How to protect your core network traffic when servicing via Remote Desktop which requires VPN

Hi,

We give remote financial support (via RDP) to various clients, colleagues and partners.  Recently, we were required by a partner to use a VPN they setup in order to connect to their computer.  We had a concerned due to the nature of VPN regarding traffic at our end (which was answered, see EE question for detail).  

We understand that when we connect to a partners computer using their VPN, their admin can view all the network traffic in our computer; besides the the traffic regarding our support to them, but also whatever internet navigation, or computers locally navigated to, etc.   Our question now is, if possible, How to protect our core network traffic, (the non-partner-support traffic)?
rayluvsAsked:
Who is Participating?
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
One clarification, regarding your question. I tried to clear that out in your previous question.

The only traffic that they will see is the traffic that is sent into the vpn tunnel. If the vpn client is configured for "split VPN" they will not see your internet traffic.

You need to find out what traffic is sent into the VPN. It is only *that* traffic that can be seen by the partner.
1
 
rayluvsAuthor Commented:
We don’t have to find out what traffic it is.  We know the traffic that is sent.  As indicated in our question, we connect with their VPN (FortiClient apps) using our RDP.  And since we are connecting to their their computer remotely, everything seen at our end is what is being used at their computer.

You say ‘If the vpn client is configured for "split VPN" they will not see your internet traffic’.  Are you referring to the FortiClient we installed here?
0
 
masnrockCommented:
You say ‘If the vpn client is configured for "split VPN" they will not see your internet traffic’.  Are you referring to the FortiClient we installed here?

Yes. Ask the client whether or not split tunneling is being utilized (or allowed) for the VPN. That basically answers whether they might be able to see any traffic from your computer that isn't related to the support you're providing to the one system. If the answer is yes, then you have no issue. If the answer is no and they're not willing to be flexible, you need to find a solution other than RDP for remote access. And that is something you should be doing anyway.

Depending on the exact type of support you are providing, you could use something like LogMeIn Rescue or Bomgar instead. Those dont require firewall changes and are more secure, and are less prone go set off red flags with IT departments.
1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Aaron TomoskySD-WAN SimplifiedCommented:
Agree with masnrock, vpn and rdp is not greg best way to provide support for clients. Screenconnect, teamviewer, and all the other tools already listed are made for exactly this use
0
 
rayluvsAuthor Commented:
Hi,

Thanx for the info.

Understood, ask the client whether or not split tunneling is being utilized - they can always answer “yes”.

Is there a way for me to know if "split VPN" is being used without asking?
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
With vpn *not* connected verify your public ip with a _"what's my ip"-site such as my ip.dk. Then connect vpn and do the same check again. If same ip, split tunnel. If another ip, full tunnel.
0
 
rayluvsAuthor Commented:
thanx will ry
1
 
rayluvsAuthor Commented:
Yes they are the same.

So to recap,

  • The question placed here is concerning protecting my end, my LAN, my computer when using this fortinet VPN connection; that is, when connected to the VPN, we don't want the remote site admin to access our computer or LAN
  • We connected to remote sites requiring us to use fortinet VPN and RDP to connect.
  • What we do is connect, use their ERP apps, assist and disconnect when done, nothing else.
  • I ran the recommended steps of checking my ip address when connected and when not-connected to the remote VPN, in order to check if "split tunnel" or "full tunnel" - the IP is always the same.


The above said, is my computer/LAN protected from the remote site?


Please note, wanted to compare Before/After VPN connection established
BEFORE (runing fortinet VPN)
-------------------------------------------------
IPv4 Address. . . . . . . . . . . : 192.168.1.121
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

AFTER (establishing VPN connection)
-------------------------------------------------
IPv4 Address. . . . . . . . . . . : 192.168.1.121
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
IPv4 Address. . . . . . . . . . . : 10.212.xxx.200
Subnet Mask . . . . . . . . . . . : 255.255.255.255

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.