am i likely in trouble? web browsing over VPN when not work-related..

[waterbuck]

I use a mac 10.3 wireless-equipped laptop, with a cisco VPN client to log into my workplace Exchange server and see my email over Entourage, which is Mac's equivalent to Outlook client software.

My home internet connection is set up by a hard router that then sends the signal from the DSL modem to my computer via an Airport wireless transmitter (it doesn't function as the router in this system).

Generally to try to keep work and personal pursuits separate, I have one "user" for work and one "user" for home. Mac's permit one to switch between users. In my work user mode I activate the VPN client, check email, respond, and then shut down the VPN.

Yesterday I made the mistake of turning on the VPN client, checking email and then switching users without shutting down the VPN client.I browsed some websites I would just assume my workplace didn't know about.

When I returned to work stuff I realized the vpn client had been on "all along".

I dont know a lot abput VPN clients, but by checking the statistics tab I determined that "local LAN" was disabled, suggesting that all internet traffic might have been channelled through the workplace server. Is that likely?

Does the fact that I was online from a different "user" interface on the same machine alter that?

How likely is it that my workplace would have monitored the websites I checked.

The bonus question is, if I screwed up and there is some unclear likelihood of monitoring, should I fess up and talk to our Division IT director, tell him it won't happen again etc?

 

[moomoolade]

I don't know about your workplace, but being the IT Manager of mine I thought most companies monitored all internet useage. From what you have said it looks as though you might have used your workplace proxy/internet, and in that case it is more than likely they have logged your useage and when it comes to the weekly/monthly reports requested by IT Directors etc, your name will more than likely pop up. One thing I must stress is that if you haven't signed a company policy document outlining what is allowed and what is not in terms of internet access then you're in the clear if not...

 

[BarrySDCA]

A lot of VPNs are setup so that traffic not directed to the internal network will simply use your local gateway. If you have this kind of setup then you need not worry. If you're using the company proxy then you might have reason to be concerned.

 

[minxca]

Hi,

Don't worry, it wasn't your fault. The net admin should configure the VPN policy to force vpn users to use company gateway and block the internet request for vpn users.

 

[ladyvstar]

From your description of the local LAN disable, it sounds like you are using a Cisco based VPN client.

Either way, the question is whether or not your IT department has set your VPN up for split tunneling, which means, like BarrySDCA said before, that only your work subnet is captured and sent into the tunnel.

A simple way to find out it to perform a tracert (if you can on a MAC) to an Internet address while your VPN is running. Based on the results, you can tell if you've got split tunneling or not.

-LadyV

 

[tk808]

traceroute on a mac I believe...and yes, it does seem like your activity was logged.

However, maybe you should confront the IT dir/mgr so that he knows it wasn't intended. Was it non-work hours?

I guess you'll remember to always play it safe next time.