Mar 20, 2013

What do VPN logs reveal?

Outside of how long you are connected to the network ... I'm just wondering what other information Yahoo's Marissa Mayer got about telecommuting employees' activity via the VPN.

The telecommuting employees were using yahoo's own VPN server, so they could likely see as much data as they care to log. It's likely that a major tech company like Yahoo records every site accessed and possibly every program/protocol used while connected to the VPN.

At a minimum it will keep records of every yahoo asset on their intranet that employees accessed, and probably keep timestamps and data transfer records.

Checking VPN logs can prove useful in tracking down slacking employees, but that's only if employees are forced to use the VPN consistently and if supervisors or IT monitors those logs from time to time (such as when an unauthorized connection to China materializes). If no one is bothering to force employees to use the VPN or to peruse the logs once in a while, that company has more to worry about than unproductive workers; that company is setting itself up to be hacked.

This article might interest you.

How to Read Microsoft VPN Logs

"When you use the Microsoft RAS client to create a virtual private network, or VPN, between a client computer and a server or another computer, you can check the “Enable Logging” option to save log files with connection details and event errors for later analysis. These log files won’t be saved in the usual default location for Microsoft application log files, which is a folder named “Logfiles,” just off the system root directory. With the VPN client, you must use the Event Viewer to read Microsoft VPN logs."


Recent article here: 



Kind of common sense, but apparently to some folks, it's not: 


VPN logs alone are not enough to prove that people working from home are slacking off, because connecting to the company network is not the same thing as delivering results.


I would think that since telecommuting users were on Yahoo's remote access VPN, the company would be able to see everything just as if the employee was physically in the office and on Yahoo's network. The encrypted tunnel exists between the network access server and the individual's machine, but once the data stream reaches the NAS, it has fulfilled it's task of secure transmission and should then be unencrypted. If a telecommuting employee wanted to hide their activity from their employer, they should probably not count on their employer's VPN to do it.  

Answer this