undefined | Better HN

0 pointsfreehunter7y ago0 comments

I've worked in information security my entire career, and let me tell you: we have the ability to monitor anything and everything, and it's often completely invisible to the end user. Read your employee handbook and there are likely places in there talking about monitoring on work-issued machines.

It may be that your employer doesn't do that. You would be extremely in the minority. Even connecting to the employers network, either from VPN or at the office (can get everything on the network up to layer 7), even using their DNS server (can log every DNS request), even using their AV software (can read every file on your system, even removable media), even using their proxy (can watch all your Internet traffic and decrypt SSL), or MaaS tools (game over, full access, including keylogging), there is a ton of tracking and monitoring that can be done from the most basic tools. Most web proxies are capable of breaking SSL requests to inspect the traffic and then rebuilding it before passing it on. I work with a technology that does deep packet inspection and full payload capture on every flow that hits the network.

It may be that your company doesn't do any of that. But before you go coaching people to quit their jobs or assume they're not being tracked, you should realize this is extremely common and any company who does not do it is putting themselves, their employees, and their customers at extreme risk when it comes to security. The most basic of malware could bring down the entire company if they don't have a proxy or AV. And if anyone can attach any device to the internal network without needing any controlling software or inspection software, if anyone can send whatever data they want out of the network, it's not a question of if you will be hacked, it's a question of how long have you been hacked and you just don't know it.

They're not using monitoring software to watch your Amazon shopping habits. They're using it to protect the company, their employees, and their customers.

0 comments

2 comments · 1 top-level

navigatesol7y ago· 1 in thread

>You would be extremely in the minority.

Rubbish. Most companies don't even have an IT department and are too busy trying to keep the business going and make payroll to be worried about malware or what their employees are Googling.

I agree with being cautious, but by the sounds of it you don't know what "most" businesses are like in the real world.

freehunterOP7y ago

You're right. Anyone who doesn't have a corporate network likely isn't going to have a security team or even an IT department. But considering I explicitly mentioned the corporate network and the security department, you obviously knew what I was talking about and just wanted some reason to disagree with me.

Companies without an IT department are extremely unlikely to let their developers take a company-owned laptop home, for the sole reason that they don't have developers or company-owned laptops.

j / k navigate · click thread line to collapse