1

I am a software engineer by profession and as of now doing wfh. So we always connect to VPN and I know my activities will be monitored. But what will happen if I disconnect from VPN? Will IT team be able to monitor what I browse or access? I am just curious to know this. It is my office laptop and we have softwares installed on it.

Anony
  • 111
  • 3
  • Monitored by what? Is it a work computer? Or if it's your personal computer, has work installed any software on it? Your question needs more detail to be objectively answered. – multithr3at3d Apr 15 '20 at 16:40
  • This question provides some useful information, even though it is specific to Cisco AnyConnect, which you may or may not be using: [Help to secure my connection to my company VPN (Cisco AnyConnect)!](https://security.stackexchange.com/q/227480/129883) – Fire Quacker Apr 15 '20 at 16:58
  • Yes, of course it is possible. A software may simply log anything and transmit the info once the VPN is active again. – Overmind Apr 22 '20 at 08:09

2 Answers2

0

It is my office laptop and we have softwares installed on it.

Software to monitor the activity on the system does not need a working network connection at all time. It is sufficient if the software logs information to the local disk and later these information can be collected.

But this does not say in any way that your employer is actually monitoring what you are doing when you've disconnected from the VPN nor that it is monitored what you are doing when being connected to the VPN. It only says that just being disconnected from the VPN does not make it impossible to monitor the activity.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

It really depends on what controls the organisation have in place on the endpoint and the network and how the VPN is set up. Without more information its hard to give you bespoke answer, so instead I will give you a general answer using a typical scenario. So as an example, web browsing can be monitored by a firewall, a web gateway, or some other on-prem security and/or network device.

When you connect to the VPN some or all your traffic may be routed via the VPN, so any routed traffic may be monitored by on prem devices, but if you can access the internet without being connected to the VPN then the traffic will be routed directly through your local network gateway, therefore not monitored by your organisation. Note: this does not mean that it isn’t being monitored in some capacity by whoever controls the local internet breakout. (Also note you could be connected to the VPN and general internet traffic may not be routed via the VPN, but directly via the local internet breakout, meaning that even when connected it is not being monitored.)

There are several controls that could be installed on your endpoint that could ‘monitor’ what you are doing. Typically, these will come in the form of client-side agents that report back to the server. It may be a requirement that the agents need to be connected to the VPN in order to report back any data that they are monitoring, although usually this data will be stored locally (up until a point) and then send it to the server when a connection is established.

The thing to be aware of however is that they may not need a VPN connection to report back any activity from your end point. It is not uncommon to have agents report back to a cloud based server directly over the internet without needing to connect to the organizations on-prem network. So say you have a SIEM agent collecting logs from your end point and/or a Next Gen Anti-Virus agent collecting a vast array of information directly from your end point, these can report back, in almost real time activity from your host to a cloud solution where it is being monitored either by technology and/or humans without the requirement of your VPN being connected.

TheJulyPlot
  • 7,669
  • 6
  • 30
  • 44