Creating VPN Fortinet can be used to spy on or breach data

We have a user that their tech wants to creat a VPN Fortinet in his computer for the purpose of accessing the office server.  He usually used to use TeamViewer but this time the tech is gonna install some sort of VPN.  The concern the user has is his personal data in his computer if by creating the VPN it can have some sort of breach or that his activity can be monitor etc.  We have informed him that there is no way and the VPN is just to secure connection between his pc and the server (but since he has been reading all about these crybaby etc. and the tech of his office is outsource he wanted to be sure).  The said, is his concerned viable? What does setting a VPN between 2 computer technically consiste of?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
To some degree it's true. The FortiGate VPN policy determines which kind of traffic is allowed to flow between VPN client and network. Usually DNS queries are redirected via VPN and hence can get recorded (e.g. in the policy traffic log). I can't remember if you can change the DNS redirection easily, but you can do after connecting manually.
Ashok DewanFreelancerCommented:
Creating a VPN and giving him access to VPN is secure as data is unreadable for anyone.

when his pc will join to VPN then it's like tunnel,
Right your computer and my computer both are on internet. we have lot of devices in the middle such as modem, routers. What if your computer and my computer would be in same room, our computers would be in same LAN. Both would have same IP addresses.

But my computer would be secure because you don't know my computer's administrator password and my user's password.
VPN is tunnel which gives us facility like private network(LAN) secured from outside threat.

His computers is secured unless he gives his administrator OR user's password. Whatever traffic it is, it will go encrypted
rayluvsAuthor Commented:
Understood, the conexión is protected from PC to server.  Is it possible the connection via fortinetclient permit the tech at the server see the user local like files, pix, etc.? (The user concern is if the remote tech can view his files since he is also a user at the server - in other words if the user leaves the PC unattended, can the tech at the server access or view the local files of the PC?)
Are You Protected from Q3's Internet Threats?

Every quarter, WatchGuard's Threat Lab releases a security report that analyzes the top threat trends impacting companies around the world. For Q3, we saw that 6.8% of the top 100K websites use insecure SSL protocols. Read the full report to start protecting your business today!

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
The tech would need to have either admin access on the local machine, or know the (local!) account password. As it seems, there is nothing common in regard of accounts, and the tech can't gain access without performing active hacking.
rayluvsAuthor Commented:
The tech doesn’t have the password.  

So to understand, if the tech has the users password he can navigate to his local PC even though apps that the tech installed is a fortinet client to setup a VPN for the user to connect to the server?

Ashok DewanFreelancerCommented:
If I would user then I would have only concern, if tech person can access to my computer through network or not.'
Because I worked in large Corporate bank (organization) where I had administrator rights of my domain for troubleshooting purpose which could give access to any computer on same domain(and network) without notice of users. My user ID was member of RDP group and adminstrator group. I could easly access other's computer without being noticed by them. Thats why, user never put their personal data in C and D drive. they always put their data in their HOME drive which requires user's credentials.
other concern is hacking which near to impossible unless OS is not updated
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
It is indeed as simple as this: If the PC would be directly connected to the network, which privileges had the tech? With a VPN it is slightly different (more difficult) for the tech to try the same access.
So, if the tech does not have passwords, all they can get is what is sent over via VPN, and that means they might see some DNS queries if they try.
rayluvsAuthor Commented:
I thought that when one installed a  VPN, like the user FortiClient VPN, the purpose of the connection was one-way, that is the user PC to the server.  Based on what has been said here, if the tech has the user/password of the user he can connect from the server to the user computer.
rayluvsAuthor Commented:
Sorry what I meant was if connecting to a server using a VPN, then the “server” can have access to the connected computer (as long as it has the counters users/password)? (In other works reverse access since the purpose is to “PC >> Server” not “Server >>> PC” )
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
That is a common misunderstanding. A VPN connection can be bidirectional, e.g. for local printing from a server app. Usually it is one direction only, because this is the main purpose.

Whatsoever, even when using a VPN, both sides' firewall determines which kind of traffic can pass. You are able to block traffic from remote to local at any time.By default, the local Windows firewall blocks all incoming traffic.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rayluvsAuthor Commented:
Thank you very much! We are well instructed!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.