cross-posted from: https://lemmy.ml/post/15178977
FWIW, this isn’t to do with me personally at all, I’m not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn’t know enough about this (as an infosec noob)
Presuming:
- an employer provides the employee with their laptop
- with security software installed that enables snooping and wiping etc and,
- said employer does not want their employee to work remotely from within some undesirable geographical locations
How hard would it be for the employee to fool their employer and work from an undesirable location?
I personally figured that it’s rather plausible. Use a personal VPN configured on a personal router and then manually switch off wifi, bluetooth and automatic time zone detection. I’d presume latency analysis could be used to some extent?? But also figure two VPNs, where the second one is that provided by/for the employer, would disrupt that enough depending on the geographies involved?
What else could be done on the laptop itself? Surreptitiously turn on wiki and scan? Can there be secret GPSs? Genuinely curious!
I suspect that if you connected to your work vpn from a personal VPN IP address that may raise some questions. “Dave keeps connecting from inside Amazons data center, thats weird”.
Turning on wifi to scan would be trivial technically. Hidden GPS maybe, but its more likely that they would just have an overt GPS module if they cared.
A wired in airtag or similar would probably be doable, and wouldnt be visible to the OS.
Latency analysis would probably be quite tricky. If you had starlink or dialup your latency would be pretty bad to begin with.
Realistically, if the employer was concerned about company data leaving the country they wouldnt be allowing WFH at all.
Yeah, traffic coming from an ASN that isn’t assigned to a residential ISP would be a pretty good sign of shenanigans
A lot of times the concern is less the location and more deviations from normal behavior. Geo location is something of a mixed bag. The local IP via an external lookup isn’t particularly reliable if someone happens to use VPNs at home, or locating it several miles away when ISPs cover whole regions. Combine it with a system similar to how Google maps known WiFi hotspots as an alternate location marker and you can get a lot more reliable.
If someone logs in outside their normal hours and shows up from halfway across the globe an hour later you can bet it’s going to raise some alarms, or at least it should.
Some things it becomes a case of contractual needs. A lot of government work comes with a requirement it be performed by someone within a certain country.
