Web site monitoring question

If you have personal laptop at work and use an analog telephone line to dial up your ISP (say, AOL or whatever), can your company somehow tap into that and monitor what websites you are on?

I always assumed you’d have to be on their network for them to monitor that. Is there a way to do that though an analog phone line via a private ISP?

Networking/security gurus needed.

This thread is useless w/o pictures.

It’s not a network issue; it’s either a wiretap issue, as they can just tap the line and monitor the session, or an endpoint issue, in which case whatever keyloggers and so forth they have on the laptop can monitor the session.

Oh, personal laptop. The wiretap issue remains.

Not via the network no (at least easily enough that they would give a shit), but here are the gotchas:

  1. When on corporate VPN’s frequently you are NOT split-tunneled. This means a lot of companies choose to direct ALL traffic across the VPN once you connect. So in that case, they can monitor you just as easily as on your network.

  2. Any network or AD admin can remote into your machine and view your IE browser history. If you’re sitting on the network at any point, even after you were using the ISP, they can check it, IF they have reason to do so.

Your best bet is to you an alternate browser and some way to clear your session after viewing. You can clear your session with Firefox using something like the following procedure.

Edit: Shit … reading comprehension ftl. You said personal laptop. Not much they would do, carry on.

They’d definitely be able to tap the phone connection, since pretty much every office of a decent size uses their own internal telephony network rather than a direct AT&T/Verizon/whoever line right to your office.

But it would take rather specialized equipment to extract anything meaningful out of it, and I wouldn’t expect a regular old IT department to have it unless you’re in that kind of wiretapping line of work anyway. It’s not like they can plug their own old USR modem into the line and instantly see everything you’re doing.

(Though they might be able to record it and replay it back to the FBI, depending on just how much trouble they think you’re getting into…)

As Fugitive et al have said, it’s sufficiently difficult that I wouldn’t really worry about it. But if you are worried that your employers might do something like this then I’d suggest not using the phone line in work to browse the Anachist’s Cookbook or whatever it is that your browsing that you don’t want them to know about…

Yeah, you’re not going to see web blocking or flitering on analog phone lines generally. If it’s going through a PBX of some kind (and it probably is) they can in theory block known ISP numbers, but most telecom admins have better things to do with their time than keep track of dial up ISP numbers.

I will say that they will be able to tell where you are calling (again, if you’re on a PBX, and you most likely are), and may have some alerts set up for length of call time on an analog line; we do, not specifically for this reason but we’ll know if an analog line is tied up for more than a few minutes.

“Agent Lundy? so I hear a rumor you’re tracking all our Internet activity, so is it true? 'Cause I can explain all that she-male stuff.”

Yeah, the analog line is used all day (as in right now). They know I use it, in fact the intalled it for my use with the laptop. I was just wondering if it was some easy to monitor thing, intercepting the TCP/IP packets my ISP and laptop are sending back and forth.

To me it strikes as illegal, as it’s my private laptop and my private ISP. I’d be like if they monitored my cell phone calls because they owned (or really, rather leased, as I doubt they actually own the PBX) the cell phone tower, but not my cell phone provider or my cell phone.

There’s your answer, Elguapo.

I would give a teenager $100 a month to pay for a $25 a month cell phone data plan and tether off that. Payment should be made in cash in an otherwise blank envelope.

Well, they could monitor you as you describe with enough effort, but the odds against seem to be enormous. With all the ill will in the world, it’s hard to imagine any IT or security staff spending the effort to monitor analog phone lines to detect a digital signal and then to log the data. I doubt that most such departments have any equipment or software for that purpose these days, since no one uses analog lines for data anymore.

But of course they have complete control of their own phone system – the PBX or whatever it is they may have – so they can do it in principle. It’s probably even legal if they do it with a PBX, since that’s corporate property, as are the lines coming out from it.

If you are a “person of interest” then it is slightly more plausible that some law enforcement group would go to that much trouble for you in particular, but in that case, they could probably just log everything at the ISP anyway with a court order.

By the way, if you use HTTPS to an external proxy server, I believe it would be all but impossible for most corporate IT or security groups to log the traffic, though of course it would be possible for NSA or someone like that with enough resources.

They can just capture the packets and then take them apart at leisure. This doesn’t have to be a real-time effort.

Given the packets, it’s easy to parse them for HTTP requests and the like so long as the packets are not encrypted. It can actually be done in real time on a rather big data stream (much bigger than a mere audio channel) through deep packet inspection techniques if they pay enough money for the tools and equipment. Of course you’re right that it would most likely be done offline, as there would likely be no special requirement for expensive real-time analysis.

The trick is actually getting the packets. I doubt most corporate groups have any convenient means at hand to tap an analog line and extract the packet data. Of course this is not really technologically challenging, it’s just that it’s almost obsolete tech for most groups, and even with the appropriate software, doing this requires some modest combination of telephone and computer skills that may not be present in most companies.