Problem solve Get help with specific problems with your technologies, process and projects.

Safety of Internet banking on a company LAN

In my office, I have a PC that connects to the company's local area network. I have access to the Internet via...

the LAN. If I do Internet banking with the PC, will my user ID and/or my PIN be known by somebody else that has the LAN access?

This looks like a simple yes or no question, but my answer is maybe. Let me explain.

First, as an employee, you have absolutely no right to privacy on your company's network. If your company does not have some sort of formal policy and/or login banner stating that they have the right to monitor you, they probably should. Most companies have some sort of monitoring software in place at the Internet gateway. Some will even use software that restirct what sites you are able to view.

As for online banking, hopefully it is done via SSL-protected Web pages. If so, the communications between your computer and the bank's computer are encrypted. If your company only has basic monitoring programs, then anything sent SSL cannot be read by admin staff. However, there are products, such as NetIntercept that can even decrypt SSL communications. Thus, even your "secure" transactions may not be secure.

Your admins can also install keystroke monitors on your own machine, that in all likelihood, you will not be able to detect or remove.

So, the bottom line is that regular users on your network should not be able to see your banking transactions, but if your admin staff really wants to see what you are doing, they can. The good news for you is that most admins will not go to those lengths unless they suspect you are doing something illegal or against company policy. They are generally far too busy to monitor each individual that closely.

As a final point, more reasonable companies have policies that permit a certain amount of personal use of the Internet, on the theory that it is no different than making a personal phone call. You should definitely know what the policy is for your company.

Security Policy and Infrastructure
Employer/Employee Privacy Issues

For more information on this topic, visit these other SearchSecurity.com resources: Best Web Links: Best Web Links:
This was last published in August 2002

Dig Deeper on Network Access Control technologies