So recently the IT department has tightened down the security where I work (a large University). I can no longer access the pc in my office from home with rdp. I can use the university vpn but whatever managed switches they are using are blocking rdp. I could apply for an exemption and they would allow me access but I was curious how bad an idea it would be to just leave my pc connected to my home network all the time. I have wireguard setup on a debian vm. The work pc is mine and no one else has access to it but me. Would this be unsafe for my home network?
A bad idea would be to connect to the office pc with rdp over the internet. Rdp is safe only over vpn. Since they offer a vpn solytion, you could use it when there is need to connect to the office pc.
RDP is encrypted but you should check on the level of encryption. Though I wouldn’t use RDP over the internet, you have a VPN connection, it most likely will have a higher level of encryption on it, if you are using OpenVPN with current ciphers then you will be ok.
@Spectre @neogrid I would never connect with rdp over the internet. That is not the question. The question is: Is it okay to leave my work pc connected to my home vpn all the time?
Doesn’t sound like a good idea whatsoever. Always use work equipment to connect to work networks.
I wouldn’t mix the two.
No one has any clue about your network, it may already be compromised.
It looks like controls have been put in place and you are now circumventing them, wouldn’t look good in front of a judge.
As to whether your home network is safe, well, how safe is it when not connected ?
@BretG57 other than wasting some bandwidth and cpu resources, I don’t see any other problem.
If you start the vpn connection from the office pc and the connection is dropped while you are at home, how will you re-establish it in order to connect to the office pc?
@Spectre That’s the point. I would need to leave it on all the time. I can’t think of any reason that it would be insecure unless someone had physical access to my pc but idk there could be some other reason why it’s bad.
I’m not worried about my home network posing a risk to the work network. I’m worried about the opposite. if my work pc is connected to my home vpn all the time wouldn’t it be isolated from the work network? Or can a threat there still pose a risk to my home network. The question is really hypothetical because the more I think about it, the more I think it is impractical anyway.
Right. There is always a risk.
If you haven’t already isolated your network then exposing your whole network to another untrusted network is a bad idea.
If I were in your position I would just create a vlan with a vm on it for work, isolate that vlan from the rest of the network and you have reduced/contained your risk.