ISA Server

Data that travels over the air and how to protect (or decipher) it

ISA Server

Post by iistapp on Mon Nov 01, 2010 3:25 am
([msg=48405]see ISA Server[/msg])

So, we got a ISA server running at my school, and I read one of it's features are to "inspect network traffic (including web contents, secure web contents and emails)"

So, does this mean they actually can read my emails? As I got some stuff on my mail that I don't really want people to be reading, and if they can, how could I avoid it?
User avatar
iistapp
Poster
Poster
 
Posts: 135
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: ISA Server

Post by msbachman on Mon Nov 01, 2010 6:35 am
([msg=48406]see Re: ISA Server[/msg])

If they claim to be able to read emails, I'd take a stab at guessing it's able to read emails. :lol:

I'd be sure to access your email account--assuming the school doesn't control that already--securely. They won't be able to read it if it's done over a secure link. If they could, https://, TLS, etc. would be meaningless.
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: ISA Server

Post by tremor77 on Mon Nov 01, 2010 10:02 am
([msg=48411]see Re: ISA Server[/msg])

The ISA server (Internet Security and Acceleration Server) is a Microsoft Proxy Server. It serves as a firewall, proxy and cache server. Basically ALL traffic coming IN and going OUT of your school network will be managed, routed, logged and potentially blocked by the ISA server... depending on the moxy of the installation and administration personnel of course.

Just FYI ISA server is first and foremost a level of protection against malicious usage and outside attack, and a routing and remote access tool. It's secondary mission is network performance and quality of service. Only as a tertiary benefit is ISA used for 'spying' as you'd have it. So, simply because they are installing one does not mean that is the primary reason. ISA is being now in the process renamed to Microsoft Forefront Threat Management Gateway or TMG.

As far as privacy and internet usage at your institution, sou should ask to review any policy agreement that the network has in place. Simply by signing (most often) on you are mostly likely 'agreeing' to a user policy that you may not even be aware of. here is some legal:

Code: Select all
Under the Electronic Communications Privacy Act (ECPA) it provides for implied authorization to review employee emails, and that a company should state their policy of monitoring e-mails in the company handbook. However, pursuant to Title III of the ECPA, it unlawful for anyone to intentionally intercept any email communication while it is en route. ECPA 18 USC 2701.


Employee/Company can be well substituted for student/university although there may be some alternative guidelines regulating schools. Basically... the law says that your personal communications are protected in transmission... except, however... if it is explicitly stated in a policy.

In short - ask to see the school's computer & internet usage policy statement. If they don't have one, then they are bound by the law and your e-mails should be safe from prying eyes. If they do have one, then I suggest not communicating things of a private nature whilst on the school network. (Even securely)
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 899
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: ISA Server

Post by Goatboy on Mon Nov 01, 2010 3:47 pm
([msg=48429]see Re: ISA Server[/msg])

Encrypt anything important with PGP. Problem solved.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: ISA Server

Post by iistapp on Tue Nov 02, 2010 10:57 am
([msg=48468]see Re: ISA Server[/msg])

Thanks a lot guys : )

Our teacher sat up a ISA server just for our class, so I suppose he's up to something having a reason to put it up in the first place, I just randomly discovered it while I was trying to access some shared files from my friends computer in class.

I got some e-mails and are sending some that I don't really want people to see other than myself.

I will ask about the school's computer and internet usage policy statement and see if they even got one, and if they happen to not have how should I proceed? As I suppose they will start putting one together if they figure they actually don't have one.
User avatar
iistapp
Poster
Poster
 
Posts: 135
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: ISA Server

Post by tremor77 on Tue Nov 02, 2010 11:39 am
([msg=48472]see Re: ISA Server[/msg])

You could be a driving force in creating a positive and thoughtful discussion between school administration, faculty, parents and students on internet usage policy, both how to protect against malicious and unintended usage, while also maintaining freedom of speech and privacy within the letter of the law. If presented thoughtfully, a student council or even school board would bring it up in a measure for discussion.

Don't let the school get away with the 'we are the teachers, you are kids and this is the way it is'...

Many times a school network admin, often a teacher who basically steps into the role by default of their having the 'most' knowledge... falls into what is known ad Admin God Syndrome. When it comes to things like the school's computers and network they have a mentality of ownership, and ownership of everything that goes on within it, including your private work.

Let it be known however that this continues to be a major debate in schools and workplaces all over the world right now... the line between free speech and privacy, and limits, regulations and policies put in place by network owners/admins. In many cases an employer or school will argue that since the computer and the network are their property, they have the right to enforce whatever policy they choose....

I find it interesting that these situations occur in a microcosmic environment likes schools and workplaces, because it is a mirror of the larger scope of all the internet with Net Neutrality and Information Privacy Act and a gamut of other, really important national debates involving technology.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 899
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: ISA Server

Post by iistapp on Wed Nov 03, 2010 2:48 am
([msg=48489]see Re: ISA Server[/msg])

Cheers mate, thanks for the help! :D
User avatar
iistapp
Poster
Poster
 
Posts: 135
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: ISA Server

Post by IncandescentLight on Wed Nov 03, 2010 3:30 am
([msg=48490]see Re: ISA Server[/msg])

Here's a resource on how hacking the ISA Server is actually done: http://www.secniche.org/papers/Case_Study_Hacking_ISA_Servers.pdf
Seems like a pretty tough nut to crack.
Speak softly and carry a big stick -Theodore Roosevelt

http://www.rhetoricalcatch.blogspot.com
User avatar
IncandescentLight
Poster
Poster
 
Posts: 216
Joined: Sun Apr 27, 2008 3:16 am
Blog: View Blog (0)


Re: ISA Server

Post by iistapp on Wed Nov 03, 2010 5:18 am
([msg=48491]see Re: ISA Server[/msg])

IncandescentLight wrote:Here's a resource on how hacking the ISA Server is actually done: http://www.secniche.org/papers/Case_Study_Hacking_ISA_Servers.pdf
Seems like a pretty tough nut to crack.


Think I'll skip that idea ^^ But thanks anyways :)
User avatar
iistapp
Poster
Poster
 
Posts: 135
Joined: Tue Apr 21, 2009 9:44 am
Location: Norway
Blog: View Blog (0)


Re: ISA Server

Post by sanddbox on Wed Nov 03, 2010 8:42 pm
([msg=48517]see Re: ISA Server[/msg])

Did anyone else find Tremor's post inspiring and awesome?
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests