I want to access an unrestricted desktop at home (preferably a docker novnc desktop container), from the very restricted office laptop/network.

The foundations are clear, started a docker container with novnc access published the porst, forwarded the required ports on my router, and i can access it from outside using my phone, or my own laptop, but can’t from the office.

The novnc landing page loads, but the connection to remote desktop fails, probably because the websockets connections are also blocked in office, so only the plain http(s) accesses are allowed (not even RDP is allowed).

(Not even dyndns providers are allowed, but i can note my current ip address in my phone :D )

Ofc i barely can install anything on office laptop, so i can create fe openvpn tunnel, etc…

Do you have some hints if it can be solved?

  • TootSweet@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    7
    ·
    8 months ago

    If you get caught, your professional life is over.

    That seems hyperbolic. Maybe your workplace is super draconian and will immediately fire you in such a case. But different employers have different cultures. Where I work, there are running jokes among the employees about how hard it is to get fired. One of the few cases of a firing we know of involved someone who was so passed-out drunk at his desk that he couldn’t be awoken. And that was after he was given multiple stern talkings to.

    I’ve seen people play WOW and Counter Strike on their office computers in the office in very visible areas.

    Lest you think “yeah, but no place where it’s that hard to get fired is going to have a locked down firewall” this is the same place where I had to make a special request to have http://portswigger.net/ , the official site of Burp Suite Pro, the web application security tool, unblocked so I could evaluate it’s suitability to replace the tool we were using previously. (From what I’ve seen, Burp Suite Pro is kindof the de facto tool for web app security among pen testers, or at least was at the time.) The reason given on the “this site is blocked” page the corporate proxy gave was because it had something to do with alcohol.

    In my time here, I’ve gone to lengths to curcumvent corporate firewalls multiple times. Both for personal aims and because it was necessary to do my job. I’ve never once been repremanded for it.

    OP knows their workplace. OP, be smart, but do if you can get away with it, go for it.

    • xmunk
      link
      fedilink
      arrow-up
      11
      arrow-down
      6
      ·
      8 months ago

      As someone in a rapidly corporatifying company I’d like to reinforce how insanely hyperbolic that statement was. These rules don’t exist for security reasons, they exist for contractual issues - rules will often be arbitrary and decrease effective security by requiring frequent elevation or encouraging weak credentials.

      OP, do what you think is going to help you work most effectively - if you’re using your work machine’s tunnel to run torrents over your employer’s VPN or look at nekked ladies then you’ll be sacked if you get found out - if you’re tunneling because your employer is a Microsoft shop and won’t let you install vim then your manager (if they don’t suck) will defend you if you’re discovered.

      Even if you get fired for working around the company firewalls it’ll almost certainly be without cause (so EI/severance will apply) and it won’t be career ending - nobody smart cares about this bullshit.