Hi,
I connect my home computer running windows 8 pro with forticlient to a network and then work on the computer there. Could someone please guide me if there is a possibility of my home computer getting accessed and files read or uploaded out? Can someone with my own forticlient password or administrator password gain access to my home computer? If yes is there a log where I can find it? I can upload the logs if you want. Much thanks!
Thanks,
FCUser
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
there is no way to establish the tunnel from remote. But, if the tunnel already is up while you're working, you've essentially got a direct connection between your PC and the remote LAN.
FC has a built-in firewall and maybe you've got other security software on your PC like Kaspersky which features one. If that is active you can control access from remote.
If access from remote to your PC is allowed then one could create a connection to a local share ('net use x: \\myPC\share') and copy files from and to. That is independent of the VPN though.
Logging: there is no valuable log info from the FC regarding file copies. You may find these in the Windows logs if configured (file or folder monitoring).
Why do you ask? Want drove you to this speculation? As far as logs are you looging anything on the fortigate? What's fw.policy for the remote-access? What network/server resource do you allow for the "remote users" ( SMB/CIFS, RDP,FTP, etc...) ? I would be more incline to review the logs on the server resource if any than the firewall, since the logs at the firewall will just show you traffic and not failed logins,logins, etc....
YMMV
PCNSE
NSE
StrongSwan
ede_pfau wrote:Hi ede,hi,
there is no way to establish the tunnel from remote. But, if the tunnel already is up while you're working, you've essentially got a direct connection between your PC and the remote LAN.
FC has a built-in firewall and maybe you've got other security software on your PC like Kaspersky which features one. If that is active you can control access from remote.
If access from remote to your PC is allowed then one could create a connection to a local share ('net use x: \\myPC\share') and copy files from and to. That is independent of the VPN though.
Logging: there is no valuable log info from the FC regarding file copies. You may find these in the Windows logs if configured (file or folder monitoring).
I dont have any other security software. So will the Fc's built in firewall prevent anyone in the remote LAN to access the files on my PC? I just checked, my PC has "Don't allow remote connections to this computer" checked.
Where are these windows logs for file and folder monitoring?
emnoc wrote:Why do you ask? Want drove you to this speculation? As far as logs are you looging anything on the fortigate? What's fw.policy for the remote-access? What network/server resource do you allow for the "remote users" ( SMB/CIFS, RDP,FTP, etc...) ? I would be more incline to review the logs on the server resource if any than the firewall, since the logs at the firewall will just show you traffic and not failed logins,logins, etc....
YMMV
I have a strong suspicion someone in the remote LAN or someone connected to the remote LAN was spying on me. I think its a group effort of 2 or more people, with one having admin access. Can this admin delete the logs on the fortigate or will the logs be secure? Can they tamper with the server side logs?
Where can i view the firewall logs?
I've been trying desperately to find out what really happened. I really need help on this, please!
Anyone...?
Can this admin delete the logs on the fortigate or will the logs be secure? Can they tamper with the server side logs? Where can i view the firewall logs?
To answer the questions;
YES
YES
and
execute log filter category 1
execute log display
The real question tho, if they have access they could delete , tamper,remove, files and do you even having logging enabled? and yes was it memory/disk or did you enable remote-syslog?
This is way it's 100% preachable to have have off appliance logging ( FortiCloud, FAZ, Syslog )
Ken
PCNSE
NSE
StrongSwan
emnoc wrote:
To answer the questions;
YES
YES
Not good.
I have no idea. Basically I want to resolve this without going to the admin and asking for the server logs. I want to resolve this with some logs within my PC itself. Because the worst case scenario is the admin himself is compromised and will not co-operate or will have tampered with the logs. If my PC does not have those logs, then I guess I'll go and ask them of those off appliance logging you have mentioned.The real question tho, if they have access they could delete , tamper,remove, files and do you even having logging enabled? and yes was it memory/disk or did you enable remote-syslog?
This is way it's 100% preachable to have have off appliance logging ( FortiCloud, FAZ, Syslog )
Ken
So, does my PC contain any worthwhile logs I should be looking at?
execute log filter category 1
execute log display
This is on the server side? Like I mentioned, I do not have access to the server. Will the Forticlient on my PC have these logs? If yes then how do I execute those commands?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.