys then the other users, so even if other authenticated user is eavesdropping the wireless network they won't/shouldn't be able to decode/see your traffic/packets.
IT personnel should however be able to see the URLs of the pages you visit, if they have some kind of firewall logging.
Still, if you are afraid of someone stealing your passwords, login only on secure (HTTPS) websites.
 

runevirage

New Member
Joined
Mar 30, 2010
Messages
80 (0.02/day)
They will be able to see it anyway on wired networks if they are really interested due to being the man in the middle so to speak.

What should you learn from this? Don't do personal business at work. besides, you are there to work.

It's not really "work", it's school, and my laptop is both personal and work related. I also use my personal email to contact teachers and prospective employers. I am wondering if my gmail password is logged somewhere when I log onto a WPA2-Enterprise network at my school.
 
Joined
Feb 26, 2008
Messages
4,876 (0.83/day)
Location
Joplin, Mo
System Name Ultrabeast GX2
Processor Intel Core 2 Duo E8500 @ 4.0GHZ 24/7
Motherboard Gigabit P35-DS3L
Cooling Rosewill RX24, Dual Slot Vid, Fan control
Memory 2x1gb 1066mhz@850MHZ DDR2
Video Card(s) 9800GX2 @ 690/1040
Storage 750/250/250/200 all WD 7200
Display(s) 24" DCLCD 2ms 1200p
Case Apevia
Audio Device(s) 7.1 Digital on-board, 5.1 digital hooked up
Power Supply 700W RAIDMAXXX SLI
Software winXP Pro
Benchmark Scores 17749 3DM06
On windows systems I don't believe it is entirely possible to see someones passwords without cracking something. They can only change them.

If you haven't commited your computer to the domain, then they have no rights other than to see the data passed through. Joining the domain however gives them access that is susceptible to the network configuration and rights.
 

runevirage

New Member
Joined
Mar 30, 2010
Messages
80 (0.02/day)
AFAIK, with WPA2 the communication between the AP and your NIC is encrypted with a different set of keys then the other users, so even if other authenticated user is eavesdropping the wireless network they won't/shouldn't be able to decode/see your traffic/packets.
IT personnel should however be able to see the URLs of the pages you visit, if they have some kind of firewall logging.
Still, if you are afraid of someone stealing your passwords, login only on secure (HTTPS) websites.

So if someone else uses my login credentials to use the network, that session will be separate from my current session? What if I am currently offline and someone decides to use my login credentials acting as an imposter; do network logs take into account things like MAC addresses so that I have plausible deniability in case they try to do something illegal on my network account?
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Are we talking "rights" now, or real life?

This has nothing to do with even logging onto the domain, and everything to do with networking basics.
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,645 (2.24/day)
If, your laptop sends it encrypted/secured, then no, not unless they crack it. <-- this speaking of your passwords and data

And, if you are on someone's network, they have ability to see what you are doing and sending/receiving. (If they have any training or know what they are doing)
 

runevirage

New Member
Joined
Mar 30, 2010
Messages
80 (0.02/day)
Does a Windows login password help in this regard in any way? Or is that more for protection against local/physical unauthorized access?
 
Joined
Jul 21, 2008
Messages
5,169 (0.90/day)
System Name [Daily Driver]
Processor [Ryzen 7 5800X3D]
Motherboard [Asus TUF GAMING X570-PLUS]
Cooling [be quiet! Dark Rock Slim]
Memory [64GB Corsair Vengeance LPX 3600MHz (16GBx4)]
Video Card(s) [PNY RTX 3070Ti XLR8]
Storage [1TB SN850 NVMe, 4TB 990 Pro NVMe, 2TB 870 EVO SSD, 2TB SA510 SSD]
Display(s) [2x 27" HP X27q at 1440p]
Case [Fractal Meshify-C]
Audio Device(s) [Steelseries Arctis Pro]
Power Supply [CORSAIR RMx 1000]
Mouse [Logitech G Pro Wireless]
Keyboard [Logitech G512 Carbon (GX-Brown)]
Software [Windows 11 64-Bit]
Does a Windows login password help in this regard in any way? Or is that more for protection against local/physical unauthorized access?

No... not at all

Use https sites and avoid using public networks.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
If, your laptop sends it encrypted/secured, then no, not unless they crack it. <-- this speaking of your passwords and data

And, if you are on someone's network, they have ability to see what you are doing and sending/receiving. (If they have any training or know what they are doing)

Does it remain encrypted after it his wire? Nope. Moot pint.
 
Joined
Feb 26, 2008
Messages
4,876 (0.83/day)
Location
Joplin, Mo
System Name Ultrabeast GX2
Processor Intel Core 2 Duo E8500 @ 4.0GHZ 24/7
Motherboard Gigabit P35-DS3L
Cooling Rosewill RX24, Dual Slot Vid, Fan control
Memory 2x1gb 1066mhz@850MHZ DDR2
Video Card(s) 9800GX2 @ 690/1040
Storage 750/250/250/200 all WD 7200
Display(s) 24" DCLCD 2ms 1200p
Case Apevia
Audio Device(s) 7.1 Digital on-board, 5.1 digital hooked up
Power Supply 700W RAIDMAXXX SLI
Software winXP Pro
Benchmark Scores 17749 3DM06
Are we talking "rights" now, or real life?

This has nothing to do with even logging onto the domain, and everything to do with networking basics.

I would hope that the IT department isn't doing any "Real Life" cracking or they can kiss their career goodbye, possible with jailtime.

This could also happen regardless of if he is connected to their network, making the point irrelevant.

Also you are being very short with everyone on this topic. Had a bad day?
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Just ready to be home with my kids.


And trying to be to the point with information. He was asking about security within the IT department, and really they are the last piece of the puzzle. They could see everything before your information goes out the proverbial door.
 
Joined
Feb 26, 2008
Messages
4,876 (0.83/day)
Location
Joplin, Mo
System Name Ultrabeast GX2
Processor Intel Core 2 Duo E8500 @ 4.0GHZ 24/7
Motherboard Gigabit P35-DS3L
Cooling Rosewill RX24, Dual Slot Vid, Fan control
Memory 2x1gb 1066mhz@850MHZ DDR2
Video Card(s) 9800GX2 @ 690/1040
Storage 750/250/250/200 all WD 7200
Display(s) 24" DCLCD 2ms 1200p
Case Apevia
Audio Device(s) 7.1 Digital on-board, 5.1 digital hooked up
Power Supply 700W RAIDMAXXX SLI
Software winXP Pro
Benchmark Scores 17749 3DM06
Just ready to be home with my kids.


And trying to be to the point with information. He was asking about security within the IT department, and really they are the last piece of the puzzle. They could see everything before your information goes out the proverbial door.

Best to assume any information is available when running through another network, that is for sure.
 

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,542 (3.68/day)
IT departments own the network and most things that connect to it so they really can do whatever they want to monitor it. I don't see them creating a whole domain and put blind folds on.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Just another reason the internet should remain private give the government a challenge like reading all the data on the net, and put them in strategic locations like backbone, or entry point and your freedom isn't so free anymore. At least with multiple competing companies they should be focused on customer satisfaction and not customer snooping. Not that it hasn't happened int he past.


SA had a stooge run a redirect from the hosting company.
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,645 (2.24/day)
Does it remain encrypted after it his wire? Nope. Moot pint.

Not my point, here.

My point was to the OP, as, he thought someone was possibly signing on GMail with his info.
Gmail has the 2-step verification, so if it was not him the person or persons doing this would not be able to sign into his GMail.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
12,645 (2.24/day)
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Would it matter if they had all of his information?

Unless, they clone his phones, too.


EDIT:

Quoted from Gmail 2-step verification:
Why you should use 2-step verification

2-step verification drastically reduces the chances of having the personal information in your Google account stolen by someone else. Why? Because hackers would have to not only get your password and your username, they'd have to get a hold of your phone.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
Most likely not worth it, unless they were bored and the phone was connected to the network also to receive the message.
 

temp02

New Member
Joined
Mar 18, 2009
Messages
493 (0.09/day)
So if someone else uses my login credentials to use the network, that session will be separate from my current session? What if I am currently offline and someone decides to use my login credentials acting as an imposter; do network logs take into account things like MAC addresses so that I have plausible deniability in case they try to do something illegal on my network account?

One thing is your network login credentials, other thing is your other/websites login credentials, even if someone has your network login details they won't be able to eavesdrop your session. But why would anyone else have your network login details (I mean besides the IT personnel)? IT personnel won't do any "wrong stuff" with your network account (why would they?), so no need for any "plausible deniability", also it is your "job" to keep your network access details a secret.
 
Top