I recently saw something that interested me on social media. There was a discussion involving a few different people about how to connect their corporate laptops to their personal smart TVs while homeworking, so they could view files on larger screens. Presumably these people connect into the corporate network using a VPN from their laptops through their home routers. I’m immediately uncomfortable with the idea of connecting a (presumably) managed, corporate device, to essentially, another computer. I can imagine getting questions about this at some point and want to work through the details and get the risks clear in my mind.
There were a range of suggestions of how to do it. I can boil these down to connecting the laptop to the router wirelessly and the smart TV to the router wirelessly so the two devices were communicating through the router. Or the same connections but by Ethernet. I don't quite understand how either of these proposed solutions are even technically possible if the VPN is initiated by a VPN client on the laptop and, therefore, the packets are encrypted between the laptop and the RAS/NAS server on the network. The other solution was to cable the laptop direct to the smart TV using the HDMI port.
Has anyone any experience of this or can anyone suggest anywhere I could start my research with?
Good Morning. I noticed your post and think we all may be overcomplicating the situation. Without more information I could not say for sure but from the text I read I thought they meant they were using the TV as a large monitor. If they are using HDMI to connect the laptop to the TV, the VPN client software is not on the SMART TV directly.
Now if you're raising a concern of a corporate asset connected to network where other devices may connect, that ship has already left the dock, set sail and fallen off the horizon. Users already connect to their home network and unless you already have a policy to completely control THEIR network the only option is the create strong security policies on the corporate assets. Things like not granting users admin rights (or creating 2 account, 1 regular operating and 1 privileged account), disabling the Windows File and Printer Sharing service, disabling any unneeded user accounts/services and insuring updates (AV and OS) from Vendor or corporate asset. I've worked with a company that had 0 Information Security Polices and when the virus hit, they still did not learn their lesson. Despite the fact a home machine was permitted to infect the corporate network, they refused to implement proper controls.
I would recommend asking more detailed questions on exactly how they are using their assets at home before trying to implementing compensating controls. If you're going to allocate time and resources to the concern, best to make sure you're getting bang for your buck.