Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Secure Site Viewing question

Posted on 2007-12-03
Medium Priority
Last Modified: 2010-04-02
I am a new employee at a large company with a reasonably robust I.T. department.  It would appear that I must go through the company proxy to gain access to the internet via IE. How can I ensure I.T. does not have a record of sites I visit?

assume no sites containing spyware are involved
Question by:verpit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 28

Accepted Solution

batry_boy earned 800 total points
ID: 20399759
>>How can I ensure I.T. does not have a record of sites I visit?

There is no way to ensure that without specific knowledge of any content filters, packet sniffers, or the proxy itself to look and see.  Network monitoring and filtering can be completely undetectable to an end user without the necessary administrative access to see all parts of the network and the traffic flows that are involved.

If the IT department is funneling Internet traffic through a proxy, then they most certainly have the ability to see where you are going since most times a proxy is only used if traffic is desired to be monitored and/or filtered in some way.

Author Comment

ID: 20399964
OK, I get that.  I know the proxy list of 'restricted sites' is not long.  What "can I do" to provide the most protection possible?  What advantage does Firefox have over IE for this?  Can Ipartially hide my machine name in some way?  What about my IP?  What specific protection would visiting only https:// sites provide?
LVL 28

Assisted Solution

batry_boy earned 800 total points
ID: 20400477
>> What "can I do" to provide the most protection possible?

Bypass the proxy by using a different Internet connection (dial-up, wireless, etc.)

>>What advantage does Firefox have over IE for this?

Don't know since I've never tried to do anything like this at the browser level.

>>Can Ipartially hide my machine name in some way?

There may be some application on the Internet that can be used to obfuscate the machine name, but it would probably be some type of hacker program and I don't recommend those.

>>What about my IP?

What you're talking about here is IP spoofing...sure you can do that, but don't you think that if you circumvent company processes that are in place to prevent what you are trying to do that they are eventually going to find out and potentially implement disciplinary action?  I mean, you are a "new employee"...I would think twice about your course of action.

>>What specific protection would visiting only https:// sites provide?

Any data that is contained in the traffic that is sent to or received from an https site would be encrypted and therefore could not be read.  However, the proxy would still show what web site was visited.
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 20403821
https is no guarantee, see reverse proxy:
The proxy does the SSL for you to the destination, however, the traffic between you and the proxy is unencrypted in most cases. We use this to look at users traffic using Snort IDS. This also helps with sniffing traffic that is compressed(gz), the compression is done on the server and the data between the users and proxy is plain-text uncompressed all the time. yahoo message boards for example, without a proxy, the data sent between you and yahoo is compressed bothways, the yahoo servers uncompress the data you send, and the data they send to you is also compressed, and your PC uncompresses it.

Since it's their network, there is no limit to what they can do with data in/out. You can replay SSL/HttpS sessions with certain software available on the net, if the admins capture the entire stream, it might as well be plain-text, it takes seconds to decrypt and replay the entire session using such software, same with gzip compressed streams, which don't require the entire session to be captured.

If there is something you think they won't like about your surfing... your probably correct and shouldn't do it.
Corporations typically have "acceptable use" policies published and or signed by you... if your surfing doesn't violate their published rules, you should have nothing to fear. talk to your HR person if you cannot find such policies or if they weren't provided to you initially.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 800 total points
ID: 20404559
A lot depends on what you are trying to do, and what resources you have.

At least in general, provided you go via a https proxy on the internet (such as the one that used to be free at then IT will see only your connection to the https site, not what you did via there; that said, they may look askance at you for using anonymization sites. There are ways to "break into" a https encrypted channel if you are a corporate IT department, but most of them are fairly complex to set up, expensive, or both.

If you have a home pc you can relay your traffic though, then you can run either a https proxy at home, or a full featured web proxy (such as squid, or analogx proxy) then ssl-tunnel your way to your home machine using the appropriate software. For a minimum, you need some sort of server software (such as ssh for windows) on your home pc, and something to handle the tunnel (such as puTTY) on your work pc. There are also some open source ssl vpn solutions that don't require a program on the pc, but can use your web browser itself (and java) to encrypt the traffic (again, you need a home pc for the server side of this)

The big issue here is what your IT department will do if they notice you trying to avoid their logging - that can range from nothing, though intrusive examinations of your pc, to the worst case scenario where you end up with a written reprimand or no job at all.....

Author Comment

ID: 20405592
I'm not really trying to do anything they would specifically object to and nothing at all that would compromise company data or anything like that so this sounds like it might be more trouble than it's worth.
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 800 total points
ID: 20405893
that's the problem with concealment - you may know you aren't doing anything they would seriously object to, but if you do it right, they don't know if you did something they would object to or not - so will assume you did :(

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question