Am I secure from network monitoring software if HTTPS is used?
Solution 1:
Before answering: If a browser warns you a site is using poor encryption or supplying incorrect identity information, it's important to read the error, understand it, and think hard about whether you want to continue.
Short Answer: Yes, if you're using a trusted device
Long Answer:
If someone is monitoring your connection from another computer (somewhere between you and your bank) and you are using HTTPS, and they are using signed certificates with a suitably strong algorithm, then you are in the clear. (Unless they save the data for years and later read it after the algorithm is broken - but they'd likely be better off breaking into your house and stealing your stuff ;) ).
Chances are, if it's your bank, then they are using signed certificates with a suitably strong cipher. You can verify this by looking at the SSL information for the page, which should be displayed if you look at the page info, click on the Blue or Green name to the left in the address bar with Firefox 3.5, or click on the lock to the right in the address bar in IE8. Firefox will also display the encryption algorithm used if you select More Information after clicking on the coloured area.
If you don't trust the device you're using to connect (such as a computer that is not your own that could have been modified by others), then it's of greater concern. Now, your workplace is likely not going to do anything illegal like look at your banking information; but it is possible for SSL to be undermined if your system is compromised. It could be that your computer is configured to accept certificates signed by a proxy (inspection of the certificate or certificate pinning would thwart this). However, surveillance could be anywhere - a keylogger wouldn't even need to defeat SSL to capture your banking credentials, for instance. SSL makes it so you don't need to trust the connection between two trusted endpoints, but if the endpoint itself is untrusted, all bets are off.
Solution 2:
No, not neccessarily. Your company may send your connection through a proxy that acts as a man-in-the-middle. That is: All HTTPS traffic goes from your machine to the proxy, is decrypted there, analyzed, encrypted and sent to the server. Your machine will not use the security certificate from the server, but instead the proxy will generate one for the given website and send that to you, so you really have two HTTPS Connections: From you to the proxy and from the proxy to the server.
In other to make that happen, the company needs to have a certificate server to generate a certificate. Normally the browser would object here and complain that the certificate authority is not trusted, but of course that can be overridden through group policies and the like.
This is not necessarily foul play by the employer though, as this can be part of an anti-virus concept or due to legal reasons.
In your browser, look at the certificate. Especially, look at the certificate authority. If the certificate is issued by a "real" CA like Thawte, VeriSign etc., then that would mean that you're using the one from the server and you should be safe. However, if it is issued by something like "YourCompany-AV" or the like, then you have a man-in-the-middle proxy.
Solution 3:
Generally speaking, you are safe.Because the when you visit the website of bank through https connection, all data like user name and password are encrypted, it is hard to decrypt it in a very short time, unless they know the encryption algorithm very well. However, there's other attack such as key logger,man in the middle will work if they are knowledgeable.Always pay attention to the environment before you enter the sensitive information.
Solution 4:
If you are using a company owned machine and have agreed to the companies policies there may be issues at hand that are specific to your company. Without knowing any further details I'd say you should be secure, but I have to balance that with a caveat. Technically it is possible, but if you lead a "normal" life there are plenty of things that you face every day that present a much more likely risk to your personal data than the scenario that you are asking about.
Some basic things to be aware of. The company could still be aware of which sites you are visiting and for how long. The data may be encrypted, but it still has to be routed so the address that the data is going from and to is exposed.
The advice in other answers about taking advantage of any security features of your browser is good. I'll add that you should take a moment to review your companies policies that relate to personal data on work machines.