cybersecurity

4778 readers

4 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

How well can an employer be certain of a remote employee's geographical location? (lemmy.ml)

submitted 1 year ago by maegul@lemmy.ml to c/cybersecurity

19 comments fedilink hide all child comments

FWIW, this isn't to do with me personally at all, I'm not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn't know enough about this (as an infosec noob)

Presuming:

an employer provides the employee with their laptop
with security software installed that enables snooping and wiping etc and,
said employer does not want their employee to work remotely from within some undesirable geographical locations

How hard would it be for the employee to fool their employer and work from an undesirable location?

I personally figured that it's rather plausible. Use a personal VPN configured on a personal router and then manually switch off wifi, bluetooth and automatic time zone detection. I'd presume latency analysis could be used to some extent?? But also figure two VPNs, where the second one is that provided by/for the employer, would disrupt that enough depending on the geographies involved?

What else could be done on the laptop itself? Surreptitiously turn on wiki and scan? Can there be secret GPSs? Genuinely curious!

you are viewing a single comment's thread
view the rest of the comments

[–] thirteene@lemmy.world 4 points 1 year ago

Skimmed most of the thread and there are a lot of guesses, the actual answer is presumably impossible given the parameters. Asset management tracking software is pretty much permanent tracking these days, screen idle time, keystrokes per minute, application focus tracking. A lot of higher end devices have gps chips in them by default, your works VPN reports it's trace route so it will have general geographic location. Microsoft and Google cooperate accounts even offer remote hard drive wipes to protect company secrets, regardless of the location. My work gets reports of where people connect from as part of the RTO policy. We had someone working from their parents house for a few weeks and got emailed by HR asking why they were logging in from an unapproved area. Most places can pull this data, but not all of them act on it.