Hello

How secure is using gmail with https://... at my work place?
Would a network admin be able to capture my login details and read my emails?
My workplace doesn't have a clear policy about using a personal email account, though anecdotally I've some people believing their accounts have been compromised.

Thanks for any advice

As secure as an ssl can be and usually is.

-{ Quote: "How secure is using gmail with https://... at my work place?
Would a network admin be able to capture my login details and read my emails?" }-
Better Safe than Sorry...;)
-{ Quote: "My workplace doesn't have a clear policy about using a personal email account,
though anecdotally I've some people believing their accounts have been compromised." }-
You Already know What you Need to...;)

-{ Quote: "...How secure is using gmail with https://.... I've some people believing their accounts have been compromised...." }-

They might have installed key loggers on employee's computer to monitor their computer usage. Therefore, even if you use https, you are vulnerable to identity theft.

I highly disagree to employers who restrict the use of work computer for SOME personal matters, but this is the rule in today's society. So my advice is not to login to any personal internet service from work, because you have no guarantee that it won't be captured by a keylogger that might be installed on that computer.

You could use a Linux Live CD, or anti-keylogging software, but that may not be allowed or possible. Even then, you won't be safe from hardware keyloggers.

The only real way to be certain is to bring your own machine, and always use TLS/SSL encryption. Again, that may not be permitted.

When you use a computer at work, it is absolutely possible for your employer to see your https connection.

Check some of these enterprise tools:

McAfee Web Filter (http://www.mcafee.com/us/products/web-gateway.aspx#vtab-Benefits) that can do "SSL inspection, and certificate validation directly on the Web Gateway appliance" (click on the features and benefits tab)
Blue Coat (http://www.bluecoat.com/solutions/enterprise/controlsecurity/sslthreatprotection) has a similar technology called SSL Proxy
Barracuda (http://www.barracudanetworks.com/ns/downloads/Tech_Datasheets/Barracuda_Web_Filter_TDS_US.pdf) also has SSL filtering
And most other web filtering companies will have this capability


What they do is put a trusted root certificate in your browser that corresponds to the gateway / web filter. The gateway / web filter creates certificates for the sites you visit on the fly. It then decrypts your traffic, filters it, re-encrypts it and sends it off to the website. Essentially it is a legal man in the middle attack.

Some of the key logger claims are a little alarmist to put it politely. It does depend on the laws in your country and while employers can observe you and intercept your communication while using their computers and network, keylogging and stealing your password for identity theft is highly illegal. If people are at work genuine believe that your employer is stealing passwords, they should inform the police / relevant authorities.

apart from key-logging or other host installed stuff, they could have a proxy and be proxying the SSL. You have to check your certificate to make sure your have gmails, and not the company's proxy cert.....

nevermind, huangker above beat me to it....

Thanks for all the feedback.

It seems the safest thing to do is not to access my own personal email using my workplace network.

Though out of interest, are SSL proxies installed on the network; or would need to be installed on each individual PC and to bypass SSL proxy, would using portable firefox be a solution?

-{ Quote: "It seems that the safest thing to do is
not to access my own personal email using my workplace network." }-
;) ;)