Netgear 6100 for Home use, new work PC seeing all my network media !!

_Rick

Hi,
I have the Netgear 6100 for home, and now I have a new work pc that use VPN for my compagny.
All work fine, just that from work PC, I can see in Google Chrome my Nvidia Shield playing radio music...
I dont't like that my work compagny can see what I listen or watch from my NVidia Shield.

I need to know how to isolate that work PC to not see any other device on the same LAN.

Any guidance is apreciated.

Richard.

the other

@_Rick hey there,
Why is your work pc on the (home) lan then?
You could either use another interface, configured as lan2 or worklan. Then add rules for that interface to allow internet and/or your work vpn.
Or use vlans and a vlan capable switch...

stephenw10

I assume you mean a Netgate 6100?

If you don't want clients to be able to 'see' each other you need to put them on different subnets/interfaces.

Steve

Gblenn

@_Rick said in Netgear 6100 for Home use, new work PC seeing all my network media !!:

All work fine, just that from work PC, I can see in Google Chrome my Nvidia Shield playing radio music...
I dont't like that my work compagny can see what I listen or watch from my NVidia Shield.

What do you mean that you can "see in Google Chrome my Nvidia Shield playing radio music..." ?

If you are logged into a device, of course you can see what's going on there... But on an encrypted site, typically only you can see what is on the screen. So even if you are logged in on Nvidia Shield from your work PC, your employer wouldn't be able to know what you are doing... Other than that you are in fact connected to it. And if they tried to look further, by some man in the middle tricks, I'm pretty sure it would be a serious violation of privacy...

But, I don't think your company has any interest looking at anything else than what is going on with your work PC. To that end they might block certain apps or services from being installed. And you have VPN for traffic going to and from work LAN. Where it's likely only traffic destined for your corporate network that goes through the tunnel and any web browsing is going directly out your own network.

But there is no way for your work PC to look at any other traffic than what passes through it's NIC. Which is only the traffic intended for your work PC, unless you have it connected to e.g. a mirrored port on a switch or something...

On top of that, all streaming services like those you might use on your shield, are encrypted. So even if you had your Nvidia Shield connecting through your work PC, there is no way to see the actualy traffic and know more than possibly there is an active stream...

_Rick

@the-other Hi,
thank you for your response, yes it is a Netgate 6100 and I know about the other LAN ports, in this case I can't change it until next year renovation.

I think the VLan capable switch would me my solution for now.

I knew all this before I sent the question and I'm very new to PFSense and follow documentations.

Thank you for your answer, have a good one.
Richard.

_Rick

@Gblenn Hi,
yes, when I'm in the work PC, when I open the Chrome I got this in upper right:

If I click on it:

So it is clear that Chrome has access to my local (Same LAN) access to all the devices informations.

In any case, thank you, I'll get a VLan switch and it will isolate that one.

Have a good one.
Richard.

stephenw10

If you have a Netgate 6100 you could just connect that PC to one of the other ports. Set that up as an isolated subnet.

Gblenn

@_Rick said in Netgear 6100 for Home use, new work PC seeing all my network media !!:

@Gblenn Hi,
yes, when I'm in the work PC, when I open the Chrome I got this in upper right:

If I click on it:

So it is clear that Chrome has access to my local (Same LAN) access to all the devices informations.

In any case, thank you, I'll get a VLan switch and it will isolate that one.

Have a good one.
Richard.

You are casting from your Shield aren't you? Cast is a Google Chrome application so Chrome is not having " access to local (Same LAN) access to all the devices informations.". You are simply seeing what the Cast Application is doing in your network. If you were to stream Netflix or play a game on that same Shield, you would not see that in Chrome, or any other browser or application...

However, no other person or application can see what you are seeing on the screen, unless they have eyes on that same screen...

A super simple solution would be to just use a different browser on your work PC... Anyone that doesn't have Google Cast as an extension.

But if you want, on your work PC go to chrome://flags/ and disable these cast related functions.

• Global Media Controls for Cast start/stop
• Load Media Router Component Extension
• Cast Media Route Provider

Possibly the first one is enough... Restart your browser and you should no longer be able to use cast on that browser.

_Rick

Hi @Gblenn
thank you for the information, I knew this before, it just my company use Microsoft Teams to "more or less" see if we, as employees, are really working or not at home.
I know Teams can listen to the microphone and open up the camera work PC and I did find out they review the movement of the mouse and what is keyed on the keyboard.

I'm not sure how far they go on their side to search, but it is scary a bit that I know my company can do that.

In any case, if I see on Chrome work pc, that use VPN, my Shield on the same Lan, they can definitly scan for other things.
That is what I want to eliminate, so I'm searching for a VLan Switch next week.

The other 3 lans are for other security camera, domotic and media stuff and I can't change it now.

For the Chrome options, I cannot change it as it is adminstrated by my company too.

Thank you for your review, have a good one.
Richard.

_Rick

Hi @stephenw10,
your right, and I knew this before asking the question, the other 3 lans are for other security camera, domotic and media stuff and I can't change it now.

I'm getting a new VLan switch next week and until i can isolate the work pc, that should owrk fine.

Thank you again, have a good one.
Richard.

stephenw10

You are using both WAN ports already too?

Otherwise, yes, a VLAN capable switch will allow you to add more subnets.

Gblenn

@_Rick said in Netgear 6100 for Home use, new work PC seeing all my network media !!:

Hi @Gblenn
thank you for the information, I knew this before, it just my company use Microsoft Teams to "more or less" see if we, as employees, are really working or not at home.
I know Teams can listen to the microphone and open up the camera work PC and I did find out they review the movement of the mouse and what is keyed on the keyboard.

I'm not sure how far they go on their side to search, but it is scary a bit that I know my company can do that.

In any case, if I see on Chrome work pc, that use VPN, my Shield on the same Lan, they can definitly scan for other things.
That is what I want to eliminate, so I'm searching for a VLan Switch next week.

The other 3 lans are for other security camera, domotic and media stuff and I can't change it now.

For the Chrome options, I cannot change it as it is adminstrated by my company too.

Thank you for your review, have a good one.
Richard.

Hmm, I think you are overly concerned about some of the things here. Your company can only see your status on Teams. If you are online, offline etc, nothing more and nothing less. Same as you can see that about all your colleagues...
You don't believe Microsoft would implement a back door in Teams or any of their applications do you? Something that would allow them or anyone to spy on people via the camera or microphone. Just think about the legal implications if that came out, and the lawsuits that would result from such practice.

Cortana can listen to your microphone yes, if you activate it in Teams. In the same way Siri or Alexa will "listen" to your commands. But your company would have no information or data from that whatsoever... unless your company is actually Microsoft...

And, there is no way they, whoever they are, can "scan" your LAN from your PC to see what you are doing there. The only thing that can be seen from your PC is your network topology and devices. But nothing about what they are actually doing... Not even pfsense can see into end to end encrypted traffic, even though it actually passes through pfsense. And nothing of that traffic passes through your PC...

_Rick

Hi @Gblenn,
Thank you for your note, I was sure too before I saw reports that I wasn't supose to see.

In any case, I'm getting a VLan Switch this week and it wi resolve my current situation.

Thank you again.
Richard.

_Rick

Hi @stephenw10,
No and I understand your point, I cannot use an extra port right now until next year or so.

For now, a VLan switch will do.
Thank you for the sugestion, have a good one.
Richard.

Gblenn

@_Rick said in Netgear 6100 for Home use, new work PC seeing all my network media !!:

Hi @Gblenn,
Thank you for your note, I was sure too before I saw reports that I wasn't supose to see.

Meaning what exactly? A secret report about what?

It is one thing making claims about your employer being able to read logs from your work PC or know what applications are running or installed on it. Or even the possibility of the employer having keyloggers and other capturing SW to literally spy on their employees. But active monitoring without your knowledge/conscent... no, in most countries that isn't even remotely possible...

Claiming that they have the ability to secretly use your camera via Teams... Think about that for a second, from the perspective of Micrsoft..

Same thing saying that your company is able to use your Work PC to see what is going on in your home network and what you are doing on other PC's or devices (not your work PC). That is simply not possible!
Not even pfsense knows about what goes on unless traffic is actually routed through pfsense. And still it can't see into encrypted traffic.

The only way they could get any detailed information is if you have installed company SW on your other (private) PCs and devices. Software that would need to be specifically designed to work on each one, like the Nvidia Shield to backdoor into it and see what is going on...
But I'm pretty sure this is not what you are thinking is it?

In any case, I'm getting a VLan Switch this week and it wi resolve my current situation.

Sure, you will no longer be able to access or control your Cast enabled devices at home, from your Work PC. But if you still belive your company can listen to your microphone, it doesn't matter which LAN/VLAN you place it in. They would anyway be able to know what you are listning to, or which movie you are watching...

_Rick

Hi @Gblenn ,
thank you for your information, I just find out they use a split tunelling VPN .... so some of the software on the work PC pass through the VPN.

So that is why Chrome see the Chrome-cast on my Lan.

Your right they ca do whatever they want on that PC.

The document I saw was not for me to view, it was an error, but I had time to see a quick 2 sec results.

Again, thank you for your information.

I have my response a long time ago : can we stop this thread now?

Thank you all, Richard.