If you don’t fish at work, you have no soul in this class. However, the Gome network monitoring incident that broke out not long ago also reminds us that there are risks in the network and we should be cautious in fishing.
– “the head of the Technology Department of another state-owned enterprise said“Theoretically, we can see what software employees have opened, what programs they have run, and even what content they have posted on the forum. Visually speaking, surfing the Internet is equivalent to sending a request. These requests can be detected by us. By intercepting this traffic, we can analyze employees’ online activities. Of course, we will not take the initiative to unpack the information, but only keep it for the convenience of back checking in case of problems”
The above excerpt from the article. Does it sound like you are somewhat panicked. Isn’t that the blog I wrote at work, the strange questions I searched, and the women I like, were all at a glance by my boss: -). Uncle Guo is also very scared about this. Isn’t this the rhythm of social death every minute.
It sounds magical, but it seems reasonable. After all, he is the “head of the Technology Department of state-owned enterprises”. At present, I am just fishing in the blog Park, or writing a blog. Let’s analyze whether the company can monitor uncle Guo’s browsing and publishing content?
IWhere is HTTPS security?
It is easy to notice that when you open the blog Garden, there is a “lock” on the browser address, the URL starts with HTTPS, and the browser prompts “the connection is safe”. So the question is, what does the browser mean by security?
Even if you know nothing about network security, intuitively you should not think that the content I browse and publish on this website can be easily “intercepted” by a third party (company), and “unpacking” is a kind of security… – \u-|.
Three elements of information security: confidentiality, integrity and availability(from wiki)
Ranking first means confidentiality, as the name suggests
Confidentiality(confidentiality) ensure the confidentiality of data transmission and storage, and avoid unauthorized users’ intentional or unintentional disclosure of data content
If confidentiality is not guaranteed, what security is guaranteed? Because it is a brief talk, I will not talk about too many principles and cryptography, but directly say the conclusion.
If you are fishing on the Internet and open a website with a domain name that starts with HTTPS and has a locked browser address bar. Such as blog Garden. This indicates that the communication between you and this website issecurityYes, safety means.
1. the communication content between you and this website (what you browse and what you publish) will not be known by the third party (such as the company) on the network
2. you are indeed communicating with the actual holder of this domain name.
The first one is easy to understand. It means that the content you communicate with this website is at the level of network communication (excluding taking photos and screenshots). The information transmission from your browser program to the website server is encrypted. Even if it is intercepted by others, the content cannot be obtained. It can be intercepted, but it cannot be decrypted and the meaning is not understood.
The second point is that the website you communicate with must at least be the actual holder of the domain name you visit. For the blog Park, the website that communicates with you is at least the actual holder and controller of the domain name “www.cnblogs.com”.
Some students will ask, what I visit is the domain name of cnblogs. Is it not the website server of the blog park that communicates with me? The answer is not necessarily. For example, if you use the company’s network, you may be represented. For example, a network device in the middle tells you that it is cnblogs and becomes the intermediary between you and the blog park. You think you are communicating with the blog Park, but it is actually forwarded by the intermediary. Therefore, the intermediary messenger naturally knows the contents of the double messages.
The existence of Article 2 ensures that the person who communicates with you will not be an intermediary, but the owner of the domain name “www.cnblogs.com”. Because my company does not own this domain name, it is impossible to intercept and parse the communication content between me and the blog park through an intermediary.
This is the details of the certificate. The main idea is from www.digicert Www.68mn. The authoritative organization guarantees that the person you are communicating with must have * cnblogs. Com. The type is DV. Domain name ownership certificate.
Conclusion 1. According to Uncle Guo’s general knowledge of cryptography, if you browse a website with HTTPS protocol and valid certificates, the communication content between you and the site will not be monitored by the company’s network. Don’t worry.
2、 Whether wechat chat records can be obtained
There are more people who are worried about this. Whose wechat has no story yet.: -)
Whether it is safe or not depends on the implementation of wechat. If wechat communication is designed to run naked in clear text, if the company network is used, it will indeed be monitored to obtain chat content. However, with such a large company as Tencent and so many wechat users, it is obviously impossible not to consider the issue of information security. Therefore, uncle Guo can boldly speculate that wechat communication must also be reliably encrypted.
In my memory, I have read articles on the analysis of wechat security mechanism, which also use asymmetric encryption to exchange random secret keys, and then use symmetric encryption for content transmission. In terms of cryptography, the private key must be well mastered and kept by Tencent server. Only the wechat server can interpret the random symmetric secret key sent by the wechat client. This mechanism is also a conventional practice and meets our expectations. The asymmetric secret key negotiation process is shown in the following figure.
Conclusion 2: wechat chat content will not be intercepted and obtained by the company’s network.
3、 Common means of monitoring fishing
——After receiving the blackmail from hackers, your company’s Intranet has been broken and implanted into the back door. Please transfer xxxxx yuan to the designated account, otherwise your company’s network will be disconnected intermittently. After that, the company’s network was disconnected for X minutes every XX minutes. After a long time of troubleshooting, the company’s operation and maintenance found no sign of intrusion. Later, it was found that hackers bought the computer room security, unplugged the network cable every XX minutes, and then plugged it in later.
Technology has never been the only means for hackers. There are many ways of online monitoring, which are roughly classified as follows:
1. network monitoring: audit and monitor through network equipment.
Network behavior management and certain audit can be carried out. Including prohibiting the use of specific software (preventing specific port communication), network speed restriction, traffic statistics, etc. The initial Gome traffic report can be obtained in this way, but it is a little magical to get all the contents as the person in charge said.
2. online behavior management procedure
The monitoring program is installed locally on the employee’s computer. Because the program works locally on the computer and has full control over the system hardware, it is easy to obtain all kinds of information, such as keyboard input, screen capture, screen recording, etc.
Theoretically, this method can fully control your computer, and computer users have no privacy to study. However, the prerequisite is to install the corresponding software and hardware in advance. It is equivalent to being visible to the user, not a routine. Try to use your own equipment.: -).
3. other monitoring
For example, the camera can directly observe your behavior. There’s nothing to say about this. It’s usually in the open.
4. social engineering
Leaders observe and judge by themselves, or understand through eyeliner and confidant intelligence. Therefore, fishing should be low-key and make good friends.
4、 Return flow report
Finally, back to the traffic report, no matter how encrypted, the traffic between you and a specific server cannot be hidden, because it all flows through the network devices between you. Therefore, it is easy to obtain a traffic report similar to Gome through monitoring and auditing. However, if you do not use open format transmission, you may not be able to understand the intermediate links.
Therefore, the report may not be reserved, and there may be no more fishing evidence that can be disclosed.
In short, watching movies and listening to high fidelity fishing is a high risk. It is suggested that you adjust your hobbies and read novels.
As for the coping strategies for the traffic report, uncle Guo may think of using the proxy method. In this way, the audit will see that you have exchanged traffic with the proxy server. However, because these well-known application IP ports are not known, it is impossible to directly draw a conclusion. Are you watching movies or listening to music. I only know that you have requested data from many G’s with a specific IP address
So, do you have a solution to the traffic audit? o(*￣︶￣*)o。
Update: 2022-04-27 17:15:00
Many students reported that wechat chat records can be obtained through the network level.Conclusion 2 may be wrong!
This is really a bit unexpected, but cryptography should not deceive people. The wechat encryption is not strict? I am skeptical-_-||
It is hoped that there will be a great God of safety to share with you the principles of popular science.
The possible situations of wechat being monitored are summarized. Please see