Question for computer techies

[CloudOnMyTongue 0]

So at work I have internet access on my computer. But I have a lot of time where I'm just sitting around doing nothing.

I've been told that the IT department moniters are web usuage. And I know of 3 people that have been fired for internet abuse.

So I was just wonder how this whole process is done. I'm just curious, no it's not because I want to look at porn all day and get caught. I just want to be able to come to sites like this one.

[kingbunky 3]

you may (probably) go through a proxy server to get online. they just check the logs, probably generate reports based on ip's to find the culprits.

one little hint. i turn off images in my browser, so when i hit a page here, all that shows up in the proxy logs is the page itself, not the page, 8 different smileys, logs, ads etc.

"Hang on a sec, the young'uns are throwin' beer cans at a golf cart."
MB4252 TDS699
killing threads since 2001

[PhillyKev 0]

Pretty simple, you're all going out to the internet through a shared access point. They have software installed on that access point (probably a proxy server) to track which machines are going to which sites and how much data they are pulling down, and how much time they spend at each site, etc. It's pretty easy to scan those reports and see a big difference between someone using the internet for work related purposes, and those who aren't.

[unformed 0]

You can by installing a proxy on a remote machine (ie: your home machine) on a nonstandard port (ie 4562), and odds are they won't see it. If you want to guarantee blocking, I'd wrap the connection using SSH forwarding, but that begins to get complicated.

It can defintely be done though, I've done it before.

This ad space for sale.

[CloudOnMyTongue 0]

bah that's not good at all.

There are sites that we are allowed to go to. If dropzone.com could change it's name too one of the sites that are approved to go to, then everything would be just great.

[Bolas 5]

Are you using DHCP? If so they can't completely prove it was you that was surfing on whatever site.
Deny, Deny, Deny...

Also most companies aren't gonna fire you for surfing. Unless your are trying to get to the porn sites (I'm assuming they are blocked) constantly no admin is really gonna care. These days they have their hands too full with hackers trying to get into the network then worry about people going out... unless one of your coworkers rats you out.

Stupidity if left untreated is self-correcting
If ya can't be good, look good, if that fails, make 'em laugh.

[WrongWay 0]

This is your boss.

You're fired.

That will be all.

Wrong Way
D #27371 Mal Manera Rodriguez Cajun Chicken Ø Hellfish #451
The wiser wolf prevails.

[CloudOnMyTongue 0]

I don't know what they are using. I don't know what DHCP is. But I do know that the IT department has so much work to do, that they are always behind schedule and they don't have free time for things like checking out where everyone has gone to.

[PhillyKev 0]

Quote

Are you using DHCP? If so they can't completely prove it was you that was surfing on whatever site.

Yeah they can. You can easily check which machine had the lease on an ip address.

[lummy 4]

Quote

I don't know what they are using. I don't know what DHCP is. But I do know that the IT department has so much work to do, that they are always behind schedule and they don't have free time for things like checking out where everyone has gone to.

if it's a larger company, there's probably a system's or network admin who monitors internet usage. Don't confuse this guy with the technical support guys who are always running around with their heads cut off. You mentioned that 3 other people have been fired for inappropriate usage, so there is definitely someone watching.

On another note, someone mentioned building a remote proxy on a non standard port. Odds are if there's a proxy at his work, then the non standard ports are gonna be closed. You'd have to tunnel over a known port such as HTTP (80) which is going to attract attention too. Problem with this is if you set something up n get caught, you have no recourse since you obviously knew what you were doing to try n get around the proxy. IT can be done, but you definitely need to cross your T's and dot your I's

I promise not to TP Davis under canopy.. I promise not to TP Davis under canopy.. eat sushi, get smoochieTTK#1

[kelpdiver 2]

Quote

if it's a larger company, there's probably a system's or network admin who monitors internet usage. Don't confuse this guy with the technical support guys who are always running around with their heads cut off. You mentioned that 3 other people have been fired for inappropriate usage, so there is definitely someone watching.

It's still pretty atypical for someone to actively monitor beyond hit words like Playboy or Sex. More commonly a manager suspects someone is slacking and asks for an examination of their activity. Those who are getting their work done are less likely to face scrutiny for what they do in idle moments.

But...unless you have an understanding with your manager about what you do in those quiet periods (or lunch at your desk), you don't have a leg to stand on if they do want to fire you for personal use. IMO it's bad policy - companies want to be able to call you on the company cellphone whenever they have a question, but the return favor is not given.

DHCP is definitely not a protection you can rely on. Quite often the reverse DNS maps are updated with your Windows systemname and the logs will very clearly specify you. I don't think trying to hide your destination via proxies helps unless your IT guys are dim witted.

[PhreeZone 20]

Quote

It's still pretty atypical for someone to actively monitor beyond hit words like Playboy or Sex.

Wanna bet? Its one of my many duties here. I've helped to fire over 20 people in the last 2.5 years due to web abuse.

Most companies are relying on WCCP protocol on Cisco equipment to route HTTP traffic (even on nonstanded ports) to a proxy server which logs all connections. This reply to message page on DZ.com registered as 22 seperate entries since it has to load the Smilies too.

On a corperate network most times they are transparently getting your log in information and inserting that into the log files too so there is no mistaking who is accessing what resource at what time.

[26/May/2004:14:47:08 -0400] 10.50.2.65 CORP\XXUser TCP_AUTH_REDIRECT/307 http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=th55+connection none

[26/May/2004:14:47:08 -0400] 10.50.2.65 CORP\XXUser TCP_DENIED/307 http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=th55+connection none

[26/May/2004:14:47:09 -0400] 10.50.2.65 CORP\XXUser TCP_NC_MISS/200 http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=th55+connection none

[26/May/2004:14:47:09 -0400] 10.50.2.65 CORP\XXUser TCP_HIT/200 http://www.google.com/images/logo_sm.gif none

[26/May/2004:14:47:09 -0400] 10.50.2.65 CORP\XXUser TCP_HIT/200 http://www.google.com/nav_first.gif none

[26/May/2004:14:47:09 -0400] 10.50.2.65 CORP\XXUser TCP_HIT/200 http://www.google.com/nav_current.gif none

[26/May/2004:14:47:09 -0400] 10.50.2.65 CORP\XXUser TCP_HIT/200 http://www.google.com/nav_page.gif none

[26/May/2004:14:47:09 -0400] 10.50.2.65 CORP\XXUserTCP_HIT/200 http://www.google.com/nav_next.gif none

That is a sample of a log file that I have on my desktop. It shows the address, the file name, the user name (replaced), the machines IP that the request was made from (DHCP leases tend to be days and its hard to get a new one at most places. I've had this one for 3 months), and if the request for the page was successful or not.

With SOX, GLB and other requlatory and audit issues coming to light web filtering and web monitoring is becoming a hot topic. www.websense is one of the leading companies in this arena right now.

Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com