2

I have been working in a big company for the past 4 months. I have two machines that i work on, my personal laptop and my desktop workstation (company property). Occasionally, as all my colleagues do, I visit some safe sites for personal reasons. Such cases include news sites, blogs, tutorial sites etc. This practice is not strictly forbidden but surely there will be some filtering monitoring for preventing an employee visiting dangerous or offensive sites.

I have also used my laptop to upload personal files to Google Drive such as pictures or documents. Since my browser connects to Google Drive via HTTPS is it possible for my network admins to view any of these uploaded files? In general when a browser connects over HTTPS to a location and pushes (POSTS) data packages that consist a media file, is it possible to "recreate" that file from these packages?

The difference between this question and Can my employer see what I do on the internet when I am connected to the company network? is that i specifically ask about UPLOADING data (the given file) instead of surfing-downloading data (http code-files etc)

kokobill
  • 121
  • 1
  • 4
  • @kokobill what's the difference between downloading and uploading? – schroeder Oct 25 '18 at 13:02
  • @schroeder on a TCP level probably none but yet different http verb(???) also datatype would be different in web page vs file(???) – kokobill Oct 25 '18 at 13:10
  • It's the TCP/TLS layer that matters, not the higher layers. If the company has the ability to see TLS content, then they can see the HTTP content, no matter what it is. And yes, just as the google servers can reconstruct the file from packets, so can your company (if they have access to this data). – schroeder Oct 25 '18 at 13:14
  • Can *your* specific company? That depends on the capabilities they deployed. – schroeder Oct 25 '18 at 13:15

1 Answers1

-2

No, it is not possible to listen to your network traffic and reconstruct the files you're sending over HTTPS, provided the HTTPS connection is good.

That "provided the HTTPS connection is good" is a fairly significant caveat, though.

HTTPS works on a certificate signing basis. Your computer will have a relatively small number of root Certificate Authorities that are trusted to verify that a given site is owned by who it says it is. That means that when your computer gets a certificate saying it's for Google Drive, it can be confident it really is from Google Drive, and nobody but the Google Drive servers can decrypt the packets and recover your data.

Your company could intercept your traffic and replace Google's certificate with theirs. They'd then decrypt your data, do what they want with it, then re-encrypt it with the genuine Google certificate. Provided your laptop is secure, you'd normally get a warning about an unexpected signing authority or certificate pinning or similar if this were happening. However on your work desktop, since it's not your computer, it would be entirely possible for your network admins to set it up to trust their own Certificate Authority, at which point it would be more-or-less indistinguishable from the genuine Google certificate, at least without paying very close attention.

Unless your company is very security paranoid, I think that's unlikely. But at the point at which you're worried about them intercepting your traffic and decrypting it, you should probably be aware that that's a method they could use to do so.

me_and
  • 427
  • 3
  • 7
  • 4
    Your answer is dangerously incorrect: it should actually be "Depending on how the network is setup". Saying "No" gives the OP a false sense of security. A better answer yet is NOT to answer and vote to close this question as a diplucate to https://security.stackexchange.com/questions/142803/can-my-employer-see-what-i-do-on-the-internet-when-i-am-connected-to-the-company which has an excellent answer – Stephane Oct 25 '18 at 10:40
  • this answer is useful, i actually learned something new. Don't delete this answer. – DeerSpotter Oct 25 '18 at 16:07