|
Gumby
Fishnologist


Registered: 06/13/01
Posts: 26,656
|
Google Chat/Google Talk on corporate networks
#10453763 - 06/04/09 01:10 PM (14 years, 11 months ago) |
|
|
Now that a large majority of my friends have graduated from college, they have moved on to the corporate world(ugh!). All instant messaging programs are blocked on corporate networks-- except for Gchat.
My girlfriend and a bestfriend of mine have often wondered if your "average" network admin could read conversations had over Gchat. I'm not really sure how that works. I don't even know what programming they use for Gchat.... Java? Flash? Those would be my guesses
If anyone know more on the matter I would really appreciate your feedback. Could save some peoples asses/jobs.
|
supra
computerEnthusiast
Registered: 10/26/03
Posts: 6,446
Loc: TEXAS
Last seen: 13 years, 30 days
|
Re: Google Chat/Google Talk on corporate networks [Re: Gumby]
#10455524 - 06/04/09 05:50 PM (14 years, 11 months ago) |
|
|
yes, they would easily be able to intercept the communications. Now how easy they are to read is another story, if the communication is encrypted then its just fine, if not, and its plain text which is most likely by default, then they could easily read it.
Best bet would be to set up an ssl tunnel to another server somewhere outside the building, then run the chat program and chat through the tunnel, everything would be encrypted and the admins would only see net traffic, but not exactly WHAT the net traffic is....
Though, they could also have programs that watch the screen of their users, some corporate companies are very big brotherish, so if thats the case, there is nothing they can do to my knowledge.
peace
|
Plastered marble
All posts fictional

Registered: 12/28/08
Posts: 216
Last seen: 9 years, 7 months
|
Re: Google Chat/Google Talk on corporate networks [Re: supra]
#10458076 - 06/05/09 02:41 AM (14 years, 11 months ago) |
|
|
Gmail and all related pages automatically switch to https, all on one network at that.
Read the text? no! Know you're talking to somebody? Maybe, don't know how gchat transfers info (a specific port? browser info?) Can read through screen capture software and keylogging? YES!
-------------------- I survived operation midnight climax and all I got was really, really high. (older sigs)
|
JT



Registered: 02/28/07
Posts: 7,027
Loc: athens
Last seen: 4 years, 10 months
|
Re: Google Chat/Google Talk on corporate networks [Re: Plastered marble]
#10458262 - 06/05/09 04:31 AM (14 years, 11 months ago) |
|
|
they most likely can gumby, but unless you're working on a network where a lot of high-level secure data is being sent, i doubt they would have a reason to monitor your chats.
my internship last summer had a setup like this. i can't say for sure if this was a coincidence or not, but one day i spent 2-3 hours surfing the web, going to a lot of sites i shouldn't have been, including the shroomery. a few days later i had some free time and decided to do it again, and i found out i had full filters and restricted access put on my account lol. it was at a software firm and the network/security admin was crazy smart, so i wouldn't be surprised if he was watching me. i never was confronted about it though.
tldr: it's possible, but unlikely.
|
Prof. Astro
acirebma

Registered: 04/15/08
Posts: 4,084
Last seen: 6 months, 24 days
|
Re: Google Chat/Google Talk on corporate networks [Re: JT]
#10459040 - 06/05/09 10:02 AM (14 years, 11 months ago) |
|
|
Funnel everything you don't want to have trouble with through a proxy, or just don't chat while at work.
--------------------
|
Plastered marble
All posts fictional

Registered: 12/28/08
Posts: 216
Last seen: 9 years, 7 months
|
Re: Google Chat/Google Talk on corporate networks [Re: Prof. Astro]
#10459058 - 06/05/09 10:07 AM (14 years, 11 months ago) |
|
|
Quote:
Amberica said: Funnel everything you don't want to have trouble with through a proxy, or just don't chat while at work.
Yeah, that'll show the keylogging and screencapping cunt ...
-------------------- I survived operation midnight climax and all I got was really, really high. (older sigs)
|
Prof. Astro
acirebma

Registered: 04/15/08
Posts: 4,084
Last seen: 6 months, 24 days
|
Re: Google Chat/Google Talk on corporate networks [Re: Plastered marble]
#10459336 - 06/05/09 11:12 AM (14 years, 11 months ago) |
|
|
Really the point is if the company wants to go the route of screen capturing and using keyloggers you can use a live cd and boot but what are you doing to productivity. In all actuality you should be doing your job at work, if they wanted you to chat you'd get a chat session instead of lunch time. Buy a mylo or some such personal chatting device, they can connect to a wifi spot and they can't be monitored or linked back directly to you.
--------------------
|
Fraggin
Multi-Faceted



Registered: 01/05/05
Posts: 8,707
Last seen: 8 years, 3 months
|
Re: Google Chat/Google Talk on corporate networks [Re: Prof. Astro]
#10459432 - 06/05/09 11:33 AM (14 years, 11 months ago) |
|
|
ALWAYS Consider that your electronic communication is being read. Because it CAN be read. If it CAN be read, that means it Either was read,was not read, will be read.
Corporate networks own computers and all communications sent and received. Assume it is not safe. Take it to txt on cell if it's risque.
|
Alan Rockefeller
Mycologist


Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 21 hours
|
Re: Google Chat/Google Talk on corporate networks [Re: Gumby]
#10459785 - 06/05/09 12:52 PM (14 years, 11 months ago) |
|
|
You should download and install wireshark, then look in the packets and see if there is plaintext or not. Usually chat protocols are wide open, you wouldn't believe some of the things that network sniffers pick up.
If Gchat is using SSL, you are pretty safe. I'd check real quick with wireshark to make sure that is the case.
Its really good to have wireshark around anyway, gives you great visibility into network problems.
|
tak
geo's henchman




Registered: 11/20/00
Posts: 3,776
Loc: nowhereland
|
Re: Google Chat/Google Talk on corporate networks [Re: Alan Rockefeller]
#10481640 - 06/10/09 09:33 AM (14 years, 11 months ago) |
|
|
if you talk via the website https you should be mostly free from remote observing. If they have local access and enough determination a screencap is eaasy, and SSL can be faked on the admin side, etc but this is much more difficult then typing tcpdump and hitting enter.
I still wouldnt talk about anything incrinimating to your freedom or employment while at work
-------------------- The DJ's took pills to stay awake and play for seven days.
|
Fraggin
Multi-Faceted



Registered: 01/05/05
Posts: 8,707
Last seen: 8 years, 3 months
|
Re: Google Chat/Google Talk on corporate networks [Re: tak]
#10510829 - 06/15/09 01:33 PM (14 years, 11 months ago) |
|
|
Keyloggers trump all.
|
PNutButta
Stranger
Registered: 10/06/03
Posts: 114
Last seen: 14 years, 9 months
|
Re: Google Chat/Google Talk on corporate networks [Re: Fraggin]
#10568404 - 06/25/09 12:52 AM (14 years, 10 months ago) |
|
|
Even if a communication is using SSL for encryption, you can't trust the corporate network. When using equipment that you don't have full control over, such as your employer's workstation, Man-in-the-Middle attacks against SSL are trivial. I do this every day and help plenty of corporations to do the same thing.
It works like this: the system admin installs an SSL-proxy appliance which intercepts all SSL requests. The appliance presents a self-signed certificate (we'll get back to this in a minute) for the requested host and terminates your end of the SSL session. At this point, the admin is able to read all the traffic you send. The appliance then opens an SSL session to the legitimate host using the remote end's real SSL cert and tunnels your traffic to the requested destination. Because the proxy can see the plain text from both directions, the admin is able to see the entire encrypted session.
The reason you are never aware that this occurred is that the admin previously installed their Certificate Authority as a trusted CA on your system (usually gets pushed down in group policy for a Windows network). The self-signed cert that the proxy uses to break your SSL session is signed by the internal CA so your application implicitly trusts it. You get no warning at all that your encrypted session is being proxied. If your application allows you to view the SSL certificates in use for the session, you can check the signing path to see who really owns the CA.
I work with this stuff daily, and can't even count the number of people I've had a hand in getting fired (or worse) due to this simple security mechanism that any decent sized corporation is currently using. Never discuss anything on a corporate network that you don't want your sys admin to see. Never.
|
Alan Rockefeller
Mycologist


Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 21 hours
|
Re: Google Chat/Google Talk on corporate networks [Re: PNutButta]
#10572113 - 06/25/09 04:35 PM (14 years, 10 months ago) |
|
|
Quote:
It works like this: the system admin installs an SSL-proxy appliance which intercepts all SSL requests.
Sounds like bluecoat.
Quote:
Never discuss anything on a corporate network that you don't want your sys admin to see. Never.
The network isn't really the problem as long as you can tunnel out, the PC itself is the source of the problem.
If you want to use the corporate network but don't want them to see what you are doing, the best way is to bring in a laptop and masquerade that behind your Windows box, or just plug it into the network. Tunnel all communications over ssh (ssh -D) or use any vpn software. That way you won't have any evil certificates or keyloggers installed on your machine.
|
PNutButta
Stranger
Registered: 10/06/03
Posts: 114
Last seen: 14 years, 9 months
|
Re: Google Chat/Google Talk on corporate networks [Re: Alan Rockefeller]
#10573860 - 06/25/09 09:47 PM (14 years, 10 months ago) |
|
|
Quote:
Alan Rockefeller said: Sounds like bluecoat.
Blue Coat is certainly one of the major products that perform this, but its far from the only one. Nearly any medium-to-higher end web proxy on the market will have SSL inspection functionality. Hell, it would be possible to duplicate an SSL inspection proxy using nothing but standard Perl (or Ruby or Python or ...) libraries. With a bit of work, one could probably bang out a *nix one-liner that would perform it pretty well.
Quote:
Alan Rockefeller said: The network isn't really the problem as long as you can tunnel out, the PC itself is the source of the problem.
If you want to use the corporate network but don't want them to see what you are doing, the best way is to bring in a laptop and masquerade that behind your Windows box, or just plug it into the network. Tunnel all communications over ssh (ssh -D) or use any vpn software. That way you won't have any evil certificates or keyloggers installed on your machine.
You are correct, but even in tunneled traffic there can be some issues. This is going quite outside the issue of corp network access, but there has been demonstrated attacks against widely trusted CA signing chains, specifically those that contain an MD5 signed CA in the path. An attacker who can sign certs as a trusted CA is able to perform this type of transparent proxy. If using a tunnel such as Tor to hide your traffic, the exit node would actually be able to perform the SSL proxy and cause all sorts of hell for your security.
Even with SSH and VPN tunnels, if you don't know how to accurately verify the fingerprints for your remote end, you can't be sure that traffic is not being proxied.
I'll amend my previous statement: If you are not able to personally verify the security of your encrypted data paths, do not assume that your encrypted traffic is not being inspected at some point during transit. Adjust your transmission of confidential data based on the verifiable security of the communication path and the requirements for confidentiality.
|
|