Good Evening, I am set to work in a remote location and the only access to the internet is via a coporate VPN. How vulnrable is my system whilst connected to their server and is all my web activity accessable such as login passwords/emails etc? How can i prevent or at least reduce the weaknesses in my system. Is running a VM and connecting to the VPN using the Virtual machine a safer option? Regards, 4Q
Your web activity over http and smtp (email) is visible to your employer. I would presume that passwords for most things go through https so they won't see anything except the ip address of the site you're accessing If you want privacy, which is very different from security in this case, don't use a company vpn I don't think that this is a case were VM's are of any use, that I can think of
Well, if he'll be using a device that the company has supplied or messed with, it may have installed "counterfeit" certificates that permit MitM -- for its security, of course Indeed He needs the company VPN to access its LAN, but not for straight Internet access. Well, he could run the company VPN on the host machine, and then run a commercial VPN service in a VM. In that VM, he would have private Internet access. The company would just see the VPN connection. He could add stunnel (AirVPN etc) or obfsproxy (iVPN) to at least somewhat hide the VPN.
If it's a company machine, which is more than likely here, there's a very solid chance that there's employee monitoring software on it. Trying to be private with a personal VPN in a VM is a bit of a pointless endeavour then and would just draw suspicion. If he needs privacy with that specific machine, a live CD would be the way to go, unless the employer put a keylogger in the computer (not unheard of). I would just use my own computer
Oh, looking at the title, he's asking about how secure his PC is while connected to the company VPN. I'd say that Internet stuff is secure, as long as he uses encrypted connections to remote servers (HTTPS, SSL/TLS, OTR etc).
Thanks everyone for the replies. I will be using my own personal machine as Mirimir has mentioned but also a Wifi connection to my phone. The connection speed is very weak which limits the option of running a connection thro AirVPN. A login to the network via an allocated password/username is given to each user. On my phone I will use Whatsapp and again my encrypted email via K9mail.
I guess the answer how secure your PC is will depend on what exactly you mean by security. As with any VPN, the entity running the VPN potentially has access to your web activity because they hold the decryption keys, except for https requests, which have their own encryption. Your connection will be secure, but not private or anonymous, at least not to your company.