Keylogging as a work security measure yes or no?

Pawnless Endgame · 4 Jun 2012 at 17:19

Short version: The network administrator at my old place did this behind my back and it got him and our IT boss into trouble.

Long version: I was emailing Mum during office hours about my boss' unprofessional behaviour which included preaching the living daylights out of me, although I was clearly uninterested. Sure, I have already gone down the correct procedure which was to report the behaviour to personnel, but nothing was done and the bullying from boss+netadmin continued for almost a year. Therefore I had to take it into my own hands. The netadmin got suspicious of my emailing to Mum and installed a keylogger on my machine called Remote Desktop Spy. A week followed and he had enough evidence to have me sent to the MD's office. I gave my motive and both the netadmin and my boss ended up in more trouble than I did. Conclusion: Boss resigned a month later and netadmin got the chop soon after :-)

Azuse05 · 4 Jun 2012 at 17:32

If things are being done correctly there would be no need for it at all.

Creates more problems than it solves.

dowie · 4 Jun 2012 at 17:36

Sin_Chase said:
There are no ethical or legal implications.
.

Legal and ethical implications of using the obvious benefits mentioned...

what other useful benefits do you see that couldn't be derived from other means?

LordSplodge · 4 Jun 2012 at 17:38

If I worked at a place that used a key logger on its employees I'd quit. However the vast amount of meaningless data that would be generated would be of no use anyway. Plus I'm sure that if my employer captured my gmail password (used at lunch) then it would be them, not me in big trouble.

I work in IT and I'm amazed at the number of IT Departments still stuck in the last century. I'm concerned however about the amount of IT Departments that are simply power crazy.

Unicorn · 4 Jun 2012 at 17:39

I was going to post
*worst iwanttospyonmywifespc thread ever

But reading the replys it seems you have enough fail today so i wont.

LordSplodge · 4 Jun 2012 at 17:40

Sin_Chase said:
There are no ethical or legal implications.
.

Wrong on that and wrong on the 'magic' proxies that see through SSL.

RomanNose said:
Incorrect.
SSL certificates would have to be obtained to perform a MITM on https, otherwise the user would know that the certificates is fake.
Same with SSH, the RSA key would change if a MITM attack is being performed. The only thing you can gather is who are you communicating to.

Exactly.

Ev0 · 4 Jun 2012 at 17:47

I think what the chap might mean is that some places I've seen have it setup so that if you try to connect to an HTTPS site the company proxy sets up an SSL session/connection to the site, and then a separate one between you and the proxy.

The affect of this being that yes the ssl cert you see when you're browsing sites is that of the web proxy rather than the site you're browsing to, the companies proxy is performing the MITM on you

I've seen this sort of configuration setup in one very large UK company, but it was a little while ago and a very old proxy system that was in the process of being updated/replaced.

I'm quite glad I've little to do with the desktop side of security now as it gets very petty as to what companies do and don't want people to do.