0

Doing research, I haven't found anything specific to my question. I work for a small local company with 15 employees. I originally hooked up the internet but we hired an I.T. Company recently. We have a Sophos firewall, hooked to an hp switch. The wifi router is connected to the switch. The I.T. Company put a "file sharing" computer on the switch and I know they said there is computer performance monitoring on that computer. They have a VNC, and agent and all that on the computers for monitoring.

My question is wifi. The log-in is generic, not per-person. Just need the wifi password. So if I connect my phone to work wifi and am using an app that defaults to ssl such as Tumblr for example. I'm curious as to if they can see the content? I do not care if they can see that I opened the tumblr app, but can they see WHAT I was looking at or searching. I know the firewall does not have any filtering or monitoring turned on because I can access it, but I don't know what they have on the computer they hooked up. And my phone does not have any company certs installed on it.

Jesse
  • 1
  • 2
  • 2
    It might be or might be not. Sophos firewalls can do SSL inspection but it is unclear from your question if this is enabled or not. And if it is enabled it is unknown if you have the needed proxy CA installed as trusted on your system or not. See [Is it common practice for companies to MITM HTTPS traffic?](https://security.stackexchange.com/questions/107542/is-it-common-practice-for-companies-to-mitm-https-traffic). In any case, it does not matter if you use WiFi or LAN unless the security policies are different but these are unknown to us anyway. – Steffen Ullrich Apr 27 '17 at 14:38
  • ...or https://security.stackexchange.com/questions/46465/tumblr-app-on-while-android-phone-logged-onto-work-wifi – Anders Apr 27 '17 at 21:17

1 Answers1

-2

In general no, without certs installed on the user's computer, SSL traffic won't be visible.

They could play tricks with non-SSL connections, but if the app successfully creates the SSL tunnel, it should be safe.

Scovetta
  • 335
  • 1
  • 4
  • It should be noted that domains visited can be seen via Server Name Identification SSL extensions, as well as DNS requests. Which are all sent out in the clear. – RoraΖ Apr 27 '17 at 16:12
  • That is not completely true! Many Apps don't do Certificate Pinning. So any valid SSL Certificate will do the job for them. That means that they could be a Proxy where the Mobile Device connects to the PC and have a valid SSL Connection to them, and the PC will then connect to the desire Website with that SSL Certificate. Done so, it will have the cleartext information but the App don't say anything – Serverfrog Apr 27 '17 at 16:13
  • To clarify, the ssl inspection on the sophos firewall is NOT enabled. I am trying to find out if the I.T. Company can monitor what apps I am using and the content of the app(example: tumblr, banking app, or password vault app) on my personal phone that is connected to the wifi network if the app is ssl enabled. i see what people talk about with man-in the middle attacks, but as far as I tell those are only possible if they have installed monitoring stuff on your device, or the network content is being filtered through a firewall where the ssl inspection is enabled, which you will be very aware – Jesse Apr 27 '17 at 20:16