# IT department security?



## runevirage (Aug 27, 2012)

If your IT department has access to network info like that needed to log on to a WPA2-Enterprise network, could they possibly log onto the network and act as you? If they have the logon info can they track things like your passwords while you are using the network, or access any program or files therein? I trust most IT departments are full of responsible individuals but I was wondering if this capability is even possible in the first place.


----------



## 95Viper (Aug 27, 2012)

YES, Skynet has total control and access.

They are the IT Dept. for a reason... to manage their (the company's) network.

Usually, the Administrators have full access.  Others are given access as needed.


----------



## runevirage (Aug 27, 2012)

95Viper said:


> YES, Skynet has total control and access.
> 
> They are the IT Dept. for a reason... to manage their (the company's) network.
> 
> Usually, the Administrators have full access.  Others are given access as needed.



So if I log on to the network with my personal laptop, are they able to see things like passwords?


----------



## 95Viper (Aug 27, 2012)

Yes, admins with total control, in most larger organizations have the capabilities for this.

How else are they going to monitor, control, secure, etc. their network.


----------



## Steevo (Aug 27, 2012)

They will be able to see it anyway on wired networks if they are really interested due to being the man in the middle so to speak. 

What should you learn from this? Don't do personal business at work. besides, you are there to work.


----------



## temp02 (Aug 27, 2012)

AFAIK, with WPA2 the communication between the AP and your NIC is encrypted with a different set of keys then the other users, so even if other authenticated user is eavesdropping the wireless network they won't/shouldn't be able to decode/see your traffic/packets.
IT personnel should however be able to see the URLs of the pages you visit, if they have some kind of firewall logging.
Still, if you are afraid of someone stealing your passwords, login only on secure (HTTPS) websites.


----------



## runevirage (Aug 27, 2012)

Steevo said:


> They will be able to see it anyway on wired networks if they are really interested due to being the man in the middle so to speak.
> 
> What should you learn from this? Don't do personal business at work. besides, you are there to work.



It's not really "work", it's school, and my laptop is both personal and work related. I also use my personal email to contact teachers and prospective employers. I am wondering if my gmail password is logged somewhere when I log onto a WPA2-Enterprise network at my school.


----------



## 3870x2 (Aug 27, 2012)

On windows systems I don't believe it is entirely possible to see someones passwords without cracking something.  They can only change them.

If you haven't commited your computer to the domain, then they have no rights other than to see the data passed through.  Joining the domain however gives them access that is susceptible to the network configuration and rights.


----------



## runevirage (Aug 27, 2012)

temp02 said:


> AFAIK, with WPA2 the communication between the AP and your NIC is encrypted with a different set of keys then the other users, so even if other authenticated user is eavesdropping the wireless network they won't/shouldn't be able to decode/see your traffic/packets.
> IT personnel should however be able to see the URLs of the pages you visit, if they have some kind of firewall logging.
> Still, if you are afraid of someone stealing your passwords, login only on secure (HTTPS) websites.



So if someone else uses my login credentials to use the network, that session will be separate from my current session? What if I am currently offline and someone decides to use my login credentials acting as an imposter; do network logs take into account things like MAC addresses so that I have plausible deniability in case they try to do something illegal on my network account?


----------



## Steevo (Aug 27, 2012)

Are we talking "rights" now, or real life?

This has nothing to do with even logging onto the domain, and everything to do with networking basics.


----------



## 95Viper (Aug 27, 2012)

If, your laptop sends it encrypted/secured, then no, not unless they crack it.  <-- this speaking of your passwords and data

And, if you are on someone's network, they have ability to see what you are doing and sending/receiving. (If they have any training or know what they are doing)


----------



## runevirage (Aug 27, 2012)

Does a Windows login password help in this regard in any way? Or is that more for protection against local/physical unauthorized access?


----------



## ShiBDiB (Aug 27, 2012)

runevirage said:


> Does a Windows login password help in this regard in any way? Or is that more for protection against local/physical unauthorized access?



No... not at all

Use https sites and avoid using public networks.


----------



## 95Viper (Aug 27, 2012)

If you suspect someone is accessing you info at gmail or school report it.

Also, there is...
Gmail has the 2-step verification adds an extra layer of security to your Google Account...


----------



## Steevo (Aug 27, 2012)

95Viper said:


> If, your laptop sends it encrypted/secured, then no, not unless they crack it.  <-- this speaking of your passwords and data
> 
> And, if you are on someone's network, they have ability to see what you are doing and sending/receiving. (If they have any training or know what they are doing)



Does it remain encrypted after it his wire? Nope. Moot pint.


----------



## 3870x2 (Aug 27, 2012)

Steevo said:


> Are we talking "rights" now, or real life?
> 
> This has nothing to do with even logging onto the domain, and everything to do with networking basics.



I would hope that the IT department isn't doing any "Real Life" cracking or they can kiss their career goodbye, possible with jailtime.

This could also happen regardless of if he is connected to their network, making the point irrelevant.

Also you are being very short with everyone on this topic.  Had a bad day?


----------



## Steevo (Aug 27, 2012)

Just ready to be home with my kids.


And trying to be to the point with information. He was asking about security within the IT department, and really they are the last piece of the puzzle. They could see everything before your information goes out the proverbial door.


----------



## 3870x2 (Aug 27, 2012)

Steevo said:


> Just ready to be home with my kids.
> 
> 
> And trying to be to the point with information. He was asking about security within the IT department, and really they are the last piece of the puzzle. They could see everything before your information goes out the proverbial door.



Best to assume any information is available when running through another network, that is for sure.


----------



## brandonwh64 (Aug 27, 2012)

IT departments own the network and most things that connect to it so they really can do whatever they want to monitor it. I don't see them creating a whole domain and put blind folds on.


----------



## Steevo (Aug 27, 2012)

Just another reason the internet should remain private give the government a challenge like reading all the data on the net, and put them in strategic locations like backbone, or entry point and your freedom isn't so free anymore. At least with multiple competing companies they should be focused on customer satisfaction and not customer snooping. Not that it hasn't happened int he past. 


SA had a stooge run a redirect from the hosting company.


----------



## 95Viper (Aug 28, 2012)

Steevo said:


> Does it remain encrypted after it his wire? Nope. Moot pint.



Not my point, here.

My point was to the OP, as, he thought someone was possibly signing on GMail with his info.
Gmail has the 2-step verification, so if it was not him the person or persons doing this would not be able to sign into his GMail.


----------



## Steevo (Aug 28, 2012)

95Viper said:


> Not my point, here.
> 
> My point was to the OP, as, he thought someone was possibly signing on GMail with his info.
> Gmail has the 2-step verification, so if it was not him the person or persons doing this would not be able to sign into his GMail.



http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Would it matter if they had all of his information?


----------



## 95Viper (Aug 28, 2012)

Steevo said:


> http://en.wikipedia.org/wiki/Man-in-the-middle_attack
> 
> Would it matter if they had all of his information?



Unless, they clone his phones, too.


EDIT:

Quoted from Gmail 2-step verification:


> Why you should use 2-step verification
> 
> 2-step verification drastically reduces the chances of having the personal information in your Google account stolen by someone else. Why?* Because hackers would have to not only get your password and your username, they'd have to get a hold of your phone*.


----------



## Steevo (Aug 28, 2012)

Most likely not worth it, unless they were bored and the phone was connected to the network also to receive the message.


----------



## temp02 (Aug 28, 2012)

runevirage said:


> So if someone else uses my login credentials to use the network, that session will be separate from my current session? What if I am currently offline and someone decides to use my login credentials acting as an imposter; do network logs take into account things like MAC addresses so that I have plausible deniability in case they try to do something illegal on my network account?



One thing is your network login credentials, other thing is your other/websites login credentials, even if someone has your network login details they won't be able to eavesdrop your session. But why would anyone else have your network login details (I mean besides the IT personnel)? IT personnel won't do any "wrong stuff" with your network account (why would they?), so no need for any "plausible deniability", also it is your "job" to keep your network access details a secret.


----------



## OnePostWonder (Aug 28, 2012)

When I was in school, the IT department had the capability of seeing everything you were doing as if they were sitting there with you.  The only way this was possible was by having software installed on each individual machine to make this possible or by having each machine configured to allow them unrestricted access.

In your case, as temp02 said, they would be able to see the URLs of the sites you are visiting.  They *would not* be able to access your programs or files, as that would involve allowing them, from your machine, to do so.  The only other means of doing this would be to break the law and use software (such as BackTrack) or other means to access your stuff.  The same is true for passwords; groups like Hak5 have demonstrated successful MITM (Man-in-the-middle) attacks to steal users' passwords.

This is all written as I have come to understand it.


----------



## OnePostWonder (Aug 28, 2012)

95Viper said:


> Yes, admins with total control, in most larger organizations have the capabilities for this.
> 
> How else are they going to monitor, control, secure, etc. their network.



To elaborate on this further, they are able to see passwords for accounts established on their networks, services, website, etc., especially if it's one of thoSe cOmpaNies who stores Your passwords in plain text.

There's no reason they would be able to see the passwords you enter to log onto an IM program, website outside of their control (Amazon, Google and its services [Gmail], uzw.).

If that were the case, how the hell could anyone use public WiFi reasonably?

*EDIT:*  Thanks in part to 95Viper, I went back and read what I wrote here.  If it seems like I'm saying public WiFi is perfectly secure, I'm not.  I'm saying that it is "secure" enough that the average user isn't going to happen upon your info.  Anyone willing to break the law and equipped with the right stuff will certainly be able to.

I don't feel like looking back, but one other user mentioned about using HTTPS.  As one example, this alleviated the issue of session hi-jacking by way of capturing a session cookie.  Some of you may remember Firesheep; this little program made it literally as easy as clicking a button to access someone's account by becoming their session.  I observed someone successfully jump from one Facebook account to the next because of its (and other websites) fundamental operation.  You can search for Firesheep and find more about it at Codebutler.


----------



## 95Viper (Aug 28, 2012)

OnePostWonder said:


> To elaborate on this further, they are able to see passwords for accounts established on their networks, services, website, etc., especially if it's one of thoSe cOmpaNies who stores Your passwords in plain text.
> 
> There's no reason they would be able to see the passwords you enter to log onto an IM program, website outside of their control (Amazon, Google and its services [Gmail], uzw.).
> 
> If that were the case, how the hell could anyone use public WiFi reasonably?



Reasonably means, in the case of public wifi, don't use it unless you don't care who may see it.

They are able to see and capture any stream of data across their network.

And, public wifi is not secure. It can be captured and no moron would ever send sensitive data across public wifi.

You are living in dreamland if you think your info is safe on public wifi.


----------



## OnePostWonder (Aug 28, 2012)

95Viper said:


> Reasonably means, in the case of public wifi, don't use it unless you don't care who may see it.
> 
> They are able to see and capture any stream of data across their network.
> 
> ...



I think you need to elaborate a bit more.  As I said in my post, there is no legal means to access your stuff and the average user isn't going to simply happen on it.  If you actually read what I wrote, you'd see that I said the individual who is intending to access your stuff would need to make use of software or some other means to do so.

No, I don't think my information is safe on public WiFi, so when I go to a hotel or wherever that has it, I do my best to not send anything important via plain text.  I also make an effort not to log into accounts that I care about because there is always the possibility that someone out there is going to the MITM.


----------



## Solaris17 (Aug 28, 2012)

more like IT department sorcery


----------



## 95Viper (Aug 28, 2012)

First, you double posted, so I was posting  in response to your response in which you quoted me.
And, you brought up public networks.

The discussion I was involved in had to do with, as far as my understanding, a schools network, which usually is open, but secured and operated by that institution.

And, just about anyone with good computer skill sets, training, understanding, and a will to do so can hack.... legal or not is a moot point.


----------



## Solaris17 (Aug 28, 2012)

95viper said:


> first, you double posted, so i was posting  in response to your response in which you quoted me.
> 
> _some stuff_



wat


----------



## OnePostWonder (Aug 28, 2012)

95Viper said:


> First, you double posted, so I was posting  in response to your response in which you quoted me.
> And, you brought up public networks.
> 
> The discussion I was involved in had to do with, as far as my understanding, a schools network, which usually is open, but secured and operated by that institution.
> ...



I'm kinda with Solaris on the "wat" part because you read as though you're agreeing with me.  "...just about anyone with good computer skill sets, training, understanding, a will to do so can hack...", wasn't this what I said?  Also, legal or not isn't a moot point in the case of addressing what the OP originally asked.


----------



## 95Viper (Aug 28, 2012)

OnePostWonder said:


> To elaborate on this further, they are able to see passwords for accounts established on their networks, services, website, etc., especially if it's one of thoSe cOmpaNies who stores Your passwords in plain text.
> 
> There's no reason they would be able to see the passwords you enter to log onto an IM program, website outside of their control (Amazon, Google and its services [Gmail], uzw.).
> 
> ...



I was responding to this post, before your edit; and, I see you have amended your post.

So,I guess there is agreement.


----------



## Steevo (Aug 28, 2012)

Solaris17 said:


> more like IT department sorcery



Quite. 


It always amazes my users when they visit a site a few times and all of a sudden its blocked. Magic..........of the dark arts. 

It isn't hacking if you are doing it on their network. YOu are at fault for doing any personal things on their network, they pay for it, pay to maintain it, pay to secure it, and pay to have it monitored. And monitored it is, even if you never know about it. 


I can force every person who accesses the network or internet to sign in. Every connection is monitored to domain and IP level, can be logged, filtered, and e-mailed to me, I can log the data from any connection and export it. All of this from a firewall that costs less than a grand. 



Plus there are about 5 simple hacks I can think of that will allow any power user to watch all the traffic on a network and save it, then you can take it home and spend time breaking it.


----------

