Question about privacy on work computer. (Really off topic)

[Fromlostdays]

My company recently sent my office new computers. We're not a tech company, by any stretch, but we do have an IT department. Our office building has its own ISP in my boss's name. However, this morning, we got an email asking why "one of the new computers hasn't been connected to the network". We'll we didn't need it so we put it in storage, and I wasn't aware that the others were even on a network beyond the one we set up in the office for printers etc.

Lastly, the computers all came with an admin account on windows 8 we don't have access to.

So my question is, if we have our own ISP, how can we be networked with them (IT department is in a different state), and lastly how much of what I do on the net can they see? I don't care if they see browsing history, as they'll see this site, facebook, and reddit. However, I sometimes do check my bank account etc. Are my passwords safe?

(You guys are the most tech savvy people I know)

Thanks

[Krum110487]

your passwords are safe, any reputable bank will use https to prevent anyone from knowing sensitive information.

as for them knowing, it may just be that they registered the mac addresses and know from checking the router to see if it has activity, or it could be possible they have spyware installed to snoop on employees. If it is the latter, I suppose they could have key-loggers, but I doubt it, they would get in a world of trouble if they did something like that.

[KlopjerO]

Obviously I'm not familiar with the actual topography of the IT infrastructure of your company, but I'm supposed to be a professional.

I need to go off on a limb here but I'm assuming your office has managed workspaces and centralised user/e-mail management. So you will have a to set your password now and again etc.

If computers are managed through AD or a third party systems management tool they will know the computer name and MAC address of the systems they have supplied to your branch and they can monitor all sorts of things, like who logged on last what apps are installed on it and also when the last time was that the system has been seen on the network.

as for the email ,This is could have a lot of reasons. maybe it was stolen, maybe fraud. they need to know because thats a potential security breach, they need to update the CMDB and potentialy inform the police or insurance company.

now if a system isn't used by a branch, and is kept in store then there are a lot of reasons why IT wants it back.

-It's a system, and can be put to use else where in the company.

-if it's kept in stock long enough. the computer account that is stored in the Active Directory will expire and the system wont be allowed on the network. which means it has to be send back to IT anyway for a fresh install, if that can't be done locally

-if the computer account doesnt expire, and there is a situation that requires the spare to be used, but it hasn't been connected to the network for sometime, then there is the issue of security updates hot fixes and anti-virus/malware updates that the system will have to plow through. which means the system isnt safe to use untill it has received all of it's updates.

as for the ISP, there are a number of ways that IT can access your network or vice versa. assuming it's a broadband connection I would assume that your branch is connected to the corporate network through a VPN or other secure tunneling method so that you have a two way connection. and (if it were me) I'd have all the Internet traffic run through a proxy on the corporate office behind some nice secure firewalls that will monitor threats and keep annoyances out and data that is not supposed to be out, in.

as for your passwords and surfing habits. trust IT, but don't assume your stuff is safe, read the guidelines for safe surfing and keep your conscience clear is all i can say.

This entire tirade is under the assumption that your still implementing cloud services etc.

I hope I haven't bewildered you any further

[Fromlostdays]

Thanks guys, you never let me down. Honestly, I don't give a damn if they keylog every word I type. I just wanted to know if I could feel reasonably secure checking my bank account.

[KlopjerO]

they won't, and you can. Don't go paranoia

[eezetee]

They can, but they probably don't.

In fact, if you happen to accept a certificate (or it was added into your system) then your company's proxy could indeed inspect your banking transactions. But like I said they probably don't.

They "easily" can, and likely do monitor web browsing stats and other traffic attributes (network, conns, etc)

For the original question about the ISP (your boss I guess) asking about that singular PC

If the user that's been assigned to that PC hasn't logged on, could flag an asset that's gone awry, or

If they indeed traffic by MAC (BIA) address (which would be surprising unless you work for the DoD or something) then they likely have an asset management system or

most likely, they've pre-built in image for the desktops and already installed some software on the desktop which registers itself upon connection.