IT people: what can companies actually detect?

Posted by Fit_Balance_2221@reddit | sysadmin | View on Reddit | 43 comments

I work from home on a company provided laptop, and I’m technically only allowed to work from my house (they say for security reasons). My employer did say I can work from coffee shops or whatever with permission. However, I don’t use any specific company programs, downloaded programs or anything like that, I just work on third party websites (client’s portals, outlook, teams, etc). My question is, how do I work abroad without my company finding out?

My plan had been to leave my company computer at home, as they track the location of the physical computer, and use my personal computer with a vpn set to my home city, but would they be able to see a lack of activity on the work computer? Can I log into the websites that I use from a different computer without them being able to tell? I can’t download a vpn on the computer because they can see what I download. What’s the best solution?

[-]

VA_Network_Nerd@reddit

Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.

Inappropriate use of, or expectation of the Community.

There are many reddit communities that exist that may be more catered to/dedicated your topic.
Consider posting (or cross posting) there with specific niche questions.
Requests for assistance are expected to contain basic situational information.
They should also contain evidence of basic troubleshooting & Googling for self-help.
Keep topics/questions related to technology/people/practices/etc within a business environment.
When asking a question or requesting advice, please update your original post with any new information, or solution (if found).
This will make things easier for anyone else who may have the same issue or question in the future.

If you wish to appeal this action please don't hesitate to message the moderation team.

RadiantWhole2119@reddit

I mean this will all due respect.

People like you are who people like us generally can’t stand. Trying to subvert company security policy for personal benefit. It’s people like you who expose and are causes for breaches.

Wanna work abroad? Take time off. Wanna work abroad regularly? Find a company who’s cool with it.

dewatermeloan@reddit

You'll trigger an impossible travel event on the SIEM if you use a VPN. This will happen if you try this, I'm 90% sure.

spellcasterGG@reddit

This is not the sub for this (stupid) question, and likely violates company policy. People will know one way or another, and you'll likely get let go. Do not do this.

biznatchery@reddit

Right! Go to r/homelab or something! And the fact that they are here says they’re to stupid to implement the kind of solution that would work. It’s not even worth explaining, or you’ll be their tech support. Why do people post like this before they even ask ChatGPT?

They probably did ask ChatGPT first, and that VPN remote mess was the "solution" it gave them. This post was just a "sanity check" if you could even call it that.

hihcadore@reddit

Hotspot your phone.

Have your phone connected to a vpn.

arpdevx@reddit

Si haces tu trabajo, no creo que les importa mucho de donde trabajas, si es tu casa, lasa de tu novia, cafeteria, hotel, etc. Con M365 hoy en dia pueden ver ubicaciónes, pero los admin no pasan el dia viendo eso, eso seria perdida de tiempo, al menos que algo se reporte los de seguridad, por ejemplo inciar sesion en tu cuenta desde otro pais, varias veces, eso si sale una alerta. Por el resto 80% de mi compañía estan en remoto, a nadie le importa donde estan, hacen y cumplen su trabajo. Fin

BlitzChriz@reddit

Best solution? Honesty.

This web of lies will burry you hard that the only way out is to quit.

brunogadaleta@reddit

Or vpn to his home ? Lol

Enough_Pattern8875@reddit

There are always ways of circumventing security controls and audits but do you really think someone asking the question posted is smart enough to pull it off without getting caught? 😂

Asleep_Spray274@reddit

Vpn to your home computer and RDP to your work laptop. All signins will come from your home location.. but what is your home location? You don't have a fixed IP.

Or any time you are out. Use a hotspot that vpns the traffic via your home vpn server.

There is nothing secure about your house. They are just trying to micro manage you. Stupid rules are there to be worked around 😜😜😜

NWijnja@reddit

Which would be impossible for a proper workplace setup as rdp will either be disabled or only granted to a specifc group of users which you can't override because you're not a local admin. Companies still handing out laptops to it personell with local admin privileges should be blacklisted by serious clients.

Impossible in some, possible in others. If impossible in ops environment, then it's a non runner, if it's possible in ops environment, it's an option.

We are not being asked what his company thinks he should do. He's asking what he could do

Ragepower529@reddit

What kinda idiots will allow rdp on personal company laptops. It’s even disabled with the Microsoft default baseline setting

As a sysadmin you don't have local admin rights on your laptop? Oh dear. Sucks ass to be you

Dave_A480@reddit

1) All this downloading can get you fired for violating software installation policies.... Your employer's security also sucks insofar as they let you install stuff on your own

2) They can see that you have installed software & what it is.... Adding a 3rd party scam-VPN won't go un noticed....

3) Help me break cyber security rules isn't the purpose of this sub

Th3Sh4d0wKn0ws@reddit

This is something I do quite a bit at work. I've caught a lot of really tech savvy people. It's not worth it.

Last guy was using a small travel router with a NordVPN subscription to push all his traffic to the state he was supposed to be in. The computer provided a different location. He was let go. Is that risk worth whatever trip you're trying to go on?

Adam_Kearn@reddit

If your IT has not blocked Remote Desktop you could prob enable it under settings then remote into it by hosting a VPN on a raspberry PI and then connecting into that to then RDP onto the work laptop.

But there is no point lying - ask if the option is even available they might just say yeah that’s fine as long as you follow X policy

zantehood@reddit

My guess is thia could be easily subverted, inject keystrokes from a virtual keyboard/mouse and have external display.

Connection would probally be piss poor, and yes obiviously you are violating fair use policy

GhostandVodka@reddit

You aren't going to get any friend responses here. You are asking for advice subvert company policy to the people who earn their living supporting company policy.

It's there for a reason. Do what youre supposed to do and earn your paycheck.

Lower_Fan@reddit

it depends on the maturity of your company. but at the most invasive level they can see what programs you use, websites you visit down to the specific urls. the buttons you clicked, files you download/uploaded. when and from where.

_Do_The_Needful_@reddit

We get alerted immediately if someone is trying to connect with a 3rd party VPN. We also don't allow personal devices to connect to our M365 tenant. Your place may be different, but purposely trying to circumvent IT controls will get you fired at our organization.

For most customers we implement conditional access with specific countries allowed, same for our corporate vpn. So yes, we can tell if you're abroad trying to do work when you call the servicedesk to asky why vpn isn't working amd you can't access anything

Technical-Procedure3@reddit

Since you are asking, you already know they would not approve of you working abroad. You are putting your company at risk. What are you going to do if a VPN does not allow you to connect? They absolutely can tell if they want to know.

dr_z0idberg_md@reddit

The short answer is everything. The questions are: do they want to, do they have a need to, and how much monitoring actually happens. In terms of technology, it can all be done. But why would the company need to? Is there a person or team managing these monitors and taking action/reporting? Is remote work a curse or blessing for the company? If your company needs to monitor its remote employees, then there is a deeper underlying company culture issue. Security concerns are usually a higher concern than employee productivity.

Test-NetConnection@reddit

If you are really sneaky, you can leave your work laptop at home, use tailscale or another VPN solution to access your home network, and then remote into the laptop. There are solutions that will mirror the output of your laptops monitor to your personal device and allow you to relay keystroke and mouse movements from your physical device. Nothing runs directly on your work laptop and the device mirroring keystrokes/relaying what's on your monitor appears as nothing more than a dock.

thebigshoe247@reddit

You could look into connecting an IP KVM to your computer, and remotely connect to it that way.

Even then, it can be detected.

rodface@reddit

How many employees does this company have

I would feel brave even working in a different city in your country of hire from where you are expected to be (for remote position). I will confess to not being well versed on typical remote work arrangements but I believe your work site is very much relevant to the company’s taxes and accounting etc.

If anyone does comment I would be very interested to hear about a reliable way to detect whether a user is connected from office vs non-office locations when the whole company uses always-on VPN.

Kreuzi4@reddit

noone will see anything without explicitly looking at your data/notebook activity, normaly noone is interested in that. if they decide to look specifliy at you/your notebook, for any reason whatsoever, they can see pretty much everything if they wanted. your are 99% save i would think, but the 1 % hits realy hard

Acceptable_Mood_7590@reddit

The will know you are using VPN and the security software nowadays flag inconsistent IP for a user. If through browsing history they somehow find out you are in another country, it will be a disciplinary so don’t risk anything without any agreement from your gaffer

ItaBiker@reddit

You do not. Your login from abroad will be auto flagged as an outlier and your soc will open an incident. It's a stupid way to lose your job.

If you don’t know the answer to this then probably don’t do it. In terms of what we can detect it matters what’s products we are running and how much we actually care. However when HR asks use to do an investigation we can detect to as far down as how long a click on a website takes to resolve the dns. If it’s about 14-20ms for most people then it means they are doing something funny. Which will promt us for further investigation.

Also I would not recommend working abroad more then likely you’ll not be allowed to sign in and even for a split 2nd if your vpn connection slips you’ll probably be auto located out and need to call IT to unlock your account.

For us we have it so if any VPN usage is detected then you are automatically disabled. Since that is an act vector. Not to mention you won’t even be able to connect to a vpn on the device.

grv144@reddit

Then can see what they’ve decided to see. I would leave company PC at home (device location), connect some network KVM (keyboard, mouse, monitor) and connect to KVM remotely. Alternatively RDP to company PC if it’s allowed (visible network session).

Impossible_IT@reddit

They detect everything

VivienM7@reddit

Umm... it's not exactly hard to notice for them to notice if you're connecting to M365 services like Teams/Exchange Online/etc from a non-company-issued computer.

Also, there are lots of solutions out there that will detect obvious VPN use. So that will probably cause something to light up like a Christmas tree in their IT department.

Non-company computer connecting through a VPN endpoint = major league red flag.

The best solution is to be honest with your employer, obviously.

macmanca@reddit

If you use any M365 web or thick clients we can see your location. My group we don’t care or check this at all unless end user has login issues. But just think if your company says you can’t work anywhere except your home they are probably monitoring staff.

Assume they can see your location if so.