Secure Site Viewing question

Posted on 2007-12-03
Last Modified: 2010-04-02
I am a new employee at a large company with a reasonably robust I.T. department.  It would appear that I must go through the company proxy to gain access to the internet via IE. How can I ensure I.T. does not have a record of sites I visit?

assume no sites containing spyware are involved
Question by:verpit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 28

Accepted Solution

batry_boy earned 200 total points
ID: 20399759
>>How can I ensure I.T. does not have a record of sites I visit?

There is no way to ensure that without specific knowledge of any content filters, packet sniffers, or the proxy itself to look and see.  Network monitoring and filtering can be completely undetectable to an end user without the necessary administrative access to see all parts of the network and the traffic flows that are involved.

If the IT department is funneling Internet traffic through a proxy, then they most certainly have the ability to see where you are going since most times a proxy is only used if traffic is desired to be monitored and/or filtered in some way.

Author Comment

ID: 20399964
OK, I get that.  I know the proxy list of 'restricted sites' is not long.  What "can I do" to provide the most protection possible?  What advantage does Firefox have over IE for this?  Can Ipartially hide my machine name in some way?  What about my IP?  What specific protection would visiting only https:// sites provide?
LVL 28

Assisted Solution

batry_boy earned 200 total points
ID: 20400477
>> What "can I do" to provide the most protection possible?

Bypass the proxy by using a different Internet connection (dial-up, wireless, etc.)

>>What advantage does Firefox have over IE for this?

Don't know since I've never tried to do anything like this at the browser level.

>>Can Ipartially hide my machine name in some way?

There may be some application on the Internet that can be used to obfuscate the machine name, but it would probably be some type of hacker program and I don't recommend those.

>>What about my IP?

What you're talking about here is IP spoofing...sure you can do that, but don't you think that if you circumvent company processes that are in place to prevent what you are trying to do that they are eventually going to find out and potentially implement disciplinary action?  I mean, you are a "new employee"...I would think twice about your course of action.

>>What specific protection would visiting only https:// sites provide?

Any data that is contained in the traffic that is sent to or received from an https site would be encrypted and therefore could not be read.  However, the proxy would still show what web site was visited.
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 20403821
https is no guarantee, see reverse proxy:
The proxy does the SSL for you to the destination, however, the traffic between you and the proxy is unencrypted in most cases. We use this to look at users traffic using Snort IDS. This also helps with sniffing traffic that is compressed(gz), the compression is done on the server and the data between the users and proxy is plain-text uncompressed all the time. yahoo message boards for example, without a proxy, the data sent between you and yahoo is compressed bothways, the yahoo servers uncompress the data you send, and the data they send to you is also compressed, and your PC uncompresses it.

Since it's their network, there is no limit to what they can do with data in/out. You can replay SSL/HttpS sessions with certain software available on the net, if the admins capture the entire stream, it might as well be plain-text, it takes seconds to decrypt and replay the entire session using such software, same with gzip compressed streams, which don't require the entire session to be captured.

If there is something you think they won't like about your surfing... your probably correct and shouldn't do it.
Corporations typically have "acceptable use" policies published and or signed by you... if your surfing doesn't violate their published rules, you should have nothing to fear. talk to your HR person if you cannot find such policies or if they weren't provided to you initially.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 20404559
A lot depends on what you are trying to do, and what resources you have.

At least in general, provided you go via a https proxy on the internet (such as the one that used to be free at then IT will see only your connection to the https site, not what you did via there; that said, they may look askance at you for using anonymization sites. There are ways to "break into" a https encrypted channel if you are a corporate IT department, but most of them are fairly complex to set up, expensive, or both.

If you have a home pc you can relay your traffic though, then you can run either a https proxy at home, or a full featured web proxy (such as squid, or analogx proxy) then ssl-tunnel your way to your home machine using the appropriate software. For a minimum, you need some sort of server software (such as ssh for windows) on your home pc, and something to handle the tunnel (such as puTTY) on your work pc. There are also some open source ssl vpn solutions that don't require a program on the pc, but can use your web browser itself (and java) to encrypt the traffic (again, you need a home pc for the server side of this)

The big issue here is what your IT department will do if they notice you trying to avoid their logging - that can range from nothing, though intrusive examinations of your pc, to the worst case scenario where you end up with a written reprimand or no job at all.....

Author Comment

ID: 20405592
I'm not really trying to do anything they would specifically object to and nothing at all that would compromise company data or anything like that so this sounds like it might be more trouble than it's worth.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 200 total points
ID: 20405893
that's the problem with concealment - you may know you aren't doing anything they would seriously object to, but if you do it right, they don't know if you did something they would object to or not - so will assume you did :(

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question