How would you monitor emails within your network?

0

1

How would you monitor Emails which is over HTTPS connection within your network. I know there are some steps involved before the connection is established and the communication actually starts, so how would you actually fake the certificate of the originating server and keep the user blinded about the monitoring.

Note: Its a windows Active Directory environment, and there are linux machines which are not in the domain also.

Can someone help me with this ... thanks .. :)

Gaara

Posted 2012-02-06T10:31:40.210

Reputation: 161

Well, if it was easy, it would sort of defeat the purpose of secure connections... – Journeyman Geek – 2012-02-06T10:46:26.883

exactly my question! In my office I suspect they are monitoring, but I am not sure, so wanted to ask and confirm is it possible or not and if yes then how ?? – Gaara – 2012-02-06T10:51:15.100

You use the only weakness that HTTPS has, force all https connections through your network, and issue your own cert. – Ramhound – 2012-02-06T12:27:45.217

Answers

0

it depends on how they monitor you, I run a Server 2008 R2 enterprise cluster and several hundred client machines on Windows 7. I use several different methods of 'watching people', I have a internet filtering 1U server box that all traffic passes through which blocks and/or logs everything going through it, so if John Smith goes on x x x.com it logs the username, pc and the website. I also have centralised screen / keyboard capture running on the network, this software logs all the keystrokes on each pc, so that if for example John Smith types in hotmail.com it will automatically take screenshot's to see what they are up too, this also logs any swear words and anything else I care to put into the filter, e.g the words youtube etc. By the way I work in an educational establishment, hence the overkill filtering. We use Impero for our keyboard / screen filtering, but there are plenty of alternatives, e.g Ranger etc http://www.imperosoftware.com/classroommanagement.aspx Using software like the above you don't need to hack around doing anything with certificates etc as you are filtering the keyboard input at source, you can also get it to start recording video or taking screenschots when certain keywords are triggered.

Iain Simpson

Posted 2012-02-06T10:31:40.210

Reputation: 1 302

Hi Iain, thanks for the reply ... Well I got the point which you are trying to make but those are other ways to monitor the situation (in this case its understandable), but if they are not using such tools like impero then is it possible to MITM a HTTPS connection without using a fake certificate.. thanks in advance .. – Gaara – 2012-02-06T12:06:43.837

@Gaara - The only way you can monitor a secured connection is to use the MITM approach and issue a fake certifcate. – Ramhound – 2012-02-06T12:28:57.133

I don't know which country you're in, but i'm pretty sure the monitoring of personal email addresses would be illegal. you may want to check. – Sirex – 2012-02-06T13:21:28.837

@Sirex - I was also thinking of the same, I will make a note of that .. thanks for the update. :-) – Gaara – 2012-02-06T14:09:25.120

Yea. In the uk the ripa act forbids intentional interception, and the telecoms act provides some exceptions for business email but these do not extend to private email. I'm pretty certain in the uk at least, taking screenshots which you fully expect to be of personal email would thus be illegal. – Sirex – 2012-02-06T14:22:05.960

Asked: 2012-02-06T10:31:40.210

Viewed: 135 times

Active: 2012-02-06T11:19:44.207