I found this site via google while trying to educate myself a bit on IT security issues and I'm hoping I might be able to get some help from you folks.
I own a small construction company with a relatively unsophisticated IT system and I'm having some issues. Recently I had a long-time employee make some relatively serious allegations regarding network monitoring and privacy issues in our office. I'm trying to make heads or tails of the situation in order to judge if action needs to be taken, but I'm just not very knowledgeable when it comes to IT.
Without going into needless details, here's the situation:
We've got a 10 person office supporting a few dozen field employees. We have a basic server on-site that handles our phones and internet as well as our business management software. A few years ago we overhauled our IT system (moving from the stone-age to the bronze-age in terms of IT) with the help of a 3rd party IT consulting firm. They set everything up for us and provide support on an on-going, as-needed basis. At the time we set up the system, we were offered the option of installing monitoring software on all our desktop PCs in the office. I chose not to do this. My VP was involved in these meetings and initially was in favor of employee monitoring, but didn't fight hard when I decided against it.
Last week an employee directly under the VP came to me in private with a claim that his internet/email/computer activity has been inappropriately monitored. The nature of the complaint and context surrounding it has given me some pause. I do plan to bring the matter up with the VP as well as our IT company. I may also need to bring it up with our attorney. Before doing any of that however I want to educate myself a bit more.
I have some basic questions which thus far I have been unable to find clear answers to:
1.) The employee making the accusation believes his web browsing history along with google searches have been monitored. He also believes his email from his personal gmail account may have been accessed or intercepted. All of this activity occurred on the employe's personal laptop while connected to the office's wireless network. There is no monitoring software installed on the employees laptop. To what extent is monitoring even possible in this scenario? It would have to occur only on the server side and with 10 people in the office, there is a decent amount of data going through the server. Is it even possible to isolate and track a specific computers data stream? And to what extent?
2.) Aside from the IT company, the only two people with direct access to the network server are myself and the VP. I have a username/password that would allow me to log into the physical network server PC myself (i.e. walk into the server room and physically log into the computer). Is there anything I could look for on the Server to determine if monitoring software is installed? The server is running Windows Server 2003 R2. My personal computer is a Mac, so I'm not used to Windows. If there were monitoring software installed on the network server, would it be in the form of an icon on the desktop? where else could I look?
I would greatly appreciate any help that could be provided.
1. Anybody with access to your network can access and intercept the traffic from it, which can be then filtered to just the one from particular computer. Browsing activity is most certainly transmitted in clear text, but some traffic will need to be decrypted (like communication between your employee and gmail server)
2. If all your network traffic is going through the server, they probably won't even need any third party monitoring tools. But still, desktop shortcut may not be there. Look at the taskbar next to clock: some monitoring programs will have an agent that will show up there.
Go to C:\Program Files and google any programs that you will suspect.
But if someone wanted to hide their monitoring agent, you probably won't be able to find it by your self on that server. So I'd advise you if I may to one-time hire a specialist to perform little investigation on your server and network. Maybe do it on a weekend...