On Thu, 4 Nov 2004 cypher@tediouspath.com wrote:
I recently violated the network user agreement (they packet-sniffed and got the username/password for my FTP server and didn't like what I was sharing with myself) and was informed by the admin that I am now 'under observation' and that they "hope I don't like privacy". Considering this admin was an NSA employee, I tend to take that threat a little seriously.
Depending on how trivial the violation was, it may be worth checking the FTP server logs, identifying the bad ones and collecting the evidence, and eventually, preferably after consultation with a lawyer, nail the admin with hacking charges. (Alternatively just threat with the same, with a remark that you hope he likes lawyers. I suppose you're located in the Land of Lawyers.) If it is better to play a repentant sinner, or go to a confrontation, depends on many more factors unknown to us, including the exact text of the network AUPs, the personality profile of the admin (he may be just power-tripping at you, but the severity of his threats depends on the exact content of your disk which you didn't specify), and other factors like if you are an employee or a student and how much risk you want to go through. Violating AUPs with cleartext protocols isn't a good idea, especially with nazi admins. Next time you may like to prefer ssh/scp, or WebDAV over HTTPS, or a simple password-protected upload/download interface written in PHP or as a CGI script, again over HTTPS (you may like to use one-time passwords for added security). If the admin in question can have physical access to your machine, put the sensitive/objectionable data on an encrypted partition.
Two questions:
1) I'm assuming they can legally look at anything that comes in or out of my computer, but is that the case? Can they look at my computer itself, or take me off the network for the private contents of my computer?
That depends a lot. If you're in a suitable uni campus, you may try to consult with local law students. This question is something a mere technician can't reliably answer.
2) Is there some sort of service I can use to have everything I do on the network encrypted, such as a tunneling service to the internet?
Yes. Depends on what you want to do; if you want to be independent on any special software installed on the computers you're operating from, I suggest a HTTPS server, with a self-signed certificate (cheaper), and manually check its fingerprint when connecting. For upload you may use a web file upload form. Don't neglect the certificate check; the admin may like to start playing games with you and launch MITM attack at your connections. Do the fingerprint check even when the browser claims all is OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This message was sent from The Tedious Path Are you ready to travel The Tedious Path? http://www.tediouspath.com http://forum.tediouspath.com