If an office has a nicer hardware Firewall like Cisco, Sophos, etc. What shows up on the Firewall monitoring software when a workstation uses a VPN to access a site like Sigforum?

Usually just information such as date, time, originating and terminating IP numbers and type of connection. If it's TCP (persistent) connections: Perhaps length of connection time or separate connection/disconnection log entries.

If you mean content: Not likely. If for no other reason than that would require a massive amount of storage space.

For HTTPS and other SSL/TLS connections content would be a non-issue, as it's end-to-end encrypted.

If you are using a VPN inside a work network,

the security guys should pay you a visit.

It would be like we can't see what you are doing but we can see you are doing it.

quote:

Originally posted by sig2392:
It would be like we can't see what you are doing but we can see you are doing it.

When I was still doing the job I could examine, even capture, such traffic on-the-fly if I so desired--as long as it wasn't encrypted. Most network admins and security peeps have more important things to do with their time. I know I certainly did

That being said: Accessing off-site services for amusement's sake while connected to the corporate VPN could be regarded as network abuse. IIRC, I had our firewall configured to prohibit such activity.

I was thinking more about a private, personal VPN on a small company network/firewall. Like using Nord on a browser to access your own payroll portal or Sigforum. Not much else.

quote:

Originally posted by Oz_Shadow:
I was thinking more about a private, personal VPN on a small company network/firewall. Like using Nord on a browser to access your own payroll portal or Sigforum. Not much else.

Oh, you mean using an off-site VPN to access Internet stuff from inside the corporate network? E.g.:

Corp. LAN <-> firewall <-> Internet <-> VPN <-> Internet <-> <stuff>

Like that? Heh. I'd have shut that down in a New York heartbeat the instant I discovered it, booted your machine off the network, and reported you to both my and your management.

Oh, and to answer what I now believe I understand to be your question: All they'll see is encrypted connections to an off-site VPN, which is exactly what a VPN is meant to achieve. They'd have no way of determining what you were accessing or why. Which is why I'd terminate the activity forthwith--with prejudice.

quote:

Oh, and to answer what I now believe I understand to be your question: All they'll see is encrypted connections to an off-site VPN, which is exactly what a VPN is meant to achieve. They'd have no way of determining what you were accessing or why.

If they are even remotely competent, there will be a corporate certificate installed on anything that touches the network which would then allow them to decrypt any traffic traversing the network.

quote:

Originally posted by Gear.Up:
If they are even remotely competent, there will be a corporate certificate installed on anything that touches the network which would then allow them to decrypt any traffic traversing the network.

That isn't how it works.

When you connect to a VPN like Nord, the VPN server provides you a certificate you use with that server. That cert is unique to your client and that server. The key exchange dialogue between client and server sets up a temporally-unique encrypted connection such that, even if somebody else had a copy of your credentials, could not be decrypted on-the-fly like that.

The only way to achieve what you suggest is called a "man in the middle" (MITM) attack, where something between the client and the server spoofs the client into believing it's the server and the server into believing it's the client. It then decrypts and re-encrypts in both directions.

Providing certificate security is intact or some kind of public key infrastructure is used (e.g.: a certificate authority), that is regarded as impossible.

quote:

The only way to achieve what you suggest is called a "man in the middle" (MITM) attack

Which is exactly what is happening on a company network with their certificate installed.

quote:

Originally posted by Gear.Up:

quote:

The only way to achieve what you suggest is called a "man in the middle" (MITM) attack

Which is exactly what is happening on a company network with their certificate installed.

Last time: That's now how this stuff works. That's now how any of this stuff works.

Newer security appliances can break down encrypted tunnels and inspect the content, then re-encrypt for the rest of the journey. The process sets up the company computers to trust the cert of the security appliance and then essentially, it does a man-in-the-middle attack. This is done to assure encrypted tunnels aren't bringing in malware. I would doubt that anyone is using this for web content filtering. Not even sure if it can, though probably. Mostly it's used to look for and inspect unknown executables and malware coming inbound. I know this occurs on our network for SSL and HTTPS. I assume it can be done for client VPNs, but perhaps not.

If the firewall doesn't crack the encrypted traffic and inspect, it won't have much visibility. Most traffic is encrypted nowadays.

Simple rule: Don't use your companies assets, including the network, for anything other than company business. Security is not a static thing, it evolves. As Security evolves new capabilities are installed in promiscuous mode, all traffic passes but is logged, stored and analyzed. Everything on your laptop looks normal. Until it doesn't. Best case is your VPN is blocked and you hear nothing. Worst case? Use your imagination.

I state this as a long time IT person who has had technical and managerial involvement with implementing security: Use your personal device on your home network for anything not company related.

Yep you should just turn off wi-fi and use your cell data on the phone to do personal business, best done while you are sitting in stall in the can during a major droppage so nobody wants to know who you are much less what you might be doing in the stall...

Some people in SigForum are so smart, they must have a sore head.. . Smartest people I have ever read. One of these days, I'm just going to ask what is the meaning of life? Dont tell us now. We know you know..

To the OP: if it’s any competent IT, VPNs will automatically be prevented. Ask me how I know. I tried using a web based vpn service to get around needing admin permission to be install software.

But most companies allow incidental web browsing. Heck, my last company had an expressed policy against streaming video and I still went on YouTube or I Heart Radio. I listened to it while I was working.

quote:

Originally posted by David Lee:
One of these days, I'm just going to ask what is the meaning of life.

Just read my tag line.

quote:

Originally posted by Rey HRH:
To the OP: if it’s any competent IT, VPNs will automatically be prevented.

It's difficult to automatically prevent VPNs. Just ask the Chinese . Sure, one can block the most commonly-used ports and the known VPN services, but there's nothing to stop somebody from firing-up a VPN on an off port, even a port designated for a different service, on a new server.

quote:

Originally posted by Rey HRH:
But most companies allow incidental web browsing.

I don't know about "most," but many do. We did.

I'd occasionally have some manager express an interest in knowing what non-work-related things their employees were doing. I usually respectfully declined to provide such information--generally on the grounds that I had neither the time nor inclination to play network cop and that their employees' performance was a management issue, not a technical one.

Now it would happen, on occasion, that in the course of my looking into this or that, I'd notice activity that appeared to be... excessive or I knew would be trouble if it came to the attention of management. In such cases a quiet hint to the individual responsible took care of the problem.

quote:

Originally posted by Rey HRH:
Heck, my last company had an expressed policy against streaming video and I still went on YouTube or I Heart Radio. I listened to it while I was working.

We did not have such a policy, but we did have a policy against excessive use. When I discovered such use I simply terminated it, with prejudice. No warning, notice, or appeal.

quote:

Originally posted by ensigmatic:

It's difficult to automatically prevent VPNs. Just ask the Chinese . Sure, one can block the most commonly-used ports and the known VPN services, but there's nothing to stop somebody from firing-up a VPN on an off port, even a port designated for a different service, on a new server.

FWIW, I set up Open-VPN on my Asus router at home, so I can VPN into my home network from most anywhere using my phone or laptop. Works like a charm, and does 2 things:

1] Keeps people at Coffee Shops, Airports and Hotels from grabbing my traffic.
2] Gives me secure access to my home network including my security cams etc

well worth doing, and very simple. Worth it to get a new router to get this feature.

Using this from any network that allows you to use your own device, I don't see how anybody in-between could grab your traffic without a huge amount of decryption effort. It would be very difficult for them, which is why VPN is so popular in the first place.

quote:

Originally posted by radioman:
FWIW, I set up Open-VPN on my Asus router at home, ...

If your router supports it, you might want to look into WireGuard. It's allegedly faster, easier and more secure than OpenVPN.

If I go to the trouble of setting up a VPN, WireGuard is what I'll probably use.

quote:

Originally posted by ensigmatic:


If I go to the trouble of setting up a VPN, WireGuard is what I'll probably use.

Good to know. Thanks.

quote:

Originally posted by ensigmatic:
Last time: That's now how this stuff works. That's now how any of this stuff works.

I'm not sure why the misunderstanding here but we must be talking about different things.

Would you agree that it's possible to decrypt traffic via proxy server, inline method, etc.?