[lug] tunneling from work
nate at natetech.com
Fri Oct 24 00:42:22 MDT 2008
On Oct 23, 2008, at 6:19 PM, karl horlen wrote:
> i always wondered if i tunneled via ssh back to my home computer
> from work, would my employer (sysadmins) know specifically what i
> was doing?
> 1) if the sysadmins have configured some kind of remote desktop to
> my system, i imagine they can view anything i'm doing on my desktop
> regardless of whether it's tunneled or not.
> if so, is there any way to tell whether my sysadmins have installed
> remote desktop or other remote viewing software on my system? what
> known apps are being used today for this? what common executables
> might i look for to find out?
Not if they did it correctly. How hard do you want to look? :-)
(My employer's monitoring/automation software is right out in the
open... sitting there running in the task tray, and not stoppable.
They just make it clear it's right there, all the time. Does it have
keylogger capability? Not sure. It certainly does have remote
desktop takeover/watching capabilities. Do they have more features
available to them than that? Probably.)
> 2) if my employer was keylogging there wouldn't be any way around
> privacy either.
Probably more important is their corporate policy. You are likely
putting your job at risk doing most "non-work" things on their
computer, than any worry that they need/want your data from your home
machine. Even if their policy isn't written to be that far-reaching,
it is almost certain to have a "zero expectation of privacy" clause in
it for anything you do on their company-owned equipment or from their
network. Many policies also ban non-company-owned gear.
You'll have to decide for yourself if you'd rather have a job
tomorrow, or tunnel to your house for something non-work-related...
this is basically the risk you're taking in most larger organizations
> 3) assuming my workplace admins do NOT implement any kind of remote
> desktop software or keylogging, it would appear they could only
> monitor the quantity of packets over the ssh connection and nothing
> else. the content would be completely encrypted. and the packet
> quantity would only be an issue if the sysadms took the time to set
> up their firewall to monitor ssh packets and i'm not sure many would
Depends on a) How much they monitor, and b) How common SSH traffic is
in your environment. If you're the only guy sending SSH packets to
some static IP address (which they can probably easily look up and see
is a residential IP from whoever your service provider is, and if you
have any public services like a webserver running on it, or have
reverse DNS entries... they can probably figure out pretty easily it's
yours, maybe...?)... you might be actually bringing attention to
yourself, just by using SSH.
> does this sound correct?
Sure, why not? :-)
> fwiw. i'm not in any way planning on abusing the privilege to
> tunnel. i just want to know that if and when i tunnel home for
> something that the information is private.
Probably true, as long as you're using SSH correctly. (Watch out if
some day you get a warning that the key changed... man-in-the-middle
attacks in the form of "monitoring" are probably possible, if they're
REALLY trying hard.)
Another point to make here... if you're tunneling and doing something
like say, reading e-mail... if you're doing it on the command line,
that's secure, but as soon as anything is cached by a more modern
client to the hard disk of the machine, it's visible and able to be
copied/captured by other software running on the machine itself. Not
too many (any?) modern mail clients encrypt the disk-based cache in
the e-mail world, or browser worlds...
Generally... if someone wants to know what you're doing on their
computer, they're going to figure it out. If you become a mystery,
you also become a target to be labeled as "not doing work" pretty
easily in today's lovely work environments, where you're no longer
represented by a "Personnel" department, you're just a "Human Resource".
A better solution might be... your own laptop and a wireless data
card. At least then you're not using ANY company resources other than
time, and you can carefully only use your machine during breaks/lunch/
whatever time you would normally be allowed to not be working. I know
a number of people who use this "solution", and also know a few who
work for security-conscious government contract companies who can't do
either one. (A wireless data card brought to their desk could be
grounds for dismissal... but the stuff they work on probably deserves
It's all about context... only you can determine what's appropriate
for your particular situation.
More information about the LUG