How to mask your comp

H2OSX

H2OSX

iKnow (sometimes)
I was wondering how you can mask your comp from a network, where a stupid IT guy is constantly monitering the system.
 
The IT guy has probably set up a firewall to limit the traffic .. e.g. allowing only everything in the port 80 to go out and in.
 
I want not to be seen on the network when im connected. I can get on it fine, but I want to be able to do that without him being seen, when hes watching all the traffic on the network.
 
Unless the Admin is totally incompetent, you probably will not be
able to do what you describe above.
 
H2OSX said:
I want not to be seen on the network when im connected. I can get on it fine, but I want to be able to do that without him being seen, when hes watching all the traffic on the network.
Click to expand...

If they allow outbound SSL traffic, use something like Stunnel and he shouldn't be able to tell what you're up to, other then seeing a SSL connection.

Unless he's smarter then you think he is.......

There are network devices which can decrypt SSL traffic to view and inspect the SSL connection contents. So you never really know who's watching what passes down the wire.
 
dafuser said:
There are network devices which can decrypt SSL traffic to view and inspect the SSL connection contents. So you never really know who's watching what passes down the wire.
Click to expand...

I seriously doubt this - from all I know of cryptography (I'm not a cryptographer, but I am somewhat knowledgeable on computer security), this is quite unlikely. Unless someone has discovered some very important math that isn't in the public domain, an SSL connection means the only entities that can view the plaintext are the endpoints. Anyone in between can watch the traffic, and all they'll know is what algorithms were used to establish the encrypted communications. The content of those communications is safe.

You should use a browser that lets you inspect the information about a connection - Safari doesn't. Make sure the certificates are valid, make sure the crypto strength is acceptable (128 bit is likely OK, 56 is sort of half-ass OK, 40 bit is a sad joke).

Anyway - how are logins managed in your network? If you're authenticating to a central domain controller, there's no way of logging in to your computer without that information going to the domain controller - your password info doesn't even live on your computer, so it has to be sent to the controller to be verified. (Well, there are ways, but they're the sort of ways that would likely get you fired or expelled - depending on if this is a work or school network...)
 
scruffy said:
I seriously doubt this - from all I know of cryptography (I'm not a cryptographer, but I am somewhat knowledgeable on computer security), this is quite unlikely. Unless someone has discovered some very important math that isn't in the public domain, an SSL connection means the only entities that can view the plaintext are the endpoints. Anyone in between can watch the traffic, and all they'll know is what algorithms were used to establish the encrypted communications. The content of those communications is safe.
Click to expand...

The times, they are a changing scruffy:

http://www.radware.com/content/products/ct100/default.asp

Read the part where it says:

"SSL sniffing decrypts SSL traffic for complete content visibility and traffic inspection while securing against hidden attacks. The ability to view and inspect content provides enterprises a way to protect intellectual property"

The CT100 isn't normally used to sniff outbound SSL connections, but it can and does decrypt SSL connections.
 
That gizmo is itself one endpoint in the SSL connection. A company could buy one, and then it would sit 'in front' of their web server. The thing would accept https connections, and send the data as plain old http to the web server behind it.

The sniffing only works on connections for which the thing is an endpoint - as the administrator controlling everything behind the device, you can have a sniffer listening to the http traffic between the SSL accelerator and the web server. You can only do this because the accelerator was one of the two parties involved in setting up the encryption from the start - it knows its own private key. One of these things listening to an SSL connection for which it does not possess either private key, cannot find out anything.

So, all this proves is that encryption does you no good if you can't trust the party you're communicating with. But we knew that already, it was never a claim of any cryptographic method.

Incidentally, putting a sniffer between the web server and the encryption device is an established (though not very widely practiced) security practice - some attackers will try to hide from intrusion detection systems by using https traffic; this will foil that tactic.
 
scruffy said:
So, all this proves is that encryption does you no good if you can't trust the party you're communicating with. But we knew that already, it was never a claim of any cryptographic method.
Click to expand...

I was trying to say, Stunnel would probably work, but SSL isn't bullet proof.
There are many tools and techniques available to monitor a network you control.

Saying "Use Stunnel and you'll be fine," may not be exactly true. If he's discovered using Stunnel and gets canned, what do we say then? Sorry dude, you shouldn't of got caught, I guess the network guys were smarter then we thought.
 
You must log in or register to reply here.
Back
Top