I've been connecting to my work computer via Cisco AnyConnect for the duration of the pandemic and I'm now concerned about privacy. Can a domain admin on the company network access my files or my PC remotely while I'm connected to the network? Can he/she install software without my knowledge on my personal PC? I'm on Windows Home and have file sharing turned off. Thanks.
Asked
Active
Viewed 173 times
-2
-
Do administrators have the capability to manage remote endpoints? I certainly hope so. – Greg Askew Aug 14 '21 at 11:49
-
If it's a company-owned machine they may have other remote access tools. Cisco AnyConnect does have some hook to inspect your machine before allowing you to connect to the network to make sure you aren't bringing in malware. – stark Aug 14 '21 at 12:04
-
It's not a company owned machine. It's my personal computer. I only installed AnyConnect on it and use it to connect to the company VPN. Using this configuration, once on the network, can they have access to my personal files? – George I. Aug 14 '21 at 12:07
-
Not directly; not because you've connected your machine to the corporate network. However it is probably possible in theory. You've installed the anyconnect client and it runs under the system account. As the configurations, settings, (options host-scans, etc) can be controlled by the endpoint to which you connect - that's part of the deal. If you want to connect to MY network, you abide by MY rules and that includes the fact that that I get to ensure appropriate anti-malware tools are installed, your machine is updated, and certain software is NOT installed. – Semicolon Aug 15 '21 at 03:00
-
@Semicolon So theoretically they can access my files and install software without me knowing even if I haven't enabled filesharing or granted any king of access? – George I. Aug 15 '21 at 07:43
-
If it were to happen it would only happen during the sign-on process. The most I’ve ever seen is a newer version of the AnyConnect client was auto-downloaded and installed - maybe also installing a trusted certificate to inspect web traffic. I’m not really sure what you’re trying to accomplish, but if you’re looking for corroboration that your employer may have maliciously installed software Willy-nilly on your personal machine to snoop on your private affairs, I think you’re barking up the wrong tree. – Semicolon Aug 15 '21 at 11:55
-
1For the record- you DID grant access. You installed the VPN client and allowed it to make necessary changes to your machine for the VPN to function. They are probably (if they even kept logs) able to determine what sites you likely visited while you were connected based upon your DNS queries, and with advanced web filters (if you weren’t setup with a split-tunnel) may even have inspected your web traffic (while connected) – Semicolon Aug 15 '21 at 12:05
1 Answers
0
The VPN link creates a direct connection between your computer and the company network - nothing more, nothing less. It does not create any kind of administrative access (unless you join the domain, install management software, or similar).
So, if you've properly protected your computer, there's nothing a company admin can do. However, if you've got empty passwords, anonymous shares, open ports without security, etc. then anyone in the company could exploit that (could likely exploit that, depending on how VPN clients are separated and possibly protected from the central network).
Zac67
- 8,639
- 2
- 10
- 28