2

I use my personal lap top for work. The other day I took it in an opened it, logged in and there was a NSFW page open from when I last used it at home. I immediately closed the (incognito) page, no clicks or further browsing. Will that have been captured as I was logged into the wifi?

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
gunit
  • 33
  • 3
  • Possible duplicate of [House owner can see who's connected to WiFi; what more can he see?](http://security.stackexchange.com/questions/38126/house-owner-can-see-whos-connected-to-wifi-what-more-can-he-see) – Xander Dec 16 '15 at 16:34
  • 4
    I don't think it's a dup because in this case, he did not *load* any pages or establish any sessions; the page was just sitting open on his screen. The answers for this will be different from the answers to the linked question. – Mike Ounsworth Dec 16 '15 at 16:37
  • 1
    We are not going to know what kinds of monitoring or logging is employed by your company, so we can't answer that part. As for what traffic might have been sent by your machine, that might be up to the type of OS and browser, and then it doesn't become a security question, but a superuser question. – schroeder Dec 16 '15 at 17:43

2 Answers2

7

It depends on several factors.

If you restored the PC from sleep/slumber/hibernation, then what you saw was the PC state before sleep, not something that had just been downloaded. No traffic was generated, nothing could possibly have been logged.

But the page might have had some active content that was accessing the network. If so, upon restore it might have tried accessing again the network, and that traffic might have been logged. On the other hand this is not so likely, and however this kind of traffic is not NSFW per se - even if it might go out to something like nastysexyserver.com.

If you had just opened the browser, though - if the "logged in" means that you had booted the OS, not restored it from sleep - then things get hairy (pun possibly intended), because the page might have come from the PC's cache or could have triggered a (partial) reload.

I know for a fact that the latest Firefox reloads the tabs when re-opening; but I do have the "save tabs at shutdown" setting checked.

Also, it depends whether the page was HTTP or HTTPS. If the latter, then the URL may have been logged, but not the contents. Most analysis software would discount this as a false positive (typically triggered by an ad on an unrelated page).

LSerni
  • 22,521
  • 4
  • 51
  • 60
  • I opened my mac, put in the password, probably as it was finding the wifi, chrome was open, i saw it and killed the page. – gunit Dec 16 '15 at 16:45
  • @gunit I'd assume that *something* went across the network which could have been noticed by detection systems. Possible it didn't, but assume it did. Still, I wouldn't bring it up unless they actually come to you about it. Unless the page was hosting malware, it's most likely that your IT Security guys won't care about an innocent mistake like that in a BYOD environment. Then again, you also might wanna check your Acceptable Use Policies to see if you should be using the same hardware for work and personal purposes. – Iszi Dec 16 '15 at 16:59
  • No, if you did not *open* Chrome, I'd say that the computer was just coming out of deep sleep, and the page had been loaded at your home. Possibly it may have performed a DNS check, but those are even less likely to be screened, let alone logged, let alone reviewed, let alone acted upon. Still, I guess it depends also on where you work. But if they were all that strict, you wouldn't have been even *allowed* to use your own computer. – LSerni Dec 16 '15 at 17:05
  • Yes - Chrome was already open on the page. I opened my mac, saw the pages from home and hit the red x to close them.. – gunit Dec 16 '15 at 17:57
0

Typically, a network admin can only see traffic that goes over the network. Unless they have installed special monitoring tools on your computer, they can not see what programs you have running. If you load a new web page, they'll definitely see it because it has to pull the data from the internet over the network, but a page that's already loaded and is just sitting there shouldn't be generating any network traffic. Assuming of course that it's a simple html page. If the page in question had trackers or scripts in it that "phone home" to report on you (like most modern web pages do), or dynamically loads new content or ads, then there would be traffic that could be logged.

Your Chrome is all guarded up with script blockers I trust?

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207