What harm is there in installing a vpn at the work computer?

[slayerming2]

So I wanted to install a VPN at the work computer at the office. But our IT person says I can't. When I asked why, he said because "he said so"

 

Just curious, what hypothetical problems could actually exist for him to not want me to? Is there any harm?

 

edit: Need a VPN to access company website in a different region of the world, our location is blocked, and works only if I say I'm at a different location. Tried using private internet access with my phone and it works.

 

edit2: Also should I get rid of the VPN on my phone then?

[Zando_]

It'd probs make it difficult for him to monitor and control it with your companies antivirus solution. What do you really need a VPN for (I still don't understand this)?

[Oshino Shinobu]

There's no harm caused by it, provided it is a trustworthy service, but it does mean that the IT department has a harder time of regulating traffic and the types of sites you can visit. It's most likely going to be a matter of wanting to stop you from bypassing any blocks that may be in place. 

 

At a work computer, there should be no reason to install a VPN in the first place unless it is work related, such as remote access, in which case it would be allowed.

[Guest lilbman]

It's not worth losing your job over the ability to look through your Facebook feed.  

[dalekphalm]

5 minutes ago, slayerming2 said:

So I wanted to install a VPN at the work computer at the office. But our IT person says I can't. When I asked why, he said because "he said so"

 

Just curious, what hypothetical problems could actually exist for him to not want me to? Is there any harm?

Well, you could get fired, or even charged (unlikely) for tampering with company property.

 

Your VPN could also potentially mess with existing network config settings.

 

What do you need a VPN at work for, that isn't provided by your employer? It obviously isn't work related (And if it is, speak with IT and your boss, and work out a compromise).

 

The big risk I can think of, is you're allowing an outside network to connect to your work computer, which could in theory pose a security risk.

[slayerming2]

3 minutes ago, Zando Bob said:

It'd probs make it difficult for him to monitor and control it with your companies antivirus solution. What do you really need a VPN for (I still don't understand this)?

Oh okay thanks for the explanation, and I edited the reason into above.

 

So it's just an antivirus thing?

[slayerming2]

2 minutes ago, lilbman said:

It's not worth losing your job over the ability to look through your Facebook feed.  

Facebook is allowed I think at our workplace? 

[slayerming2]

Just now, dalekphalm said:

Well, you could get fired, or even charged (unlikely) for tampering with company property.

 

Your VPN could also potentially mess with existing network config settings.

 

What do you need a VPN at work for, that isn't provided by your employer? It obviously isn't work related (And if it is, speak with IT and your boss, and work out a compromise).

 

The big risk I can think of, is you're allowing an outside network to connect to your work computer, which could in theory pose a security risk.

It's 100% work related. I edited the reason into the post above.

[dalekphalm]

1 minute ago, slayerming2 said:

It's 100% work related. I edited the reason into the post above.

So you're at work, and you need to access your own company website, which is blocked? I'm confused about that. Why would it be blocked?

 

Do you have other offices around the world?

[Zando_]

1 minute ago, slayerming2 said:

Oh okay thanks for the explanation, and I edited the reason into above.

 

So it's just an antivirus thing?

Like the other guys said, it'll make it hard for the IT admin to monitor and filter your traffic. 

[slayerming2]

Just now, dalekphalm said:

So you're at work, and you need to access your own company website, which is blocked? I'm confused about that.

Let's just say this location is blocked, and other places in the country aren't. 

[knightslugger]

8 minutes ago, slayerming2 said:

When I asked why, he said because "he said so"

that's all the reason you need to NOT install a VPN.

[Zando_]

1 minute ago, dalekphalm said:

So you're at work, and you need to access your own company website, which is blocked? I'm confused about that.

The OP can just talk to the IT admin and the Manager if he needs to access this. 

[slayerming2]

Just now, Zando Bob said:

Like the other guys said, it'll make it hard for the IT admin to monitor and filter your traffic. 

Okay thanks!

[Oshino Shinobu]

Just now, slayerming2 said:

It's 100% work related. I edited the reason into the post above.

You probably need to bring it up with management if that's the case. If you can't access what you need at your workplace, that's on the company to sort out. I assume you explained this to the IT guy at your workplace. If he doesn't give you a solution, you'd be better off taking it to higher management to get it sorted out. 

[slayerming2]

Just now, knightslugger said:

that's all the reason you need to NOT install a VPN.

I guess.

[GoodBytes]

13 minutes ago, slayerming2 said:

So I wanted to install a VPN at the work computer at the office. But our IT person says I can't. When I asked why, he said because "he said so"

 

Just curious, what hypothetical problems could actually exist for him to not want me to? Is there any harm?

When enabled:

1. Windows is unable to connect to Windows Server so after a certain amount of days (90, I think) Windows will deactivate.
2. Group Policies can't be updated
3. You don't have access to your personal network drive (if any)
4. You are by-passing company firewall, which can be problematic, making you a weakness. The moment you turn off your VPN and you are infected, you can infect the companies network.
5. Company can't push additional software to your system while you are on your VPN
6. IT department doesn't want to support it, too complicated, and wasteful of resources.
7. Can't do over the network malware and virus scans.
8. Some companies have software that monitor what is running on the system. This is to find malware/virus/ransomware, and see if a process propagate through the network, and kill it, limiting the impact (it is usually all automated. Although you may get a call from IT department if you run a personal software as they don't know what it is, and a red flag might be triggered by their system).
9. IT can't remote help you.
10. You can't access locally (as in your company network) hosted websites.

If you want a personal system, to do your own thing, bring your own system. Usually some companies have a wireless network offered for this (and phones, and such), but has no connection to anything company. It might even go as far as a different ISP.

[dalekphalm]

Just now, slayerming2 said:

Let's just say this location is blocked, and other places in the country aren't. 

Okay - being evasive about it will make it more difficult for us to help you, but I won't pressure you into revealing work related info you shouldn't.

 

Basically, if your company has offices elsewhere that CAN access the website, then what you should do is have IT create a site-to-site VPN connection to another office.

 

You do NOT want to use a third party VPN, as you're essentially allowing that VPN server access (however limited) to your internal network - bad business practice.

[Guest lilbman]

3 minutes ago, slayerming2 said:

Facebook is allowed I think at our workplace? 

Ok, well, whatever you're trying to use at your workplace that requires a VPN is clearly off limits.  It must be blocked for a reason.

 

Even if you just want to use it for peace of mind, you can still be accused of accessing things you shouldn't.

[slayerming2]

1 minute ago, dalekphalm said:

Okay - being evasive about it will make it more difficult for us to help you, but I won't pressure you into revealing work related info you shouldn't.

 

Basically, if your company has offices elsewhere that CAN access the website, then what you should do is have IT create a site-to-site VPN connection to another office.

 

You do NOT want to use a third party VPN, as you're essentially allowing that VPN server access (however limited) to your internal network - bad business practice.

It's no big deal, I'll figure something out, or just do a bit of work at home. Don't want to cause trouble, and I was simply curious.

 

Just curious would I still be fine with using the vpn, private internet access, on my nexus 6p phone?

[dalekphalm]

Just now, slayerming2 said:

It's no big deal, I'll figure something out, or just do a bit of work at home. Don't want to cause trouble, and I was simply curious.

 

Just curious would I still be fine with using the vpn, private internet access, on my nexus 6p phone?

Assuming your personal phone is not connected to corporate resources (Eg: Company servers), then there's less harm, certainly.

 

But you're trying to solve a problem incorrectly. As I said, if your own website is blocked, then you should talk to management and IT, and get them to setup a site-to-site VPN Connection to another branch/office that has access to the company website.

 

This is the correct way to do it. Many businesses don't even want you to use personal property for company work.

[slayerming2]

3 minutes ago, GoodBytes said:

When enabled:

1. Windows is unable to connect to Windows Server so after a certain amount of days (90, I think) Windows will deactivate.
2. Group Policies can't be updated
3. You don't have access to your personal network drive (if any)
4. You are by-passing company firewall, which can be problematic, making you a weakness. The moment you turn off your VPN and you are infected, you can infect the companies network.
5. Company can't push additional software to your system while you are on your VPN
6. IT department doesn't want to support it, too complicated, and wasteful of resources.
7. Can't do over the network malware and virus scans.
8. Some companies have software that monitor what is running on the system. This is to find malware/virus/ransomware, and see if a process propagate through the network, and kill it, limiting the impact (it is usually all automated. Although you may get a call from IT department if you run a personal software as they don't know what it is, and a red flag might be triggered by their system).
9. IT can't remote help you.
10. You can't access locally (as in your company network) hosted websites.

If you want a personal system, to do your own thing, bring your own system. Usually some companies have a wireless network offered for this (and phones, and such), but has no connection to anything company. It might even go as far as a different ISP.

Can I still keep the vpn, private internet access, on my nexus 6p phone?

[GoodBytes]

5 minutes ago, slayerming2 said:

Can I still keep the vpn, private internet access, on my nexus 6p phone?

If this your PERSONAL phone, than yes, you can do whatever you want. Most likely the wireless you are connected to, offered by the company, is not tied to the company main network. In other words, you can't access anything from the company. It is nothing more than an internet connection coming in from the same or different ISP, to a router, and a that is connected to a bunch of access points to give wireless everywhere in the office. Might have a basic firewall, without restrictions, to give some level of additional security to everyone, as usually companies are the targets for hackers.

[slayerming2]

Just now, GoodBytes said:

If this your PERSONAL phone, than yes, you can do whatever you want. Most likely the wireless you are connected to offered by the company is not tied to the company main network. In other words, you can't access anything from the company. It is nothing more than an internet connection coming in from the same or different ISP, to a router, and a that is connected to a bunch of access points to give wireless everywhere in the office. Might have a basic firewall, without restrictions, to give some level of additional security to everyone.

Hello,

 

Okay thank you for the response.

[dalekphalm]

1 minute ago, GoodBytes said:

If this your PERSONAL phone, than yes, you can do whatever you want. Most likely the wireless you are connected to offered by the company is not tied to the company main network. In other words, you can't access anything from the company. It is nothing more than an internet connection coming in from the same or different ISP, to a router, and a that is connected to a bunch of access points to give wireless everywhere in the office. Might have a basic firewall, without restrictions, to give some level of additional security to everyone, as usually companies are the targets for hackers.

Agreed - if IT has designed the network properly, then the WIFI you're connecting to is segmented via firewall or VLAN (or both) to only allow outside internet access, and block any traffic trying to access company servers, etc.
 

Especially if they have a "separate" SSID/WIFI network for work laptops, etc.