How secure is gmail at work place?

Hello

How secure is using gmail with https://... at my work place?
Would a network admin be able to capture my login details and read my emails?
My workplace doesn't have a clear policy about using a personal email account, though anecdotally I've some people believing their accounts have been compromised.

Thanks for any advice

 

As secure as an ssl can be and usually is.

 

Better Safe than Sorry...

You Already know What you Need to...

 

They might have installed key loggers on employee's computer to monitor their computer usage. Therefore, even if you use https, you are vulnerable to identity theft.

 

I highly disagree to employers who restrict the use of work computer for SOME personal matters, but this is the rule in today's society. So my advice is not to login to any personal internet service from work, because you have no guarantee that it won't be captured by a keylogger that might be installed on that computer.

 

You could use a Linux Live CD, or anti-keylogging software, but that may not be allowed or possible. Even then, you won't be safe from hardware keyloggers.

The only real way to be certain is to bring your own machine, and always use TLS/SSL encryption. Again, that may not be permitted.

 

When you use a computer at work, it is absolutely possible for your employer to see your https connection.

Check some of these enterprise tools:

• McAfee Web Filter that can do "SSL inspection, and certificate validation directly on the Web Gateway appliance" (click on the features and benefits tab)
• Blue Coat has a similar technology called SSL Proxy
• Barracuda also has SSL filtering
• And most other web filtering companies will have this capability

What they do is put a trusted root certificate in your browser that corresponds to the gateway / web filter. The gateway / web filter creates certificates for the sites you visit on the fly. It then decrypts your traffic, filters it, re-encrypts it and sends it off to the website. Essentially it is a legal man in the middle attack.

Some of the key logger claims are a little alarmist to put it politely. It does depend on the laws in your country and while employers can observe you and intercept your communication while using their computers and network, keylogging and stealing your password for identity theft is highly illegal. If people are at work genuine believe that your employer is stealing passwords, they should inform the police / relevant authorities.

 

apart from key-logging or other host installed stuff, they could have a proxy and be proxying the SSL. You have to check your certificate to make sure your have gmails, and not the company's proxy cert.....

nevermind, huangker above beat me to it....

 

Thanks for all the feedback.

It seems the safest thing to do is not to access my own personal email using my workplace network.

Though out of interest, are SSL proxies installed on the network; or would need to be installed on each individual PC and to bypass SSL proxy, would using portable firefox be a solution?