the internet and network traffic can be monitored but your desktop
activity is not open

I use Ubuntu LIVE on a usb thumb drive when Im at offices where Im
trouble shooting a problem and they never know.

Speaking as a Director of IT at an investment firm, if the company network runs
all web traffic through a proxy, it won't matter what OS you use on the desktop
- they'll still be able to see what sites you've been to. In addition, if
they've blocked some sites or classes of sites, those would still be blocked for
you.

but what if i run it on the cd and not through the hard drive?

network monitoring is not done at the local machine.

On my network (234 devices), I'd find him in 30 minutes (as long as the
network cable was attached), even if he never went on the internet.

All devices on my network are static IP, and I have a DHCP scope of 5
addresses, as soon as one of those 5 ip's answer a ping, I get an alert.

I then query my switches for that IP and in 30 minutes I would be standing
over his shoulder (with walking papers)

When you boot a live CD, if there is a network cable attached, Linux WILL
REQUEST AN IP...

It's always best not to try to bypass the safeguards that are setup in a
workplace (could cost you your job)

The policy is to stop people putting their CDs. memory pens etc. in a
networks business terminal computers along with any virus they may
easily be carrying, so its not only breaking the rules, it amounts to an
attack in the networks I built.

The work-around for that is to use a private VPN. The data going to
and from the PC will be encrypted.

That's assuming the firewall allows unauthorized out-bound VPN traffic.

Im a network newbie.
Does this mean they can SEE what I do on a linux desktop? Or they
can just see what websites ive been too?

If you're running Linux from a LiveCD on a corporate desktop, then:

1) there will be no record _on the PC itself_ of what you've done.
2) any traffic to or from the machine will be visible on the network. With the
right tools, all details of your activity will be visible.
3) any connections made to outside servers will be seen (and most likely logged)
on the firewall and traceable back to the originating PC on the corporate
network.
4) if you use an encrypted data stream (VPN), the network manager will be able
to see that encrypted stream - that will make the manager's nose twitch.
5) the corporate firewall may not let unauthorized VPN traffic out through the
firewall
6) if you're planning to go to "inappropriate" web sites, chances are that the
network admins have blocked access to those sites anyway - and they may get
alerts if people try to access those sites.
7) the corporate firewall may require an user name and password to access the
outside world.
8) if the company uses a web proxy then its entirely likely the network manager
will know exactly what you've been doing.

My recommendation? Don't screw around with Ubuntu LiveCD on the company's
assets. If you're desperate to get to specific sites, bring your personal
laptop with you, leave it in the trunk of the car, and use it at the
neighbourhood Starbucks during your coffee breaks and at lunch.

Attempting to fire your personal laptop up on the company network is likely
gonna attract attention, too.

trying to understand all this great info. re #6 if you go to a proxy, can sites
still be blocked by the company admin? #8 dont understand the company using a
proxy, can you give more detail?

re: #6 - if you're talking about an external proxy, the network manager's gonna
notice a lot of traffic to/from a specific address.

re: #8 - many companies use an internal proxy. If they are using an internal
proxy server, all web traffic from the corporate network goes through the proxy
server. No way around it.

#6 They can and will block proxy sites as they find out about them. Most
companies subscribe to a list of sites to block. Trying to get around their
filtering by using a proxy is usually considered violation of company
policy.

#8 In this case proxy means they have a server you connect to. That server
will pass on approved requests to the internet and give you a "hey, that
site's blocked" if the site isn't approved. Besides filtering, the proxy
server usually keeps a cache of frequently accessed sites to improve
performance.

They'll still be able to monitor what web sites you
visit. They'll still be able to monitor your network traffic. If they see
any abnormal traffic they're going to start looking closer at what you're
doing. They won't be able to see what's actually on your Linux desktop
screen at that particular second. If they normally remotely view people's
desktops, they usually have a written policy that says trying to get around
the monitoring "can lead to disciplinary action up to and including
termination." If your goal is to avoid monitoring, I wouldn't even go
there. You'll get caught. If your goal is just to learn about Linux using
a Live CD, I'd run it past your local IT guru so you don't get in trouble.

Seeing an encrypted data stream coming from an unexpected location on my network
would be enough to get me sniffing around.