If I run an app from a USB drive on a corporate network, can its execution be seen by the admins?
And, if that app was, say, TeamViewer connecting to my home computer, what would the traffic look like to the admins?
Asked
Active
Viewed 601 times
-3
-
2Your question really has 2 components - a device management question and a network traffic monitoring question. Part of your answer (traffic monitoring) can be found here: https://security.stackexchange.com/questions/14280/how-does-team-viewer-establish-a-remote-desktop-connection – baldPrussian Dec 19 '17 at 01:47
-
What are you plugging the USB drive *into*? That's a vital piece of information. Also, execution of *what*? The app or the USB drive? What Teamviewer traffic looks like is not a security question. – schroeder Dec 19 '17 at 07:00
2 Answers
2
If I run an app from a USB drive on a corporate network, can its execution be seen by the admins?
By default on a "normal" windows corporate setup you would not usually expect them to be notified. But a system to report unrecognized executable execution could easily be implemented - I would not be surprised if vendors offer this. What is a lot more common is blocking access to USB ports or using a policy to block execution of any file that has come from an unknown source. And attempts which trigger this policy may get automatically flagged for admin review.
Its also trivial for an admin to actively pull a list of running processes on a machine.
if that app was, say, TeamViewer connecting to my home computer, what would the traffic look like to the admins?
It would be simple enough to identify the traffic as belonging to TeamViewer - from both statistical methods on the packets and the destination IP. It would not be surprising if corporate firewalls already have explicit detection for TeamViewer connections.
I would heavily advise against attempting to launch teamviewer on a corporate machine without written admin approval. Depending on the organisation and legal jurisdiction you might find your employment ending in a matter of minutes and/or requiring a legal team.
Hector
- 10,893
- 3
- 41
- 44
-
I would second this: don't mess around on computer systems of your employer with things that are not justifiable. If you use Teamviewer to solve a problem at work (say, you forgot a file at home and you need it for the meeting in half an hour), you might talk yourself out of it even if it goes against explicit policy. If you're doing something totally unrelated to your job, you might regret it severely. – entrop-x Dec 19 '17 at 13:09
0
Yes they can if they are looking. Most corporate device management and or antivirus packages can report/log running applications regardless of what drive they are executing from. The fact that it is running from a usb drive might even make it more visible as they could be alerted to software running from an untrusted source (this is a favorite way of hackers with physical access to introduce malware into a network).
Your Admins have root/admin access to your work desktop, I can pretty much guarantee that, therefore they could see whatever you're doing (encrypted traffic or not).
Note, they 'could' not necessarily they 'do', these things require setup, and are not often implemented until someone abuses the system. Don't be that someone. As entrop-x and Hector point out, if you have a work-related need talk to your IT department first.
K.B.
- 667
- 4
- 6