913

Why YSK: It appears several Lemmy Instances are flagged as suspicious and at least 1 instance intentionally using the name of ransomware. A couple of the big enterprise monitoring suites (Fortiguard, ZScaler) will flag your account and may end up with you being pulled into an office for an explanation, or worse.

TL;DR: Keep browsing to your local instance at work for now.

you are viewing a single comment's thread
view the rest of the comments
[-] aloeha@lemmy.world 2 points 1 year ago

Serious question: there isn't any tracking software installed on my work computer, and I use a VPN browser extension. Is it still possible for my employer to see what I'm doing?

[-] terraetos@lemmy.ml 15 points 1 year ago

I'm a systems admin. Last week, I had an employee using a VPN to try and hide their traffic. My monitoring software caught it. I couldn't see the traffic, but I could see it connected to a known Tor IP. My system saw the fishy connection and sent the alert. Just be careful and don't assume you're completely safe with the VPN.

It's best to assume your IT department can see everything you do, and keep personal stuff on personal devices.

[-] ludwig@lemmy.world 2 points 1 year ago

How could you see it was connected to a known tor IP? Would you not just see the IP of the VPN server and not the final destination?

And VPN servers are often flagged for all kinds of shit because some use them for tor or spam.

[-] Paradox@lemdro.id 3 points 1 year ago

I think he meant the VPN target was a known tor IP as well

[-] Car@lemmy.dbzer0.com 1 points 1 year ago* (last edited 1 year ago)

Yeah, it doesn't read very clear. I'm assuming they meant that the destination IP was for the VPN server and that some deep packet analysis determined that the encapsulated traffic was TOR-bound. Or it was a wild assumption that they were using TOR and they use it synonymously with VPN.

Either one of these events (unauthorized VPN or TOR connections) would be reason enough to look more into the employee's IT resource usage.

[-] terraetos@lemmy.ml 1 points 1 year ago

You've got it. I have an NDR I mirror packets to and it picked up the connection. I think the guy hit a Tor IP before connecting with NordVPN, but I do remember seeing the connection to Tor that sparked the alert, followed by the traffic to Nord. Either one of those things would have triggered an investigation into the user.

Forwarded that to my security team and washed my hands of it. Wish I knew why users pull stuff like that on company resources. If they just did it at home, I wouldn't care!

[-] havokdj@lemmy.world 0 points 1 year ago

Yeah that kinda sounds like FUD to me as well. He wouldn't see anything BUT the VPN.

[-] jagger1973@lemmy.world 6 points 1 year ago

Depending on the quality of your IT department; it's quite possible that tracking software could be on your work computer and you simply cannot detect it. And yes, corporate tracking can easily detect what you are doing even if you use a VPN. It's best if you simply use work computer for work only. Don't even check gmail on it. Don't even link your google account in your browser.

[-] Wander@yiffit.net 4 points 1 year ago

Depends on who owns the network as well and if you're connected to a corporate VPN. The rule of thumb is that you can't expect privacy if you're not the sole admin of that computer.

[-] DV8@lemmy.world 1 points 1 year ago

Security software isn't tracking software. It should be able to hook into every current semi popular browser without you being able to disable it.

On the other hand, allowing users who don't know the answer to the question you're asking to both install VPN software and allow them this kind of traffic is a compliance violation to begin with.

[-] pineapplelover@lemm.ee -2 points 1 year ago

If you use a vpn, I don't think they can see your traffic

[-] pianoplant@lemmy.world 1 points 1 year ago

Depends. They might have a proxy in the network config or DNS or any number of non-network based methods of logging and tracking.

this post was submitted on 02 Aug 2023
913 points (94.6% liked)

You Should Know

33018 readers
57 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS