I assumed that the op is asking about the web versions of yahoo and gmail. In which case, if you use the https url and iff your company doesn't have sniffing stuff installed on your machine, the only thing they can tell is that you are accessing the mail server, they can't see into it.Originally posted by: gsellis
As noted, maybe. It depends on what they have installed. They can also just capture port 25 traffic too.
Many companies will not let you run another email package inside their network. Their email filters are not set to take corrective action for your email, so they have to trust a third party that may not be trustworthy to clean any attachments or messages from malware. Port 25 will be filtered and some security software will prevent port 25 from opening. This also stops local computers from becoming certain types of botnets. Botnets inside a company can get you blacklisted because of spam traffic.
It is safer to assume that any email you send can be intercepted. So be careful what you put in the message.
Originally posted by: kamper
I assumed that the op is asking about the web versions of yahoo and gmail. In which case, if you use the https url and iff your company doesn't have sniffing stuff installed on your machine, the only thing they can tell is that you are accessing the mail server, they can't see into it.
Products such as ProxySG from Blue Coat can actually do SSL interception giving the company full visibility of any HTTPS site.
We're actually in the process of implementing this at our company.
I assumed that the op is asking about the web versions of yahoo and gmail. In which case, if you use the https url and iff your company doesn't have sniffing stuff installed on your machine, the only thing they can tell is that you are accessing the mail server, they can't see into it.
This is no longer true, it was once. There are off the shelf devices and roll your own FOSS options to do MITM on your own network.
Just curious, would it be more secure to use a remote access product such as logmein to access a home computer from work and get your email that way? Just wondering.
-KeithP
Yes.
And no.
If your company seriously has so little trust in their employees that they have to babysit and watch everything you do, then yes. This isn't always the case though.
If you're somewhat technically-inclined, you should be able to tell whether there's corporate monitoring software installed on your computer. Unless it's hidden extremely well, it might be obvious, and it would be even more obvious if you can't visit certain non-work related websites.
I'm fortunate enough to work for a company that doesn't do this. I can browse websites like Anandtech and Reddit while still getting work done, because my boss actually has faith in me. It's a win-win.
Indeed.
Logmein
Teamviewer
SSH+RDP or VNC
all viable options, but will not prevent logging keystrokes. But FFS, do you really want to work for a company that has a stick far enough up their ass they will investigate keystrokes?
Assume they can see everything (that you do on your employers hardware, anyway). There are plenty of corporate-level software suites that take constant screenshots and log keystrokes, and the end-user would never know. It all depends on the employer.
Just curious, since I'm sure there's a lot of IT ppl here, can e-mails through yahoo or gmail be seen?
The Data Loss Prevention market has been growing exponentially the last few years, depending on your line of work it can be safe to assume that everything is monitored. With that being said I wouldn't worry unless your email activity could be deemed suspicious (emailing documents, customer information, etc).
I believe these require them to resign the data with their own certificate though. So you'll get a warning unless the certificate is installed on the computer. (if it's a corporate computer, they likely installed a certificate)
Indeed.
Logmein
Teamviewer
SSH+RDP or VNC
all viable options, but will not prevent logging keystrokes. But FFS, do you really want to work for a company that has a stick far enough up their ass they will investigate keystrokes?