How to login on my corporate network using a personal device

2

In my company we're under a domain name, everytime you boot windows you have to login.

Therefore when you try to get the Ethernet and connect it to a personal device, you can't.

We don't have wifi (yet) so I was wondering if there's a way to overcome this limitation and get internet on my Laptop.

The reason is I have a Linux-based machine with which I'd like to develop, and having internet would be helpful (going to github or finding solutions online etc)

I guess one solution would be using a usb2usb cable to share internet - kind of like a tethering thing? This way there would be also no risk for the corporate network, and I could get internet access to my personal device. enter image description here

George Katsanos

Posted 2013-03-07T10:42:08.947

Reputation: 403

7why not ask IT dept to allow you access onto the network. – ben950 – 2013-03-07T10:58:16.893

This would depend on how your cooporate network is setup. Since your network is a Active Domain Network you will be able to join the network without the help of your IT department. – Ramhound – 2013-03-07T11:10:33.797

1As ben950 says, why not ask the IT department? You mention using usb2usb so there would be no risk to the corporate network, but the IT department may have a procedure in place to allow what you want, without causing any disruption (security or otherwise) to their systems. They may even actively disallow it - certainly if I did it where I work, it would be a matter of hours before I was applying for jobseekers allowance. – icabod – 2013-03-07T11:19:17.477

1Asking the IT department really is the answer here. I'd note that there's a clear distinction between a domain name and 'active domain', or AD. I do believe you can legitimately connect a linux box to an AD, but I've not done it before. * – Journeyman Geek – 2013-03-07T14:15:02.033

updated my post with a printscreen. I believe it is an Active Directory, not a domain.. – George Katsanos – 2013-03-07T14:32:31.783

I don't think the IT department has any procedure setup for what I want... I don't know if its now allowed or simply there's no method setup so basically if you manage to do it yourself it's ok.. – George Katsanos – 2013-03-07T14:34:13.577

Answers

1

If your network is locked down to prevent unknown devices accessing it - which is what you describe - it is extremely unlikely that you will be allowed to tether another PC to your corporate PC!

Unfortunately, many organisations still persist in configuring networks so that only authorised computers can access them. By the way, this has nothing to do with having to log in to a Windows domain. It is down to the network infrastructure.

You could approach your IT department and ask them to set up an "Untrusted VLAN".

VLAN's are "Virtual LANS" and require smart switches that support them. Once configured, trusted, known computers will connect to a "trusted VLAN" and potentially get access to corporate services including print and file shares. Unknown devices would automatically go onto the untrusted VLAN and get all of their traffic routed straight to a network edge component - generally a filter or firewall - and then straight out to the Internet.

This does, of course, require some reasonable kit and configuration so many organisations don't bother.

As you've intimated, the alternative is to provide a "Guest Wi-Fi" to achieve a similar effect. Though this can also cause the organisation issues around corporate responsibility, especially in some countries that demand auditing and control of all Internet access.

A final alternative these days is to provide your own mobile Internet connection by tethering your mobile phone, 3G "dongle" or getting a "My-Fi" style device.

Julian Knight

Posted 2013-03-07T10:42:08.947

Reputation: 13 389

0

First, I'm providing this answer because it amuses me to do so, not because you should use it. In fact, doing what I mention here would, in many companies, get you fired or possibly criminally prosecuted, so please treat this as an exercise in theory only.

With that out of the way... find an unused but active network port. Plug in your linux machine, then set the network card to promiscuous mode to capture traffic. You're just looking for network level information here, not actual contents of traffic - figure out the network layout on that VLAN. That will give you a network address and subnet mask, then you can pick an IP in that subnet. You may have to try a few different IPs, as your first choice may already be in use. Or you could just ping the other machine off the network if you're feeling especially impatient. You may also need to take over an existing (read: pre-authorized) MAC address, if there is any MAC filtering going on. You'll most likely also need to set up the appropriate proxy information and authentication bits to actually get out past your web content filter, but by the time you get to that point, either you've proven it can be done and you're in the clear, or the IT manager is looking for you with a rather fierce scowl in his/her face.

John

Posted 2013-03-07T10:42:08.947

Reputation: 1 383

I don't know if I am going to do it but it's good to know how it can be done for educational purposes. I guess to do that I will need WireShark or something similar? I have the proxy IP userpass details as this is something we have to use in order to use the external web (internet) – George Katsanos – 2013-03-07T14:35:58.007

1Please don't do this. Unless you're part of a penetration test team and you have advance approval from IT (which seems unlikely). – John – 2013-03-07T15:05:54.837

Asked: 2013-03-07T10:42:08.947

Viewed: 3 211 times

Active: 2013-03-07T15:15:34.583