[lug] tunneling from work

Nate Duehr nate at natetech.com
Fri Oct 24 00:42:22 MDT 2008 

On Oct 23, 2008, at 6:19 PM, karl horlen wrote:

> i always wondered if i tunneled via ssh back to my home computer  
> from work, would my employer (sysadmins) know specifically what i  
> was doing?
>
> 1) if the sysadmins have configured some kind of remote desktop to  
> my system, i imagine they can view anything i'm doing on my desktop  
> regardless of whether it's tunneled or not.

Yes.

> if so, is there any way to tell whether my sysadmins have installed  
> remote desktop or other remote viewing software on my system?  what  
> known apps are being used today for this? what common executables  
> might i look for to find out?

Not if they did it correctly.  How hard do you want to look?  :-)

(My employer's monitoring/automation software is right out in the  
open... sitting there running in the task tray, and not stoppable.   
They just make it clear it's right there, all the time.  Does it have  
keylogger capability?  Not sure.  It certainly does have remote  
desktop takeover/watching capabilities.  Do they have more features  
available to them than that?  Probably.)

> 2) if my employer was keylogging there wouldn't be any way around  
> privacy either.

Probably more important is their corporate policy.  You are likely  
putting your job at risk doing most "non-work" things on their  
computer, than any worry that they need/want your data from your home  
machine.  Even if their policy isn't written to be that far-reaching,  
it is almost certain to have a "zero expectation of privacy" clause in  
it for anything you do on their company-owned equipment or from their  
network.  Many policies also ban non-company-owned gear.

You'll have to decide for yourself if you'd rather have a job  
tomorrow, or tunnel to your house for something non-work-related...  
this is basically the risk you're taking in most larger organizations   
these days.

> 3) assuming my workplace admins do NOT implement any kind of remote  
> desktop software or keylogging, it would appear they could only  
> monitor the quantity of packets over the ssh connection and nothing  
> else.  the content would be completely encrypted.  and the packet  
> quantity would only be an issue if the sysadms took the time to set  
> up their firewall to monitor ssh packets and i'm not sure many would  
> bother.

Depends on a) How much they monitor, and b) How common SSH traffic is  
in your environment.  If you're the only guy sending SSH packets to  
some static IP address (which they can probably easily look up and see  
is a residential IP from whoever your service provider is, and if you  
have any public services like a webserver running on it, or have  
reverse DNS entries... they can probably figure out pretty easily it's  
yours, maybe...?)... you might be actually bringing attention to  
yourself, just by using SSH.

> does this sound correct?

Sure, why not?  :-)

> fwiw.  i'm not in any way planning on abusing the privilege to  
> tunnel.  i just want to know that if and when i tunnel home for  
> something that the information is private.

Probably true, as long as you're using SSH correctly.  (Watch out if  
some day you get a warning that the key changed... man-in-the-middle  
attacks in the form of "monitoring" are probably possible, if they're  
REALLY trying hard.)

Another point to make here... if you're tunneling and doing something  
like say, reading e-mail... if you're doing it on the command line,  
that's secure, but as soon as anything is cached by a more modern  
client to the hard disk of the machine, it's visible and able to be  
copied/captured by other software running on the machine itself.  Not  
too many (any?) modern mail clients encrypt the disk-based cache in  
the e-mail world, or browser worlds...

Generally... if someone wants to know what you're doing on their  
computer, they're going to figure it out.  If you become a mystery,  
you also become a target to be labeled as "not doing work" pretty  
easily in today's lovely work environments, where you're no longer  
represented by a "Personnel" department, you're just a "Human Resource".

A better solution might be... your own laptop and a wireless data  
card.  At least then you're not using ANY company resources other than  
time, and you can carefully only use your machine during breaks/lunch/ 
whatever time you would normally be allowed to not be working.  I know  
a number of people who use this "solution", and also know a few who  
work for security-conscious government contract companies who can't do  
either one.  (A wireless data card brought to their desk could be  
grounds for dismissal... but the stuff they work on probably deserves  
such protections.)

It's all about context... only you can determine what's appropriate  
for your particular situation.

--
Nate

More information about the LUG mailing list