how to keep IT from spying on me

soundsystem00

macrumors member
Original poster
Dec 15, 2016
69
6
I use the WIFI at work. Well, everyone says to be careful what you look at because IT can watch you. I understand that, and that isn't a problem. I definitely don't want him going through my files and stuff, though. I bring my personal computer to work since they haven't bought me one. I set a up a firewall in my settings. Is there anything else I should do? Thanks.
 

thekev

macrumors 604
Aug 5, 2010
6,798
2,105
You connect to my network, you have no expectation of privacy. Trying to dodge IT like that can get you fired.
Well IT could monitor traffic, but if they have employees working on laptops that were not purchased by the company, it will come down to local laws and enforceable clauses in their employment contracts. What even constitutes trying to dodge IT? I mean considering the points I just mentioned, what would really count as doing so?
 

iphonehype

macrumors 6502a
Sep 14, 2012
537
111
I use the WIFI at work. Well, everyone says to be careful what you look at because IT can watch you. I understand that, and that isn't a problem. I definitely don't want him going through my files and stuff, though. I bring my personal computer to work since they haven't bought me one. I set a up a firewall in my settings. Is there anything else I should do? Thanks.
VPN for traffic. Really and truly they can see everything and anything. We can see internet banking logins facebook chats the works...heck I knew CEO resigned before announced to the board because of an email that was caught up with our filters
 
  • Like
Reactions: pedrowerner

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,893
17,536
VPN for traffic. Really and truly they can see everything and anything. We can see internet banking logins facebook chats the works...heck I knew CEO resigned before announced to the board because of an email that was caught up with our filters
Wouldn't information like logins be sent over HTTPS?
 

iphonehype

macrumors 6502a
Sep 14, 2012
537
111
Wouldn't information like logins be sent over HTTPS?
Yup but with things like Veriato installed on the network it captures keys enters and it can read whats on the screen. Any PC that access an internet question automatically has Veriato installed. Once the devices disconnects it gets removed, if its a company owned device it stays on the machine so if a staff members goes offsite with a laptop, when it comes back it updates info to our server
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,893
17,536
Yup but with things like Veriato installed on the network it captures keys enters and it can read whats on the screen. Any PC that access an internet question automatically has Veriato installed. Once the devices disconnects it gets removed, if its a company owned device it stays on the machine so if a staff members goes offsite with a laptop, when it comes back it updates info to our server
How does software get installed on someone's personal computer simply by them connecting to a WiFi network?
 

iphonehype

macrumors 6502a
Sep 14, 2012
537
111
How does software get installed on someone's personal computer simply by them connecting to a WiFi network?
It's not software its an applet, join by wifi accept user policy install applet then firewall starts the wireless session. No acceptance or install of applet no access to wifi.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,893
17,536
It's not software its an applet, join by wifi accept user policy install applet then firewall starts the wireless session. No acceptance or install of applet no access to wifi.
Ah, so it's not simply joining WiFi but accepting some configuration/policy that can do something.
 

iphonehype

macrumors 6502a
Sep 14, 2012
537
111
Ah, so it's not simply joining WiFi but accepting some configuration/policy that can do something.
Yup however we have Cisco coming in next week and gonna show us a way to spoof connections......so the applet thing is removed and once the session starts it can support encryption connections for keywords. E.G. If someone is reading emails over a personal device via SSL and it has a keyword we dont like it will flag. Apparently it been possible for years god knows...
 

soundsystem00

macrumors member
Original poster
Dec 15, 2016
69
6
Dang! I have nothing to hide other than a small amount of legal porn on my browser history and in my file folders. Still though, I feel weird that they could access that at my job. Also I don't like them seeing my facebook passwords, bank password, and countless personal info. What if I open a new user account on my computer and just use that at work?
 

thekev

macrumors 604
Aug 5, 2010
6,798
2,105
Dang! I have nothing to hide other than a small amount of legal porn on my browser history and in my file folders. Still though, I feel weird that they could access that at my job. Also I don't like them seeing my facebook passwords, bank password, and countless personal info. What if I open a new user account on my computer and just use that at work?
You know that passwords are encrypted right? Even in the case of stored passwords, they are not stored in plain text. As for browser history, don't access porn while you're on their wifi. If you're worried about any auto fill or auto suggestion from your browser, set up a second user. Stick to that one while at work. This can be applied to your computer's login system and in some cases your web browser.
 

soundsystem00

macrumors member
Original poster
Dec 15, 2016
69
6
You know that passwords are encrypted right? Even in the case of stored passwords, they are not stored in plain text. As for browser history, don't access porn while you're on their wifi. If you're worried about any auto fill or auto suggestion from your browser, set up a second user. Stick to that one while at work. This can be applied to your computer's login system and in some cases your web browser.
I would never do that at work. I have google chrome setup for work stuff, but i realized that it saves all my browser history from my google account.
 

thekev

macrumors 604
Aug 5, 2010
6,798
2,105
I would never do that at work. I have google chrome setup for work stuff, but i realized that it saves all my browser history from my google account.
IT will not install spyware on your personal machine without offering a work computer unless they wish to welcome lawsuits. With that in mind, my advice still stands. Make another user account for your computer. If you're only concerned about your browser, which is reasonable, then...

1. open chrome
2. Click on the dropdown menu marked People.
3. Click add person. You may need to assign them an email address, which should be your work email.
4. Switch to that "person".

This solves your browser problem by keeping your work browser history separate from your personal browser history.
 

lcseds

macrumors 65816
Jun 20, 2006
1,005
802
NC, USA
IT security will not try and access your personal system (illegal). What they will do is monitor your IP connection addresses. They likely will have a number of IP addresses that are blocked or will flag them when accessed. So, stay off sites you know you shouldn't be on while using the work network.
 

iphonehype

macrumors 6502a
Sep 14, 2012
537
111
Dang! I have nothing to hide other than a small amount of legal porn on my browser history and in my file folders. Still though, I feel weird that they could access that at my job. Also I don't like them seeing my facebook passwords, bank password, and countless personal info. What if I open a new user account on my computer and just use that at work?
Just create a new profile for work if your worried. If someone had Pom in there laptop and flagged if they accessed it...would be a huge issue. If your company has a bring your own device policy to work I don't think security / disrepute is an issue for them .
[doublepost=1489256628][/doublepost]
IT security will not try and access your personal system (illegal). What they will do is monitor your IP connection addresses. They likely will have a number of IP addresses that are blocked or will flag them when accessed. So, stay off sites you know you shouldn't be on while using the work network.
It's not illegal for a company to access personal information if they have grounds e.g. Believe you have files on there that can damage the company but this will only flag up if the user accesses the file
 

m4v3r1ck

macrumors 68020
Nov 2, 2011
2,341
355
The Netherlands
When I was managing a department I found pornography - produced by a coworker - on our company network.

He/she got fired by me in a split second! Not that I condemn pornography in any way or fashion, but my rules of the game are in fact very simple; pornography doesn't belong in-company. Period!

What coworkers do in their free time at home or where-ever and/or what ever, is none of my business. But letting private - non work related - stuff crowl thru my company network, that may be accessed by others in their line of duty, is out of the question. Simply a no-go. I had to protect the groups interest here.

EDIT: my coworkers could always make use of a company computer. That was my obligation for our joint rules of this game!

The same thing stands for excessive use of social media during working hours.

So OP mark my words: "Check your Six!"

Cheers
 
Last edited:

hallux

macrumors 68030
Apr 25, 2012
2,994
615
IT rarely has the time to randomly watch people. They're too busy resolving help desk tickets.
Apparently you've only worked for a small company? Large companies have VAST IT teams and they most certainly CAN track activities on the network. Especially with automation. The company I'm familiar with even knows when files are copied to USB, and what files those were. Sure, nobody is watching "live", but there are consoles that can be accessed if there is a question about activity and I'm sure key-word triggers for certain activities to alert someone. By the way, the folks that deal with that stuff usually wouldn't be the ones "resolving help desk tickets".
 
  • Like
Reactions: m4v3r1ck

mjschabow

macrumors 68040
Dec 25, 2013
3,029
2,912
Apparently you've only worked for a small company? Large companies have VAST IT teams and they most certainly CAN track activities on the network. Especially with automation. The company I'm familiar with even knows when files are copied to USB, and what files those were. Sure, nobody is watching "live", but there are consoles that can be accessed if there is a question about activity and I'm sure key-word triggers for certain activities to alert someone. By the way, the folks that deal with that stuff usually wouldn't be the ones "resolving help desk tickets".
I work for LARGE companies.
 

phrehdd

macrumors 68040
Oct 25, 2008
3,334
750
Lots of interesting talk here and reminds me of my days dealing as a Business Systems Analyst for a company's IT/IS security department.

To the OP - Consider creating a virtual machine (Windows) for connection at work. Let your workplace do whatever it wants with the virtual (you can set it up to not talk to your host system on your laptop in most cases). You could also consider a dual boot system and for your personal system encrypt it. That should help protect your private stuff. As for network use at work, depending you who handles your network and security it would not be unusual for some types of network activity to raise flags as there are all sorts of devices, network appliances and software to help those handling security or audits get some usable information about a network user's activities.

As for some other folks here - a decent company does NOT let non-company computers on their networks unless some special agreements are made and followed through upon. Often, outsiders might simply gain access to internet only (such as venders). IF non-company systems are to be on the network, often they are give a list of required software that must be on the system, agreement to add as needed (typical will be anti-virus, possible applets to show port activity etc.). Also, agreements may be made that users with their own computers NOT use certain software that exists on the computer. In short, the "visit" on the network is heavily controlled by user policy agreement and by explicit usage rules.

Candidly, if I were in charge of any network security in a large company, no employee would ever be allowed to hook up a non-company computer to the network. If there was a forced situation, then potentially VLANS are in order and very limited access that is monitored heavily.
 
  • Like
Reactions: m4v3r1ck

m4v3r1ck

macrumors 68020
Nov 2, 2011
2,341
355
The Netherlands
Lots of interesting talk here and reminds me of my days dealing as a Business Systems Analyst for a company's IT/IS security department.

To the OP - Consider creating a virtual machine (Windows) for connection at work. Let your workplace do whatever it wants with the virtual (you can set it up to not talk to your host system on your laptop in most cases). You could also consider a dual boot system and for your personal system encrypt it. That should help protect your private stuff. As for network use at work, depending you who handles your network and security it would not be unusual for some types of network activity to raise flags as there are all sorts of devices, network appliances and software to help those handling security or audits get some usable information about a network user's activities.

As for some other folks here - a decent company does NOT let non-company computers on their networks unless some special agreements are made and followed through upon. Often, outsiders might simply gain access to internet only (such as venders). IF non-company systems are to be on the network, often they are give a list of required software that must be on the system, agreement to add as needed (typical will be anti-virus, possible applets to show port activity etc.). Also, agreements may be made that users with their own computers NOT use certain software that exists on the computer. In short, the "visit" on the network is heavily controlled by user policy agreement and by explicit usage rules.

Candidly, if I were in charge of any network security in a large company, no employee would ever be allowed to hook up a non-company computer to the network. If there was a forced situation, then potentially VLANS are in order and very limited access that is monitored heavily.
Great addition to this thread! Thanks for sharing your insights.

Cheers
 

satcomer

macrumors 604
Feb 19, 2008
6,906
1,165
The Finger Lakes Region
Apparently you've only worked for a small company? Large companies have VAST IT teams and they most certainly CAN track activities on the network. Especially with automation. The company I'm familiar with even knows when files are copied to USB, and what files those were. Sure, nobody is watching "live", but there are consoles that can be accessed if there is a question about activity and I'm sure key-word triggers for certain activities to alert someone. By the way, the folks that deal with that stuff usually wouldn't be the ones "resolving help desk tickets".
A great security team on large network always should set a Server group rule that users could not use USB open ports!
 
  • Like
Reactions: m4v3r1ck
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.