Home Network Internet traffic and corporate VPNs

[Toolkit1]

I am a home-office based business consultant who routinely connects to my client's VPNs for email access and for accessing shared directories, using two different laptops (Laptop A and Laptop B). Further, I have a third laptop (Laptop C) that I use for web surfing while working for both clients.

Laptop A is not a part of my "MSHOME" workgroup, but it can see Laptops B and C via my Network Conections over an open wireless connection/Linksys router. Laptops B & C are part of my MSHOME network, but they cannot see Laptop A.

Questions:
1) If I connect to Company A's VPN on Laptop A while Laptop B is connected to Company B's VPN, can a Sys Ad at Company A monitor my email/Skype chat/Web activities that I am engaging in for Company B? My concern is that the two comapnies are competitors...
2) Can either Company A or B monitor my personal email/Skype chat/Web traffic from Laptop C? This is the laptop that I use to prospect for additional clients, most of whom would be direct competitors to Comapny A and B.
3) Might anyone have any advice for protecting my privacy as a home-office based consultant who obviously needs to lok for new customers but who does not want to violate any non-competes that I have with my clients?

Thanks,
Toolkit1

 

[msworld]

This is good question. For security reason, many network administrators disable client's LAN sharing/accessing when establishing a VPN. If they don't, in your case, company A and B may be able to monitor each other including your system.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on

http://www.HowToNetworking.com

 

[Toolkit1]

Thanks Bob. I was not aware of that.

In looking at the VPN dialers in my Network Connections, I see under the Advanced tab that the "Allow other network users to connect through this computer's Internet connection" checkbox is not checked. This is the case in both VPN dialers that I have to tunnel into Company A and Company B from my respective laptops. Does this mean that LAN sharing/accessing is not enabled on my two laptops' VPN dialers? And specifically, does this mean that comapny A and B cannot monitor my activities?Thanks,
Toolkit1

 

[msworld]

I think it is more depending on how the VPN server setup. Try to ping each other after you connect to A and B.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on

http://www.HowToNetworking.com

 

[fs483]

I would suggest putting firewalls on each laptop that monitors both incoming and outgoing requests. Ideally each laptop would be on a different subnet but with home setups, it's gets pretty complicated. You would need multiple routers connected to one main switch which would be connected to the modem. To think of it, the low cost of having multiple routers outweights the problems if the admins see the traffic generated by the other laptops.

 

[John Lewis]

I really do not see a problem here. I am making the assumption that you are sharing your internet connection via your Linksys router. This being the case, all three of your laptops should have that router set as their default route. Short of some rather naughty tricks, neither company would be able to redirect internet traffic originating from the other two through the one that is connected to their VPN server. Thus, the answers to both 1 & 2 would be that there should not be a problem. If you are for some reason using one of your laptops to share the internet connection, the rules may change and you may have an issue.

An earlier reply notes that it is possible for a VPN admin to disable local LAN access and force all IP traffic throught the VPN. This certainly is true, but if this were your situation you would not have access to the resources on your other computers while connected to the VPN. Also, this option only effects the computer that is connected to the VPN server. Again, it simply is not possible for a remote VPN server to change the routing tables on computers not connected to it. It is worth noting, however, that your activity on a computer connected to a VPN server may be monitored from the server side under some circumstances.

Shared drives may be an issue if you have mapped a drives or folders between computers and then shared the mapped drives. This would effectivly cause your computer to act as a router and expose those resources across connections. Any resource that is shared on a computer that is connected to the VPN server would certainly be visible from the server side of the connection.

Your biggest risk here is human error. If you send an email to company A from a computer connected to Company B's VPN, company B may read the email. If you have files on a computer about company A, company B may gain access to those files if you connect that computer to company B's VPN. This is a hazard without the VPN connections (or computers, for that matter), you could just as easily put a letter to company A in an envelope addressed to company B.