3

I occasionally work from home. I have a work laptop that I bring home and connect to my company's network using my home WiFi (I assume it has its own direct connection). I also have my personal computer and my phone nearby, which also use my home WiFi but have nothing to do with my company's network. I use a browser-level VPN on my personal computer.

Will my employer be able to see what I'm doing on my home computer? I know better than to browse the Internet on my work laptop. The only shared thing between them is the use of my home WiFi.

Edit: I have my home network configured as "Public" so network discovery and file sharing are turned off, but I don't know if even that's entirely foolproof in this day and age.

Kalikori101
  • 31
  • 1
  • 1
  • 5
  • 1
    Possible duplicate of [Can my employer see what I do on the internet when I am connected to the company network?](https://security.stackexchange.com/questions/142803/can-my-employer-see-what-i-do-on-the-internet-when-i-am-connected-to-the-company) – Chenmunka Sep 26 '19 at 17:12
  • It would help to clarify how exactly you connect to your company's network. You say you connect "using your home WiFi", but that doesn't quite make sense. Have you setup a VPN connection at your router level that funnels all traffic from your home network to your company's network? Or are you just connecting to your company's network via a VPN from your work computer? – Conor Mancone Sep 26 '19 at 18:32
  • I'll try to explain. When I'm working from home, both computers are connected to my WiFi. The company computer then connects up to the company network, and it's set up to do that on its own so I think it must have its own VPN. As far as I can tell, my home computer doesn't connect to the company's network, and there's no VPN at the router level. – Kalikori101 Sep 26 '19 at 19:31
  • I suggest you install [teramind][1] on the employee's laptop. I also suggest you first inquire from your employee, if he or her is fine with it. [1]: https://www.teramind.co/solutions/employee-monitoring-software – Arnoldkk Aug 25 '22 at 13:15

3 Answers3

4

They would have very limited visibility even if they went out of their way to configure it; on top of that, I would not expect them to do so.

They could scan your network and identify devices by IP and host name; a good scanner will often identify OS as well. Active measures of this sort are (a) detectable and (b) highly uncommon on user workstations. Restrictive firewall rules may limit detection, but Windows was discoverable on the public profile by default the last time I checked---just the machine itself, though, not details like shares/applications/services.

If they put their NIC into promiscuous mode, they could listen to any broadcast traffic on the network. Windows devices in particular are noisy, and if your router and computers are configured for DHCP then they could find everything eventually.

In a highly unlikely scenario, their system could run a rogue DHCP server that attempts to route all network traffic through their workstation by presenting itself as the network gateway. This is (a) extremely impractical, (b) unreliable, and (c) detectable. With browser-level VPN, they would be unable to see what you are browsing or downloading even in this extreme scenario. Depending on how your VPN handles DNS queries, they might be able to identify the domain. I.e., your browser must resolve security.stackexchange.com in order to load this page, and DNS resolution is typically handled by the OS. If your VPN traps that DNS query and resolves it over the VPN, then the security.stackexchange.com name would not even be visible.

In the end, it is extremely unlikely that they would see anything significant on your network. If your Windows machines are running default settings, there are some neighborhood discovery protocols that will touch the work machine, and incoming communications are often logged. However, these limited probes reveal very little (typically IP, OS, host name, and workgroup name). Unless you have a specific reason to be suspicious of their intentions, you probably don't need to worry. The level of effort required to snoop effectively is generally a deterrent, and that doesn't even consider the possible legal and PR issues.

DoubleD
  • 3,882
  • 1
  • 6
  • 14
2

There are two underlying different questions here.

  1. What is technically possible from the work laptop.

    The laptop could host some attack kits that scan the other hosts on the network for possible vulnerabilities, or scan the network activity. The former attack could have almost unlimited possibilities - in fact the limitation is just how secure is you home desktop. The latter is easier but far less invasive: if you use a VPN, the attacker will only know what VPN you use, and will have to rely on heuristics to try to guess the actual activity.

  2. What an employer is allowed to to

    On most countries, the employer is only allowed to control what you do with their devices. For security reasons, the administrator may log the full activity, have general indicators showing abnormal uses and in that case go deeper in the log analyzis. But scanning the activity on an external network would be an illegal attack. So except if you work in an uncommon country (China, Russia, and few others), or work for a special employer (national security agencies) it is unlikely that kits like that are installed on your work laptop.

    That being said, the real question is how much do you trust your employer and your administrator to only do normal things.

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
1

If your employer installed some sniffer software on your work laptop, which intercepts all possible packets, then it can monitor what is happening in your home network. The results can be sent from your work laptop to employer directly via network or later on, when you are in your employers network.

If you don't trust your employer and want to be sure that the traffic from your home PC remains private, create a separate WiFi for your work laptop. Of course it is possible if your router supports that. But nowdays even simple routers have such feature like guest network.

mentallurg
  • 10,256
  • 5
  • 28
  • 44