My manager said he doesn’t care where I work from, as long as it’s in the US. So that’s not an issue. But I still am
Curious if and when they can see the different WiFi’s we get on?
They can see the IP you’re connecting from, which based on registration info, can give a general area
The VPN is set up and maintained by your company to encrypt traffic between your machine and your company’s data from outside the tunnel. Essentially a VPN is a tunnel that has two gates and requires a key to open either side that only you and your employer have. Your employer can see all the data/packets that’s flowing between the company network and your laptop but that’s about it.
Whether or not your manager asks IT for that data is unknown but your manager is correct in stating only work can be done stateside. There are privacy regulations and standards that involve IP, PII/PHI, etc that are breached if you’re doing US work in another country. I’ve done consulting for my cousin who needed to see if her employee was doing work within the states and she was not.
I can tell you this from the perspective of a security analyst: We review your sign-in logs, what device you utilized, from which IP, country etc. Depending on the country I may give you a pass if I can find information in open sources verifying your reason for being in the country.
Use of VPN’s that are not approved almost always result in a ticket. If you use something like NordVPN or one of the famous ones, I may also give you a pass to avoid issuing a ticket to the customer, which will then reach out to you.
Other colleagues are far more strict and just issue tickets like their life depended on it, as a preventive measure.
The short answer is that we can see the IP you’re connecting from and it’s relative geo location.
The longer answer is that some companies run software that allows them to see more detail.
I can see everything on my work devices. We don’t necessarily have this software for spying on employees, though. My use case is to gather network quality statistics so when a user calls go say “my connection to the server is slow” I can trace that network connection and determine if it’s because the user has a poor wifi connection, bad Internet connection from their Internet provider, VPN issues, all the way up to our servers network.
Your company can see the internet provider IP address your computer is using to connect to the internet whether you are using a VPN or not. There are IP location services that most larger companies use to identify the location all their remote employee traffic is coming from. It is common for companies to block employee traffic from countries or locations they do not expect their employees to be connecting from or to have alerts if someone from an unexpected location tries to log in.
I work in I.T. and manage our firewall and vpn. We block all but USA and Canada. We allow out of country connections but only for the time of travel and the specific country.
There should be a company policy, not just a boss saying “I don’t care except…”
That being said, the VPN probably doesn’t capture that but if you have customizable security software, it may. Like Trend, Symantec, Check Point. There are many others. There are also specific softwares to track keystrokes and a ton of other information with the computer. You would have to determine if anything like that is installed.
One way to circumvent the Wi-Fi name is to buy a travel router, name the connection the same as home. They are designed to connect to a WiFi while traveling where you may only be allowed one device but it can also be used to connect to a familiar names WiFi without reconfigureing all your devices. I use one in my camper, it’s the same name and password as home so all our devices connect as if I were at home.
I’m supposed to work in the USA only, but I’m currently in the Philippines.
My job doesn’t know, I have a Starlink for internet and it shows my IP/Location as San Francisco.
They know your location. If you are visiting any other country you need to seek clearance.
So if your work lets you change your vpn to different zones, would they know?
I’m assuming that you’re referring to the employer-configured VPN for accessing company resources. In that case, the info that the VPN endpoint (on the employer-side) will get from the connection itself will be the IP that you are supposed to be coming from, aswell as your user details.
However, most VPN clients provide additional levels of authentication and validation (to make sure that you’re not connecting something nefarious to their network), so may also pass along any and all details of your system, from patch level, AV, any and all network interface details (including your actual IP address, local address, and anything else that might be connected), any connected devices (cameras, storage devices, keyboards, etc.).
As a good rule of thumb, if the device belongs to your employer, assume that they either can or do know everything about it. If it’s your device that’s connectring to their network, then largely assume the same thing.
You’re worried about the wrong thing. While some VPN solutions might provide that level of logging for administrators, it’s also highly likely your administrator isn’t logging it there. HOWEVER, the endpoint monitoring agent deployed to your laptop knows everything, and I mean everything. WiFi network, IP address locally, logins, time on, apps running, etc.
It isn’t just VPN you should think about. We have Conditional access polices that restrict users access to SaaS and other resources to an employees home country among other things.
You don’t necessarily need to be on VPN for these polices to trigger.
Some of the polices we have are restrictions and some generate alerts.
VPNs do not giv information about that, however other management systems can tell what wireless networks and endpoint connects to.
Depends. One instance it would show up is when a company is tracking logins for a user and the IP address associated with the login occurrence. Alarm bells could go off if the company has conditional access policies that block a login if the travel distance is impossible given the time frame.
For instance, you log into your work account from California, and you connect to a VPN that changes your login location to Australia. That would block your ability login and send an alert to the administrator.
They can see the end point of the VPN, but not the beginning where you actually login from
This and there are known IPs connected to VPN apps like Nord etc.
OP you can just do what I do and tunnel into my home IP address from abroad using two routers.
May I ask what made them suspect she wasn’t?
u/Brohammad_ : Is remote work typically allowed in US territories, such as Guam or Puerto Rico?
You manually review the logs? Or it’s automated and then manually review if something is flagged out of the norm?