• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

VPN software with regards to privacy

rh71

rh71

No Lifer
I've always wondered if they know what type of work you're doing over a VPN connection. If you hit a website, it goes through their DNS so it's possible they know what you're hitting. What if you hit your own LAN computer and access some mp3s? Do they know that you're futzing around with work-unrelated stuff or does it not even go through the VPN software for that?

Generally speaking, does VPN software only create a tunnel via DNS settings, assign an internal IP, and nothing more (on a basic level)? What else can realistically be tracked?
 
They might not be able to listen to your music or see your pictures but they would know what you are doing.
 
I'm surprised that two machines on the same LAN requesting local shares would still need to go through the established VPN connection just because it's open. Is it designed in such a way that EVERYTHING outbound from that machine goes through the company VPN first?
 
If it's on the same LAN, it shouldn't be going out the VPN. I repeat, shouldn't. The VPN I use for work, internet doesn't even go through that, only things that are destined for that network go through the VPN.
 
That depends on your setup too. You could set that up to where you go thru the vpn for internet connectivity, but it would be harshly slow.
 
I do have some options for "which network would you like to access"...

internet
company's intranet
both

Right now it's on both and I can access internet sites, but when I change it to company's intranet only (managedVPN - IPSec), I can't get to the Internet, but I can get to my shares. I wonder if that makes it anymore private for me.

I guess I'm trying to understand if it affects DNS & IP only, as opposed to everything (all packets going thru VPN when connected).
 
what do you mean more private for you? a vpn is about as private as its going to get. Also, generally the reason why you cant access the internet via the vpn is that it will bog the whole network down if you try to download thru the vpn. Remember, a vpn is essentially a long distance (usually) relationship between you and the network itself. If you try to access the internet from the vpn, you could literally do several things to hurt the network, and, also, you could basically bog the vpn down so bad that it would have to be shut down and brought back up. This causes alot of headaches for the IT peeps...
 
Originally posted by: Tbirdkid
what do you mean more private for you? a vpn is about as private as its going to get. Also, generally the reason why you cant access the internet via the vpn is that it will bog the whole network down if you try to download thru the vpn. Remember, a vpn is essentially a long distance (usually) relationship between you and the network itself. If you try to access the internet from the vpn, you could literally do several things to hurt the network, and, also, you could basically bog the vpn down so bad that it would have to be shut down and brought back up. This causes alot of headaches for the IT peeps...
Click to expand...

What's even worse of a headache for IT people is when split tunneling is enabled (Corporate traffic going over VPN and internet traffic going over the person's own internet). This could open up the corporate network to attacks it might not ordinarily be susceptible.
 
Originally posted by: Jamsan
What's even worse of a headache for IT people is when split tunneling is enabled (Corporate traffic going over VPN and internet traffic going over the person's own internet). This could open up the corporate network to attacks it might not ordinarily be susceptible.
Click to expand...

Which sounds exactly like what the OP is describing. He can set options for "which network would you like to access".

What kind of IT department lets the End User control whether Split Tunneling is enabled or not?
 
^ I mentioned I COULDN'T get to the internet at all when I chose the intranet only option. So if I have it on "both", internet is apparently thru the VPN as well. No split applies here, am I right? I'd get a warning if I try to visit something like playboy.com.

At any rate, I'm looking at this from my perspective, not the IT department's (our company is IT btw). I just want to understand the how/what they know of what it is I'm doing on my end when I connect to the VPN. I don't want to hear the typical answer of "well it's their laptop, they can & will do whatever they like". 😉 I'm not trying to beat the system, I'm trying to understand it.

From what I'm hearing... when I'm connected, they could know exactly which filenames on my own LAN are accessed (but they cannot physically access them).
 
If you have a remote appliance installed on your machine, like we use, then you are letting them in. This is how they would know what you are doing. Also, inside of the router or firewall appliance is usually a log. You can find anything you want in that....
 
Originally posted by: JackMDS
Originally posted by: rh71 I'm not trying to beat the system, I'm trying to understand it.
Click to expand...

Did you try to ask the people that implemented the system?
Click to expand...

No, this is a huge company... and if I tried to email them asking an FYI question they'd probably laugh and say stop wasting our time.
 
In my case, the VPN itself doesn't "watch" you. The agent on the device would to an extent. When you get a laptop from me, it will have the software licensing agents, websense agents and antivirus on it before you even log in for the first time.

I don't care if your listening to mp3s off your memory stick, but I do care if you store them on the server shares since there are legal risks and actual cost associated with those. The agents won't scan for that as much, but I will know you installed something like winamp because the software agent will note it in the systems software list.

We don't split the VPN due to the security issues that come with it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top