Am I being Watched at work via remote access?
March 2, 2005 3:20 AM Subscribe
[RemoteAccessFilter] Am I being watched at work?
Okay, heres the deal. My workplace runs on all macs, and we just installed a new server and upgraded the os. On the old version there was a little man under these binoculars who went black every so often, and when that happened I made sure I wasnt on the net or anything. On the new server os we just have a big pair of binoculars there, and I have no idea if there is any way to tell if my computer is being monitored or whatnot, either via remote access (the binoculars), or some other piece of software. Or if they can tell which software is active for how long or whatnot... Checked the manuals for remote access, and I am reluctant to ask the IT guy even though we are on good terms and all...
Now I know the simple answer is, dont surf the net at work, but thats not really what I am looking for. Most of the time I really dont have anything to do, honest to god, and I would just get bored to death otherwise. Been at the place for a year, but I really cannot lose this job.
If anyone can help at all with this, please make yourself known. If you need any more details, let me know. Thanks!
Okay, heres the deal. My workplace runs on all macs, and we just installed a new server and upgraded the os. On the old version there was a little man under these binoculars who went black every so often, and when that happened I made sure I wasnt on the net or anything. On the new server os we just have a big pair of binoculars there, and I have no idea if there is any way to tell if my computer is being monitored or whatnot, either via remote access (the binoculars), or some other piece of software. Or if they can tell which software is active for how long or whatnot... Checked the manuals for remote access, and I am reluctant to ask the IT guy even though we are on good terms and all...
Now I know the simple answer is, dont surf the net at work, but thats not really what I am looking for. Most of the time I really dont have anything to do, honest to god, and I would just get bored to death otherwise. Been at the place for a year, but I really cannot lose this job.
If anyone can help at all with this, please make yourself known. If you need any more details, let me know. Thanks!
I don't know what the law is where you are, but in the UK, I'm 99% sure that employers aren't allowing to engage in indiscriminate monitoring of an employee's terminal - they have to have just cause to do so, and aren't allowed to infringe your privacy on a whim. So if you were fired as a result of a random monitoring, you'd have cause to go to a tribunal. Don't know if that helps or not..
posted by ascullion at 3:44 AM on March 2, 2005
posted by ascullion at 3:44 AM on March 2, 2005
I could be wrong but it sounds like remote access
It's use isn't really for "monitoring" but rather for software deployment, remote help, etc.
On the job front - don't do anything to lose the job.
posted by filmgeek at 3:50 AM on March 2, 2005
It's use isn't really for "monitoring" but rather for software deployment, remote help, etc.
On the job front - don't do anything to lose the job.
posted by filmgeek at 3:50 AM on March 2, 2005
I thought that the corporate structure allowed for certain freedoms? Nowadays it seems like that's out the windows and everyone is Bob Cratchet. Were you really explicitly told never to go on the internet?
posted by Napierzaza at 3:52 AM on March 2, 2005
posted by Napierzaza at 3:52 AM on March 2, 2005
I can't really help but that won't stop me from commenting. I work for Uncle Sam. Every morning when I log on to our network I click "OK" and agree to something. One day I decided to read it. It says "This is a US Government computer system. This system may be monitored...use of this system...consent to monitoring..." I just assume that my employer has the capability to monitor my activities and I conduct myself accordingly. Whether they gather and use data is another matter. Lately more and more sites are being blocked so I assume that they are fine-tuning the blocking software. They know that everyone surfs the web. The capability to gather information or record keystrokes or whatever is sort of held in reserve in case they need to take some administrative action.
posted by fixedgear at 3:56 AM on March 2, 2005
posted by fixedgear at 3:56 AM on March 2, 2005
To clarify - my point was to indicate that it's always worth checking out the specific regulations in your home country. We read so much US-centric stuff on the web, we start thinking that their laws apply in other countries too (well, at least I do!)
posted by ascullion at 4:10 AM on March 2, 2005
posted by ascullion at 4:10 AM on March 2, 2005
I would have thought that the 'normal' situation these days is for company IT security to be tuned into all staff pc's and sites they visit.
They don't necessarily monitor the staff in real time but I've always expected that there were myriad programs generating reports from many different search queries such as offlimit sites and suspect file types etc.
Here in Sydney, we had to sign some sort of agreement to acceptable use policy but I'm certain that it was made known that 'big brother' is around. I've also seen a similar login agreement which came onscreen periodically - like fixedgear said.
Certainly, some colleagues were hauled over the coals at my BIG company early on (a few years ago) for passing on dubious email attachments. My presumption is that everything is monitored and reported in some form or another.
When in doubt, expect you're monitored - after all, they are THEIR computers, I guess.
If you're going to surf anyway, I think it's worth asking your IT acquaintance. If they are 1/2-way decent they ought to help prevent problems rather than just police them.
posted by peacay at 4:54 AM on March 2, 2005
They don't necessarily monitor the staff in real time but I've always expected that there were myriad programs generating reports from many different search queries such as offlimit sites and suspect file types etc.
Here in Sydney, we had to sign some sort of agreement to acceptable use policy but I'm certain that it was made known that 'big brother' is around. I've also seen a similar login agreement which came onscreen periodically - like fixedgear said.
Certainly, some colleagues were hauled over the coals at my BIG company early on (a few years ago) for passing on dubious email attachments. My presumption is that everything is monitored and reported in some form or another.
When in doubt, expect you're monitored - after all, they are THEIR computers, I guess.
If you're going to surf anyway, I think it's worth asking your IT acquaintance. If they are 1/2-way decent they ought to help prevent problems rather than just police them.
posted by peacay at 4:54 AM on March 2, 2005
of course, if you have administrator rights on that machine...you could fire up terminal, type top figure out the GUID of the Remote access process and kill it.
They would of course see that you "went" offline, come down to see what's wrong. And then remove your admin status. But you do it.
posted by filmgeek at 5:17 AM on March 2, 2005
They would of course see that you "went" offline, come down to see what's wrong. And then remove your admin status. But you do it.
posted by filmgeek at 5:17 AM on March 2, 2005
The binoculars are without a doubt Remote Access, and your screen *can* definitely be monitored. Remote Access allows the administrator to access all Macs on the network and the non-admins will not know if they are being monitored. As noted above usually remote access is used to update machines remotely, but it has other features as well.
That doesn't mean that you are being monitored, but from a technical standpoint- it's fairly easy.
posted by jeremias at 6:06 AM on March 2, 2005
That doesn't mean that you are being monitored, but from a technical standpoint- it's fairly easy.
posted by jeremias at 6:06 AM on March 2, 2005
The only way to be sure you're not being monitored, is to bring in your own laptop, set up an encrypted connection between your laptop and your home computer (if you have one on high speed access) and route your traffic through the home computer. All they could see, at that point, is some traffic going between your laptop and your office computer. So, something like XP's remote access would do the trick nicely, I imagine.
posted by gd779 at 6:24 AM on March 2, 2005
posted by gd779 at 6:24 AM on March 2, 2005
Can you be any more specific?
they can watch all the traffic to and from you computer on their network. they can have a list of sites you visit, for example, and a lit of every time your browser makes a request.
And is there any way to know if this type of monitoring is being used?
no.
posted by andrew cooke at 6:42 AM on March 2, 2005
they can watch all the traffic to and from you computer on their network. they can have a list of sites you visit, for example, and a lit of every time your browser makes a request.
And is there any way to know if this type of monitoring is being used?
no.
posted by andrew cooke at 6:42 AM on March 2, 2005
Unless you're doing something wrong, you're probably not being monitored. And I mean that from a practical standpoint, not a "only criminals worry about random searches" one.
Workplace rules about tracking activity are generally in place as a CYA. Depending on the size of your company, logons to various systems are logged, and kept around for some number of years for audit/regulatory purposes. Triggering the content filter on your corporate firewall is probably not noticed from time to time (YMMV depending on the prevailing corporate attitude), but if your name shows up hundreds of times a day, someone might notice. If someone were "watching" your desktop, they'd probably have a very good reason to, as it takes up a lot of someone else's time and effectively leaves no actionable record for them.
Bottom line- your IT department probably gathers A LOT of information about your activity over the course of the day. Most of it is ignored because sifting through it is a pain in the ass. It's there in case they need it, but no one is probably monitoring you.
posted by mkultra at 8:15 AM on March 2, 2005
Workplace rules about tracking activity are generally in place as a CYA. Depending on the size of your company, logons to various systems are logged, and kept around for some number of years for audit/regulatory purposes. Triggering the content filter on your corporate firewall is probably not noticed from time to time (YMMV depending on the prevailing corporate attitude), but if your name shows up hundreds of times a day, someone might notice. If someone were "watching" your desktop, they'd probably have a very good reason to, as it takes up a lot of someone else's time and effectively leaves no actionable record for them.
Bottom line- your IT department probably gathers A LOT of information about your activity over the course of the day. Most of it is ignored because sifting through it is a pain in the ass. It's there in case they need it, but no one is probably monitoring you.
posted by mkultra at 8:15 AM on March 2, 2005
The IT guys have two ways they can get at you. They can install software on your computer so they can snoop what you're doing on your machine, and they can watch all the network traffic going by so they can snoop your web surfing (and emailing and IMing, etc.). They can do both of these things in real time, and they can do both these things without you having any way of knowing.
This combination means that, as gd779 has already stated, the only way you can hide what you're doing is by bringing in your own computer (so you know their software isn't installed on it) and setting up an encrypted connection to the outside world (to bypass their network monitoring).
posted by event at 8:32 AM on March 2, 2005
This combination means that, as gd779 has already stated, the only way you can hide what you're doing is by bringing in your own computer (so you know their software isn't installed on it) and setting up an encrypted connection to the outside world (to bypass their network monitoring).
posted by event at 8:32 AM on March 2, 2005
FInd out what version of Remote Desktop you are on, then do the following:
Go into System Preferences, and then "Sharing". One of the items in here is the checkbox for Apple Remote Desktop.
If you highlight it and click on the "Access Privileges" button, you can change what the Remote Desktop administrator can and cannot do.
One of the checkboxes is called "Show when being observed." I think it puts a little icon in your menu bar that changes when you're being watched.
The problem with all this is that you probably need administrator access if you need to change this.
posted by jeremias at 10:18 AM on March 2, 2005
Go into System Preferences, and then "Sharing". One of the items in here is the checkbox for Apple Remote Desktop.
If you highlight it and click on the "Access Privileges" button, you can change what the Remote Desktop administrator can and cannot do.
One of the checkboxes is called "Show when being observed." I think it puts a little icon in your menu bar that changes when you're being watched.
The problem with all this is that you probably need administrator access if you need to change this.
posted by jeremias at 10:18 AM on March 2, 2005
If the IT dept controls access by MAC address then bringing a laptop wouldn't work.
posted by Jim Jones at 11:02 AM on March 2, 2005
posted by Jim Jones at 11:02 AM on March 2, 2005
Just be clear, I don't know what the laws are in the U.K., but in the states, you have no rights to privacy while on the payroll and using company property.
Use the company phone, the internet connection, the photocopier, the fax machine, or the computer, and you can monitored without warning or notice.
They're paying for your time, what are doing with it?
posted by PissOnYourParade at 8:35 PM on March 2, 2005
Use the company phone, the internet connection, the photocopier, the fax machine, or the computer, and you can monitored without warning or notice.
They're paying for your time, what are doing with it?
posted by PissOnYourParade at 8:35 PM on March 2, 2005
Jim Jones: If the IT dept controls access by MAC address then bringing a laptop wouldn't work.
Contrary to popular belief it is trivially easy to change your mac address to your "authorized" MAC in most cases. I've changed the MAC on the onboard intel pro 100 in the machine I'm writing this from twice in the last six months. Heck most consumer routers have MAC Address cloning built in.
I'll confirm what event said. Also if a network admin at a place that was either so draconian or paranoid enough to be monitoring your connection saw a lot of encrypted [1] traffic you'd probably be called into an office sooner rather than later.
[1] remember an encrypted tunnel is still passing packets, the admin just can't read what is being passed. At a minimum an admin can tell how much data has been passed. A good admin can often hazard a WAG as to whether your downloading porn; checking email, or surfing news sites just by the volume over time and pattern of the volume in each direction.
posted by Mitheral at 11:36 PM on March 2, 2005
Contrary to popular belief it is trivially easy to change your mac address to your "authorized" MAC in most cases. I've changed the MAC on the onboard intel pro 100 in the machine I'm writing this from twice in the last six months. Heck most consumer routers have MAC Address cloning built in.
I'll confirm what event said. Also if a network admin at a place that was either so draconian or paranoid enough to be monitoring your connection saw a lot of encrypted [1] traffic you'd probably be called into an office sooner rather than later.
[1] remember an encrypted tunnel is still passing packets, the admin just can't read what is being passed. At a minimum an admin can tell how much data has been passed. A good admin can often hazard a WAG as to whether your downloading porn; checking email, or surfing news sites just by the volume over time and pattern of the volume in each direction.
posted by Mitheral at 11:36 PM on March 2, 2005
This thread is closed to new comments.
posted by andrew cooke at 3:39 AM on March 2, 2005