0

It is common sense that companies networks are being monitored and they can track what https you visited. But how much does companies have access to on tracking your usage?

  1. HTTPS and websites are a given to be seen, along with the time and packet used
  2. Login IDs and passwords are also a given to be seen in company's networks

But could they monitor:

  1. Exactly what kind of content I am seeing without opening the links directly? Are they only available to seeing list of links that were opened or all things?
  2. I am opening an app (let's say line or whatsapp) and a picture was shared there, I was just scrolling down without clicking the picture at all, can they see that files/pictures are there?

Also last one case:

I am using my personal phone and personal laptop. However, I am connecting like this:

"laptop > phone > company network"

where my phone shared the tethered connection from the company network

Does this appear in the company's monitoring system that:

  1. Laptop + phone connected to company network
  2. Phone connected to company network

And does this case still available to be tracked by the company on what things I visit on my laptop?

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
Kerzoz
  • 103
  • 2
  • 1
    The question is too broad. Many parts of it are already answered in [Can my company see what HTTPS sites I went to?](https://security.stackexchange.com/questions/2914/) and [many other questions on this site](https://www.google.com/search?q=company+monitor+site%3Asecurity.stackexchange.com). Please research what is already answered and then restrict your question to the parts not answered yet. Also, please understand the meanings of the tags you use because `content-security-policy` has nothing to do with this topic (tag removed). – Steffen Ullrich May 03 '17 at 04:53

1 Answers1

-2

In general if you use https, then the content of the websites you are surfing should not be visible to the company, as the connection between your device and the webserver is encrypted. However they can see, which websites you visited via the DNS queries which happen to be transmitted without any encryption. The same appeals to your phone: As WhatsApp uses end to end encryption they can not see, what content or what messages you get, but very likely they can recognize, that you are connected to the WhatsApp servers.

If you send your passwords only in https connections they won't see those too.

The tethering of your phone should be undetected too: Imagine your phone as a router, from the outside one can only see your router or in this case your phone, but behind that 'router' you can still have a ton of devices. This is because of a technology called NAT. But this only works if the communication between the laptop and the webserver is encrypted. Otherwise they might be able to identity your laptop via the user agent in the http protocol.

Short summary: The websites you are visiting can be monitored. If you use only encrypted connections like https the content won't be monitored. As WhatsApp is end to end encrypted, they neither can see the messages nor the files which you receive, but they will probably detect, that you are using WhatsApp.

EDIT: As @schroeder and @Steffen Ullrich pointed out: All of this above does not apply if you trust your companies certificate authority. If you do so, they will be able to read all the content of the packets. This includes the websites you visit and your login credentials. They can see exact the same websites you are visiting.

But at your laptop you are able to decide, which CA's you trust. Furthermore you can see this for example in Firefox if you click the green lock > more informations > Signed by and check wether the signing entity is not your company and if it is a entity you trust.

Sebastian Walla
  • 162
  • 4
  • 1
    I don't think that this answer is accurate. HTTPS traffic is commonly monitored inside companies, which includes not only the site you visit but the actual content. Whenever you use the company network you have to be aware of this, no matter if this connection is done directly or using tethering. – Steffen Ullrich May 03 '17 at 05:46
  • @Steffen Ullrich How? Do the companies do a man in the middle? The client would recognize the mitm as the server authenticates to the client via a X.509 certificate. There the client can check, whether it is for real communicating with the correct server. Furthermore the signed public key of the certificate will be used for establishing the master key of which indirectly will be used for encryption. So the company will also not get the encryption key. – Sebastian Walla May 03 '17 at 05:55
  • 2
    @SebastianWalla yes, it is normal practice for larger organisations to MITM all encrypted traffic out, else drop connections. This is to inspect the traffic to identify unauthorised data leakage. – schroeder May 03 '17 at 06:37
  • @SebastianWalla: see [Is it common practice for companies to MITM HTTPS traffic?](https://security.stackexchange.com/questions/107542/is-it-common-practice-for-companies-to-mitm-https-traffic) for details. – Steffen Ullrich May 03 '17 at 06:44
  • @SteffenUllrich but that only applies, if he sets on his laptop the companies CA as trusted. Which is common practice on companies computers, but probably not his own laptop, isn't it? – Sebastian Walla May 03 '17 at 08:35
  • 1
    @SebastianWalla in these situations, any traffic not going through the proxy is dropped, so if you want Internet access, you *need* to accept the certificate. – schroeder May 03 '17 at 08:36