Work blocks RPD and starts monitoring, I change the port... I win

[ElFenix]

Yeah....no.

You can forward any port to any other port. Already explained earlier in the thread BTW.

i do this so i can access multiple computers at home from whereever. also, i've convinced myself it's more secure not to have anything on the standard RDP port.

 

[GT1999]

Okay, so I tether my cell phone. Easy fix.

 

[spidey07]

Okay, you "see" the traffic. Encrypted traffic that is. Now, tell me what the user is doing.

That's what I thought.

The user is tunneling traffic, this is detected and alerted. I don't need to know what that is to know it's against policy.

And I don't need to tell you how we detect and decrypt PKI/SSL/SSH tunnels. Because you think we can't. You're smarter than IT, you go. Yep, you got us! We didn't think of that at all. Nope, you're really onto something here.

So, when's the last time you checked your cert trust list?

 

[Wyndru]

I think the OP is thankful that his (and most people's) IT staff doesn't care so much.

I've never worked with a network admin that was not concerned with the traffic. They definitely care. It's just up to how many tools you have at your disposal to control/throttle it. Otherwise everyone bitches about how slow the network is.

Where I'm at now, we only have a T1, and we allocate 10% to youtube (I'm at a school, so the teachers use it), and it is always pinned. We recently bumped it to 30% just to see how much is really being utilized, and it pinned within 5 minutes.

Oh and we do nail the kids bypassing the proxy too, it's real easy to tell, and it's sad when we confront them, and they act like they have no idea. We even had a kid who set up his own proxy with a domain from godaddy, and used his mom's credit card number for the account. We had the ISP, godaddy and the school district involved with that one. Goodbye college scholarship crafty senior

 

[bobdole369]

He signed the policy document so we're covered for the termination

HA! got you trumped. State of my employer is Florida.

No need to even check any signature. Fire the employee for "violating network policy" No need to substantiate, or even have a written network policy. Yay Florida!

 

[yhelothar]

Since when did RDP require the client computer to have ports opened? I never ever had to open ports on client computers to connect to my home RDP host.

 

[Suspicious-Teach8788]

So it'd be smarter to browse websites on the company network directly over the connection? I don't think so. For all the company knows this way, is I may be monitoring something at home, whether that be a webcam for home security or something similar... but if I browse in the clear, then they know I'm visiting AT, checking my bank's site, etc.

If I get canned I get canned, but I'm willing to bet my job (literally) that I won't seeing other people do the same thing.

It'd be smarter to stop browsing websites period. Browsing during lunch is one thing, browsing all through the day is another.