Does work VPN always compromise home privacy?

[lisa harkema]

Does work vpn compromise home privacy & security?

I work for a snooping kind of company where I would not put it past
them to watch what I do on my personal home computer if they could.

Can they "see" what I do on my home laptop when I vpn from home on my
work laptop?

Often I am asked by my manager to use Nortel VPN to connect to the
work network using my home ISP on my work-owned portable Windows XP
laptop. At the same time, I am on my home WinXP PC connecting through
the same Linksys wireless router.

I'm pretty sure when I do not VPN in from the work computer, they
can't "see" what I do on the home computer ..... but when I vpn in on
the work computer on the same network as the home computer .. .... can
they "see" what I do on the home computer?

Does VPN compromise my home security or is my home PC activity still
secure?

[David P]

On Tue, 03 Oct 2006 05:41:02 +0000, lisa harkema wrote:

> Does work vpn compromise home privacy & security?
>
> I work for a snooping kind of company where I would not put it past them
> to watch what I do on my personal home computer if they could.
>
> Can they "see" what I do on my home laptop when I vpn from home on my work
> laptop?
>
> Often I am asked by my manager to use Nortel VPN to connect to the work
> network using my home ISP on my work-owned portable Windows XP laptop. At
> the same time, I am on my home WinXP PC connecting through the same
> Linksys wireless router.
>
> I'm pretty sure when I do not VPN in from the work computer, they can't
> "see" what I do on the home computer ..... but when I vpn in on the work
> computer on the same network as the home computer .. .... can they "see"
> what I do on the home computer?
>
> Does VPN compromise my home security or is my home PC activity still
> secure?

It's not the VPN - that's the tunnel between systems. It's what is
installed and running on the works laptop including any works modified
VPN software. Personally I wouldn't allow it. The whole friggin world
wants to get in your computer worse than a teenage boy wants to get in
your daughters pants.

[David P]

On Tue, 03 Oct 2006 05:41:02 +0000, lisa harkema wrote:

> Does work vpn compromise home privacy & security?
>
> I work for a snooping kind of company where I would not put it past them
> to watch what I do on my personal home computer if they could.
>
> Can they "see" what I do on my home laptop when I vpn from home on my work
> laptop?
>
> Often I am asked by my manager to use Nortel VPN to connect to the work
> network using my home ISP on my work-owned portable Windows XP laptop. At
> the same time, I am on my home WinXP PC connecting through the same
> Linksys wireless router.
>
> I'm pretty sure when I do not VPN in from the work computer, they can't
> "see" what I do on the home computer ..... but when I vpn in on the work
> computer on the same network as the home computer .. .... can they "see"
> what I do on the home computer?
>
> Does VPN compromise my home security or is my home PC activity still
> secure?
Buy another router/whatever and have the works pc outside of the the home
system (in the internal systems DMZ). That may be enough.

[Sooner Al [MVP]]

Well, first anything you do on your "work" laptop is subject to monitoring
by your company. Its their laptop after all. Just don't do anything on that
laptop you might regret.

Secondly if the VPN is setup correctly you will not be able to access your
home LAN and other local PCs shared files/folders while connected through
the VPN to your work network. I always setup my OpenVPN server to force all
client traffic through the tunnel and back to the work network. That is a
basic security measure to isolate the work network from the remote network.

Thirdly you could setup firewall software on your home PCs to block access
to shared files/folders from your work laptop.

Basically you need to use some common sense and some practical security
measures on your home LAN.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"lisa harkema" <lisa.harkema@gmail.com> wrote in message
news:dit3i2ddbasu1j7kph0jvbn1q1201h5p9o@4ax.com...
> Does work vpn compromise home privacy & security?
>
> I work for a snooping kind of company where I would not put it past
> them to watch what I do on my personal home computer if they could.
>
> Can they "see" what I do on my home laptop when I vpn from home on my
> work laptop?
>
> Often I am asked by my manager to use Nortel VPN to connect to the
> work network using my home ISP on my work-owned portable Windows XP
> laptop. At the same time, I am on my home WinXP PC connecting through
> the same Linksys wireless router.
>
> I'm pretty sure when I do not VPN in from the work computer, they
> can't "see" what I do on the home computer ..... but when I vpn in on
> the work computer on the same network as the home computer .. .... can
> they "see" what I do on the home computer?
>
> Does VPN compromise my home security or is my home PC activity still
> secure?

[Bill Kearney]

> I work for a snooping kind of company where I would not put it past
> them to watch what I do on my personal home computer if they could.

Get a different job. Deprive them of a good employee by going elsewhere.
Make them lose all the money they've invested in you. Otherwise you're just
continuing to enable their abuse.

> Can they "see" what I do on my home laptop when I vpn from home on my
> work laptop?

Generally no. Most VPN connections are designed so that ONLY the connecting
computer is attached to the remote network. Otherwise they'd be opening up
the whole network to abuse from other computers on the connecting side of
the VPN. Think about it, if you connect from a coffee shop it'd let
everyone else get into the work network too. Not a good idea, not at all.

> I'm pretty sure when I do not VPN in from the work computer, they
> can't "see" what I do on the home computer ..... but when I vpn in on
> the work computer on the same network as the home computer .. .... can
> they "see" what I do on the home computer?

No. But if you're running XP on the other computer simply enable the
firewall. You'll see any notifications about connection attempts.

> Does VPN compromise my home security or is my home PC activity still
> secure?

No more or less secure that without the VPN connection.

[dold@XReXXDoesX.usenet.us.com]

In alt.internet.wireless Bill Kearney <wkearney99@hotmail.com> wrote:
> > I work for a snooping kind of company where I would not put it past
> > them to watch what I do on my personal home computer if they could.

> Get a different job. Deprive them of a good employee by going elsewhere.

Sometimes there are just one or two individuals who think it is their job
to snoop as hard as they can. Sometimes it's a management philosophy.

> Generally no. Most VPN connections are designed so that ONLY the connecting
> computer is attached to the remote network. Otherwise they'd be opening up

The OP can test that... open a shared volume from laptop to desktop, or
start a "ping -t" in both directions, then log on to the Nortel VPN.
The local connection should break, and not be available to restart.

> No. But if you're running XP on the other computer simply enable the
> firewall. You'll see any notifications about connection attempts.

And be quite surprised at all the trash floating around, different servers
and services trying to connect...

I see attempts from MSSQL servers and clients, vulnerability checks for
various weaknesses, maybe from the good guys, maybe from bad guys, backup
software, stuff I haven't bothered to track down...

Have a look at the exceptions list on the work machine's XP firewall...
There might be snoopy software installed and allowed.
I have seen installations where a private copy of VNCserver is installed
and running, so support can access your system for troubleshooting... of
course they can also watch anything you are doing, with your desktop
visible to them as if they were sitting in your chair.

> > Does VPN compromise my home security or is my home PC activity still
> > secure?

> No more or less secure that without the VPN connection.

True of the VPN. If the laptop is allowed to connect to the local network
without the VPN turned on, then the local computer might be subject to some
unwanted examination. If you are concerned about corporate snooping of
your home PC, the laptop should never be connected to your home network.
You can't get a VPN connection without connecting to the local network
first, so there will be exposure, unless, as someone else noted, you move
to a DMZ of some sort.

--
---
Clarence A Dold - Hidden Valley Lake, CA, USA GPS: 38.8,-122.5

[Peter Pan]

dold@XReXXDoesX.usenet.us.com wrote:
> In alt.internet.wireless Bill Kearney <wkearney99@hotmail.com> wrote:
>>> I work for a snooping kind of company where I would not put it past
>>> them to watch what I do on my personal home computer if they could.
>
>> Get a different job. Deprive them of a good employee by going
>> elsewhere.
>
> Sometimes there are just one or two individuals who think it is their
> job to snoop as hard as they can. Sometimes it's a management
> philosophy.
>

That's an interesting philosophy.. Wonder who is legally liable for what
employees do on the VPN to their home computer.... Like if you spam or spy
from your home computer, while at work, by using a VPN from your work
computer.. who is gonna get pinched?

Seems to me that whomever is liable, should be able to snoop or say no you
can't do that.... Interesting you assume that the person is a good
employee.. How do you know they aren't spamming or spying from their home
system, while at work via a vpn, and assuming they can get away with
anything illegal cuz the company is on the hook?

[dold@XReXXDoesX.usenet.us.com]

In alt.internet.wireless Peter Pan <PeterPanNOSPAM@akamailnospam.com> wrote:

> That's an interesting philosophy.. Wonder who is legally liable for what
> employees do on the VPN to their home computer.... Like if you spam or
> spy from your home computer, while at work, by using a VPN from your work
> computer.. who is gonna get pinched?

That's the reverse of the VPN utilization that I think was being presented.
An employee, using a company-provided laptop, is at home, connecting to the
corporate VPN. He's worried that the company is going to snoop his
personal home computer via the VPN that he is using.

> Seems to me that whomever is liable, should be able to snoop or say no
> you can't do that.... Interesting you assume that the person is a good
> employee.. How do you know they aren't spamming or spying from their home
> system, while at work via a vpn, and assuming they can get away with
> anything illegal cuz the company is on the hook?

I don't think I entertained the idea that the employee was or was not a
good employee.

If the company provides the laptop, they get to sniff whatever they want on
that laptop. I think legal precedent has been established for that. They
do not get free access to snoop the home computer.

Spamming via the corporate network, regardless of where the employee is
located at the time, is misuse of the corporate network. I don't see how
you could expect that the "company is on the hook". The employee, logged
in via a VPN server that keeps records of the logins, is hardly anonymous.

--
---
Clarence A Dold - Hidden Valley Lake, CA, USA GPS: 38.8,-122.5

[Peter Pan]

dold@XReXXDoesX.usenet.us.com wrote:
> In alt.internet.wireless Peter Pan <PeterPanNOSPAM@akamailnospam.com>
> wrote:
>
>> That's an interesting philosophy.. Wonder who is legally liable for
>> what employees do on the VPN to their home computer.... Like if you
>> spam or spy from your home computer, while at work, by using a VPN
>> from your work computer.. who is gonna get pinched?
>
> That's the reverse of the VPN utilization that I think was being
> presented. An employee, using a company-provided laptop, is at home,
> connecting to the corporate VPN. He's worried that the company is
> going to snoop his personal home computer via the VPN that he is
> using.
>
>> Seems to me that whomever is liable, should be able to snoop or say
>> no you can't do that.... Interesting you assume that the person is a
>> good employee.. How do you know they aren't spamming or spying from
>> their home system, while at work via a vpn, and assuming they can
>> get away with anything illegal cuz the company is on the hook?
>
> I don't think I entertained the idea that the employee was or was not
> a good employee.
>
> If the company provides the laptop, they get to sniff whatever they
> want on that laptop. I think legal precedent has been established
> for that. They do not get free access to snoop the home computer.
>
> Spamming via the corporate network, regardless of where the employee
> is located at the time, is misuse of the corporate network. I don't
> see how you could expect that the "company is on the hook". The
> employee, logged in via a VPN server that keeps records of the
> logins, is hardly anonymous.

I was going by this
"I'm pretty sure when I do not VPN in from the work computer, they
can't "see" what I do on the home computer ..... but when I vpn in on
the work computer on the same network as the home computer .. .... can
they "see" what I do on the home computer?

That seemed like using the work computer to access the home computer....

However, Even if it was from home to work, I do still sort of wonder about
who gets pinched if an illegal activity occcurs... IE if you work from home,
and do something illegal, are you liable or is the company liabel?

[Jeff Liebermann]

lisa harkema <lisa.harkema@gmail.com> hath wroth:

>Does work vpn compromise home privacy & security?

That depends on how it's setup.

>I work for a snooping kind of company where I would not put it past
>them to watch what I do on my personal home computer if they could.

What corporation would risk the bad press and breach of trust for such
a dubious and worthless pastime? Even a hint of such snooping in a
wrongful termination suit is likely to turn against the corporation.
Unless your on the board of dictators of HP, I wouldn't worry about it
much.

>Can they "see" what I do on my home laptop when I vpn from home on my
>work laptop?

Again, it depends on how it's setup.

However, if you're that paranoid the company will discover your
collection of morally degenerate porn, copyright violations, or
correspondence with the corporation, there's an easy way to be sure
they can't snoop. Install a 2nd router between your porn server and
the main router. Set it up for NAT but on a different class C subnet.
For example, if your main router puts your clients on 192.168.1.xxx,
then setup the 2nd NAT router for 192.168.2.xxx. There's no easy way
for your evil emplolyer to go backwards through the 2nd router unless
you punch it full of holes (port forwarding or triggering). This is
commonly called "double NAT". The downside is that some services that
do require port forwarding will need to be accomidated. For example,
if you're running VNC, you'll need to port forward 5800 and 5900 in
*BOTH* routers. It's a bit of work, but no big deal.

>Often I am asked by my manager to use Nortel VPN to connect to the
>work network using my home ISP on my work-owned portable Windows XP
>laptop.

Nothing wrong with that. That's the whole purpose of issuing you a
work-owned laptop.

>At the same time, I am on my home WinXP PC connecting through
>the same Linksys wireless router.

Actually, the office VPN is more at risk than you are. If your other
machines are worm, virus, trojan, and spyware infested, they could
easily attack or infect the corporate LAN via the VPN. Hopefully,
your IT department has take steps to defend themselves.

>I'm pretty sure when I do not VPN in from the work computer, they
>can't "see" what I do on the home computer ..... but when I vpn in on
>the work computer on the same network as the home computer .. .... can
>they "see" what I do on the home computer?

I assume the home computer is a different computer than your company
issued laptop. If the VPN client is located on the laptop, and the
VPN is properly setup, then the office LAN can only see the laptop and
not the home computer. If the VPN originates in the router, then the
office LAN can see your entire home network. If your company also
issued you a decent router, that isolates the VPN client from the rest
of the LAN in hardware, such as a Sonicwall , then the office can
only see your laptop.

>Does VPN compromise my home security or is my home PC activity still
>secure?

Asking the same question 3 times will not yield a better answer.
Whether your activities are secure are totally dependent on your VPN
setup, of which I only know that you're using a Nortel VPN client on a
company owned laptop. If you want specific opinions as to your
security status, you might consider disclosing some details.



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558