Q about being open to an organization's network

I work for a large organization which has many satellite buildings and a central IT department. They have a pretty tight IT policy in my eyes. All of the computers have "deep freeze" which means that they are rolled back after every reboot. Nothing can change on the computer. As well, as soon as a private PC (ie someone's personal laptop) plugs into the network, the IT department gets notified.

I was also told that if the IT department wishes, they can download/extract any data that they want from your laptop if it is plugged into the network backbone. This part seems a bit far fetched to me. Obviously the IT department can track network traffic, but I was quite surprised to hear that they could essentially probe or snoop on their employee's computers. Is this actually possible, as a matter of routine or semi-routine practice? ie without hacking passwords and the like?

thanks

 

Any corporate IT worth their name is able to access the files residing in the computers in their network. All of them

 

Search for NAC, or "Network Access Control"
Usually how this works is that you need a special software, a "client agent" installed on the personal laptop in order to be able to connect to the network at all. This software for example checks that an AV is installed, everything is up-to-date and no blacklisted software is active, further it may give full remote access to the IT department.

Without such software (and no filesharing, enforced software firewall...) remotely accessing files on private systems is a tad bit more difficult. 0days are pretty expensive and besides that would be illegal too

 

Is this the case if I don't join the domain (and therefore don't necessarily conform to their security policies) and I have a decent firewall? I understand that anyone can hack/break into a computer given enough time and determination. Or, does the situation change if I use hard drive encryption?

 

FDE wouldn't change a thing, if the system is running everything is accessible in plaintext. FS level encryption is more effective, however if they got full access to a computer they can intercept the password...

The other part of the question I think I already answered but again:
Plugging in your personal firewalled computer into the corporate network doesn't magically grant the IT dep access. They aren't going to resort to black hat methods.

 

Okay, thanks Katio. Got it now.