Before anyone asks, I did google this and while I think I know the answer I just want to confirm as most of the sites I got back weren’t clear.
I’m inside one network (A) and I establish a VPN to a second network (B). If A has traffic monitoring tools, does it see my connection as only to B or can it see that I’m actually going to site C?
For example, I work for Widgets, Inc which carefully monitors internet use, but allows me to VPN to home. Can I use that VPN to submit my resume to Gadgets and leave Widgets none the wiser?
Short answer, I think they might be able to, but I’m not sure.
At work, I keep my private life seperate from my work accounts… except the dope, I browse that at work, to the detrement of my productivity… sometimes…
Are you saying you get to work, and access your home PC and then run Internet Explorer (on your home PC’s desktop) remotely, and use that to submit a resume?
It might work, but the resume will have to be on that home PC for uploading to “Gadgets Inc.”.
If you try to push the resume from your work PC directly to “Gadgets Inc.” (even if your using the I.E. on the home PC), I think the VPN will detect it.
But why take the risk? Submit your resume when you get home at the end of the day.
Or, you might fax it from Kinko’s or some such, if it needs to go “NOW, MISTER!”.
By the way. There are a lot of companies that frown on using thier assets (the computer, copier, and fax machines) to look for your next job…
Assuming you’re talking about a client-to-site VPN connection (sounds like it), then the traffic is encrypted before it leaves your PC. Network A’s administrators would be able to tell that you are establishing a VPN to B, but wouldn’t be able to decipher the traffic.
But in order to then connect to C, the VPN client software on your PC would have to know to route that traffic to the VPN first, and when it arrived at B the VPN gateway there would have to know to send it out to C. How and whether this would work would depend on what VPN software you were using.
Standard Windows network connection stuff, nothing special. And, yes, you’ve nailed the heart of the question, once I’ve established the connection, do my packets got to B, out to C, and return back through B in such a way that A has no idea C got visited.
For the others, the resume thing was truly a hypothetical. If I was doing that, I’d probably email via hotmail or something.
It depends if the gateway from the LAN to the internet employs a proxy server, or just does NAT.
If a proxy server, then it can establish one SSL connection to the VPN, and a second SSL connection to the client. So non-encrypted data is available to the server, and to those who have access to it. In cryptographic terms a “man in the middle attack.”
Not entirely sure how proxy servers or SSL relate to the OP. Also, a man-in-the-middle attack is where the people at both ends unwittingly communicate with an eavesdropper believing him to be the person at the other end. What you’re describing sounds more like communication via a known intermediary.
You can find out using traceroute (tracert on XP).
You are on network A -
ipconfig tells you that your ip address is 10.0.1.100 with a gateway of 10.0.1.1.
Your VPN connects to 80.1.1.250 (your external home endpoint) and gives you an additional address of 192.168.1.200 with a gateway of 192.168.1.1 (your internal home endpoint).
the first line of tracert will tell you what interface has been used for the first hop 1. 1ms 2ms 2ms 10.0.1.1 indicates that the default route uses the work gateway, and that they will see what you are doing.
1. 1ms 2ms 2ms 192.168.1.1 indicated that the VPN has overridden the default route and all traffic is going via your home connection and is encrypted.
But… even if your default route is via VPN, your web browser may have a proxy set to the work internal proxy, so all web browsing will be via that. If you want your browsing to be safe you need to have a proxy on your home system and set your browser to use that (or use a portable browser set up to use the home connection).
This depends on the software used. For instance, we just got a warning from work that the security folks were seeing P2P activity from people VPNing in.
In general, I suggest you make a VPN connection to your home PC then remotely controlling your home PC from the work PC via RDP or VNC or something. And you email your resume from your home PC.
I don’t know your level of knowledge, forgive me if I seem to be talking down to you, regardless it will be helpful to some trying to follow this thread.
VPN uses SSL (secure sockets layer) to encrypt traffic over a public network. Anytime you are browsing a site and see uses https: in the address bar, rather than http:, you have a SSL connection…which is secure UNLESS you are connected to the internet through a proxy server.
OP is inside network A, which sounds like a corporate environment that controls/monitors internet traffic. It is common in such environments for all internet traffic to go through a proxy server. When connecting to a secure site, the proxy server can establish its own secure connection, decrypting traffic, and either passing it to the LAN client as plain text, or establishing a second secure connection between the proxy server and the client. The OP states that he is allowed to connect from network A to outside networks via VPN tunneling. Since traffic is monitored on network A, and allowing a single SSL connection from OP’s computer to the outside network would totally defeat this, it is highly probable that network A incorporates a proxy server that closes this loophole, by inserting itself as a “man in the middle” for all SSL connections. Not to do so would allow any half-savvy employee to send sensitive data to a competitor, download pron, or, heaven forbid, read the SDMB at will.
While not an unknown entity to the corporate IT department, a proxy server is an intermediary. Network B’s VPN port has no way of knowing that it is connected to Network A’s proxy server rather than the end client, and if a naive user on Network A doesn’t know how to decipher the security certificates, then he may be unaware that the secure connection is NOT to Network B’s VPN, but only to Network A’s proxy server.
The OP is using Microsoft VPN software, not a SSL VPN. If you’re talking about site A using an SSL proxy, it seems unlikely that all traffic would go through that proxy.
If the OP is specifically talking about web browsing, then si_blakely’s final comment applies. I had assumed that by “submit my resume to Gadgets” he/she meant via email.
