VPN security

Ok Sup Forums, so I need to connect to my employer through VPN (Cisco specifically).

Everything works fine and all except I noticed the VPN client application sets up routing automatically based on a config sent from the VPN server.
Isn't this a huge security breach for my computer? I mean, one day they may send a config to route just the necessary, but the next time I connect I might be routing my whole porn searches through the company's VPN.
It's my personal computer by the way.

How do you guys go about it? Do you disable the auto-config and manually set the routes yourself? I can't even find an option on OpenConnect to not set up routes.

Run your client in a VM?

Work asset? Get some fucking self control and stop using it to browse porn. Personal asset? Take it up with IT.

How fucking practical, having to install my whole development environment again on a VM and maintaining it separately from my main machine.

>Personal asset? Take it up with IT.
Yes it's personal. What do you mean "take it up".

Raise your concerns with your IT helpdesk. It's their system, they should be able to explain how it works much better than the consumerist trash that lurks this board.

Agreed

>Raise your concerns with your IT helpdesk
>they should be able to explain

Nigga... I'm the only one who can assure protection for myself in this situation. If anyone on the chain of command is ill-intended, do you think me "raising my concern" will help in anyway? If anything it will raise their curiosity even more.

I don't know that point you're trying to make, but at the end of the day it's your machine, and you should not be risking the integrity of YOUR data under any circumstance. Work safe or not, if they cannot guarantee your private information, from your personal asset, is not being arbitrarily filtered through their network, then you need to shut YOUR machine off and request a dedicated work asset from your boss. If wanting to protect the integrity of data and traffic* on your machine raises flags with your bosses, well nigger, it's time to find a better employer (preferably one that is not so dirt poor that they force employees to use their private assets for work tasks)

* it also covers their arse, ensuring anything NSFW you do does not come up if they are audited

Good luck.

>preferably one that is not so dirt poor that they force employees to use their private assets for work tasks

No, it's the other way around, I asked to use my stuff instead of theirs. Why would I work with their half-assed computers if I have a high-end machine I can use at home much more comfortably?

I also think you're not understanding my problem. I'm asking from a networking technical point of view. Yes I can raise my concerns with them, but how is that different than sending an email to Microsoft raising my concerns about their privacy policies?

"Hey MS, don't peek on my stuff, ok? I can trust you right?"
It's obvious I need to take the precautions on my side. I don't have permission to audit my company's IT systems and see if they're not doing anything malicious.

My question is: Is manual routing enough?
I already blocked all incoming VPN connections, so I'm safe on that front.

You're a fucking idiot, routes are pushed via the SSL VPN configuration. They can't fucking static route your traffic from a porn site to their network. Also, why the hell do you think you'd even be able to change the networks you're allowed to access over the VPN? You're not an admin, just a faggot.

Why the fuck would you use your own equipment you massive retard, do you enjoy sucking down corporation cock?

Seperate your work and personal life. Either use a VM or get your company to provide you with a seperate laptop/computer.

I would have to second the idea of using a seperate machine.

The problem here isnt the technical aspect. It's you. Well more specifically your subconcious.

See, you could set it up in-browser on or your machine or your VPN that certain shit you do is work related and certain shit uses your own private internet connection.

The situation however will always require you to make that concious "okay Im using X connection, I can only perform X stuff on it, not Y stuff."

Murphys Law is just waiting with bated breath for you to fuck up.

Using a seperate machine will subconciously train you to associate certain computer behaviour with a certain machine.

>They can't fucking static route your traffic from a porn site to their network.
You mean their VPN config cannot push a route to redirect all 192.168.0.0 traffic to them? Why? I'm not a network specialist, but I think they can do this.

>why the hell do you think you'd even be able to change the networks you're allowed to access over the VPN
What the fuck are you talking about? I'm talking about the routing on MY machine. I'm not touching their network.

Why the fuck would I use a shitty ass 3.2Ghz dual-core with 6GB of RAM and a slow ass HDD random laptop if I can comfortably work on my 4.5Ghz quad-core with SSD and 32GB RAM for VMs and and other shit while I listen to my favorite music through a dedicated DAC on dual-monitor on my fucking comfortable main desk and chair?

>The situation however will always require you to make that concious "okay Im using X connection, I can only perform X stuff on it, not Y stuff."
The thing is, if I set the routes manually myself I can be assured that they will always be used that way automatically and that the VPN server cannot fuck me over by changing the config, since I set it manually. What I'm asking is if this is viable (specifically on OpenConnect).

>Murphy's Law is just waiting with bated breath for you to fuck up.

>They can't fucking static route your traffic from a porn site to their network.

Yes, they can? Have you really never heard of a VPN configuration that forces all traffic through the VPN interface?

A proper corporate vpn setup would route all traffic through the vpn. This way employees on public wifi won't leak anything.

A properly secure corporate environment would never allow you to connect a personal device. This would allow anyone with any device on the network.

>personal machine
first problem right there really. doesn't your company own everything you create on that machine now?

>Using personal electronics for work
Lol

Or in a sandbox