Jump to content

Seeing your VPN by the company

Urukod
By Urukod
in Networking
 Share
Posted

When before connecting your phone and start using internet on it at the office of a company if your are one of their employees, there’s always some kind of internet usage policy. And some time, you have to install a certificate for “protecting their WiFI”. In the internet usage policy, there is always a paragraph that says “you can’t install and start using any form of bypass WiFi security protection such as VPN” or something like that.

 

 

Unless blocking each VPNs servers one by one, is there a effective manner to the company that they can see your using a VPN and blocking your device / some form of penalties?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Urukod said:

In the internet usage policy, there is always a paragraph that says “you can’t install and start using any form of bypass WiFi security protection such as VPN” or something like that.

Internet usage policies are more of legal protection than anything else.

 

In-terms of actually enforcing that, I'm sure there are services such as Proofpoint or Palo Alto that would keep a running log of VPN service IP addresses and block traffic to those. Most of this stuff is outsourced. 

ask me about my homelab

on a personal quest convincing the general public to return to the glory that is 12" laptops.

cheap and easy cable management is my fetish.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

DPI can detect various types of VPNs.  Just look at what China is doing on their end to prevent VPN usage.

 

It's not 100% foolproof (as one using technologies like Shadowsocks, or OpenVPN + the obfuscate patch + TLS encryption of both data and control channels can be very difficult to identify), but detection rate can be pretty high without having to know all the popular ASNs from VPN providers (which can be worked around anyway by running your own VPN in a VPS or even at home).

 

That ease of detection means you are quite likely to get caught, and then be summoned into the HR's office...

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

So it the same thing for all VPN technology, including IPSec, OpenVPN and WireGuard?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 8/11/2020 at 12:53 PM, Urukod said:

So it the same thing for all VPN technology, including IPSec, OpenVPN and WireGuard?

Some are easier to block (like IPSEC) others are harder (like Shadowsocks), and others will depend on how you set them up (OpenVPN).

 

I'm not sure how easy it is to detect Wireguard.  Right now it's very new, so I assume very few networks would be secured to specifically block that particular protocol at this time (outside of blocking ASNs owned by the VPN provider).

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Just remember, all trafic is probably loged and archived for later use. Even if it’s hard now to detect, it can be easy later. 

   
 
 
 
Spoiler
CPU : Intel 14gen i7-14700K
COOLER :  Thermalright Peerless Assassin 120 White + thermaltake toughfan 12 white + Thermal Grizzly - CPU Contact Frame Intel 13./14. +  Coollaboratory Liquid Ultra
GPU : MSI RTX 2070 Armor @GPU 2050MHz Mem 8200MHz -> USB C 10Gb/s cable 2m -> Unitek 4x USB HUB 10 Gb/s (Y-HB08003)
MOBO : MSI MEG Z690 UNIFY
RAM :  Corsair VENGEANCE DDR5 RAM 64 GB (2 x 32 GB) 6400 MHz CL32 (CMK64GX5M2B6400C32)
SSD : Intel Optane 905P 960GB U.2 (OS) + 2 x WD SN850X 4TB + 2 x PNY CS3140 2TB + ASM2824 PCIe switch -> 4 x Plextor M8PeG 1TB + flexiDOCK MB014SP-B -> Crucial MX500 2TB + GoodRam Iridium PRO 960GB + Samsung 850 Pro 512GB
HDD : WD White 18TB WD180EDFZ + SATA port multiplier adp6st0-j05 (JMB575) ->  WD Gold 8TB WD8002FRYZ + WD Gold 4TB WD4002FYYZ + WD Red PRO 4TB WD4001FFSX + WD Green 2TB WD20EARS
EXTERNAL
HDD/SSD :  		XT-XINTE LM906 (JMS583) -> Plextor M8PeG 1TB + WD My Passport slim 1TB + LaCie Porsche Design Mobile Drive 1TB USB-C + Zalman ZM-VE350 -> Goodram IRDM PRO 240GB
PSU :  Super Flower leadex platinum 750 W biały -> Bitfenix alchemy extensions białe/białe + AsiaHorse 16AWG White 
UPS :  CyberPower CP1500EPFCLCD -> Brennenstuhl primera-line 8 -> Brennenstuhl primera-line 10
LCD :  LG 32UD59-B + LG flatron IPS236 -> Silverstone SST-ARM11BC
CASE :  Fractal R5 Biały + Lian Li BZ-H06A srebrny + 6 x Thermaltake toughfan 14 white + Thermalright TL-B8W
SPEAKERS :  Aune S6 Pro -> Topping PA3-B -> Polk S20e black -> Monoprice stand 16250
HEADPHONES :  TOSLINK 2m -> Aune S6 Pro -> 2 x Monoprice Premier 1.8m 16AWG 3-pin XLR -> Monoprice Monolith THX AAA 887 -> 4-pin XLR na 2 x 3.5mm 16 cores OCC 2m Cable -> HiFiMAN Edition XS -> sheepskin pads + 4-pin XLR na 2 x 2.5mm ABLET silver 2m  Cable -> Monoprice Monolith M1060 + Brainwavz HM100 -> Brainwavz sheepskin oval pads + Wooden double Ɪ Stand + Audio-Technica ATH-MSR7BK -> sheepskin pads + Multibrackets MB1893 + Sennheiser Momentum 3 +  Philips Fidelio X2HR/00 + JBL J88 White
MIC :  Tonor TC30 -> Mozos SB38
KEYBOARD : Corsair STRAFE RGB Cherry MX Silent (EU) + Glorious PC Gaming Race Stealth Slim - Full Size Black + PQI MyLockey
MOUSE :  Logitech MX ERGO + 2 x Logitech MX Performance + Logitech G Pro wireless + Logitech G Pro Gaming -> Hotline Games 2.0 Plus + Corsair MM500 3xl + Corsair MM300 Extended + Razer goliathus control
CONTROLLERS :  Microsoft xbox series x controller pc (1VA-00002) -> brainwavz audio Controller Holder UGC2 + Microsoft xbox 360 wireless black + Ravcore Javelin
NET :  Intel x520-DA2 -> 2 x FTLX8571D3BCV-IT + 2 x ASUS ZenWiFi Pro XT12
NAS :  Qnap TS-932X-2G -> Noctua NF-P14s redux 1200 PWM -> Kingston 16GB 2400Mhz CL14 (HX424S14IB/16) -> 9 x Crucial MX500 2TB ->  2 x FTLX8571D3BCV-IT -> 2 x Digitus (DK-HD2533-05/3)
Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×