in my job as a consultant I often work for a short period for customers. Most of the time they have a solution in place for working remotely. Or by using a laptop from them, or by a VPN portal.
To have the oppertunity to work remotely is a blessing. But when it is, using their VPN portal… well…. most of the time you have some issues. Why ?
Well, most of the time the VPN client will limit the use of your laptop. all your internet activity is send through the tunnel….via the customer…. hmmm I have nothing to hide, but it is not a desirable situation in my opinion.
- my company e-mail traffic is routed through their VPN
- some sites are blocked (vendor sites)
- downloading of software could be an issue
So I have the following solution. I use a VM running in VMware workstation.
I installed a clean windows OS VM,with tools that I like to use. Keep the VM as clean as possible. And I make a full clone of the VM. The original VM is more a template.
I’ll encrypted the cloned VM introducing another line of defense / security. And I use that VM to use the customers VPN.
VMware workstation has a function called Unity. Unity makes it possible to experience the applications running in the VM as if they where running directly on your laptop. So no extra console / RDP session. (of course in the background there is some sort of a console running)
- internet traffic from my laptop is not routed via the customers VPN
- no extra browsing limitations due to customers policies
- secured VM. ‘sandboxed’
- dedicated VM. After the assignment is finished you can remove the VM.
- Installation of customer software will not mess with your laptop
- you can put customer data (like a temporary keepass… or notes) in the VM
- You have some extra actions to run before a VPN tunnel is created.
- Everytime you start the VM, an encryption key is requested.
- Using extra disk space (40 GB +)
- getting used to unity functionality
- you need some extra time to setup the VM. But by having a windows OS VM already available, and make a full clone, you’ll save time.
I use the following configuration options for this VM:
- Windows OS
- NAT network portgroup (you could also use bridged, but then the VM is presented on the network as your laptop.)
- Unity mode
- VM Encryption (VM needs to be a full clone, so all files can be encrypted)
- disk clean up on exit. (Vmware Workstation will reclaim unused disk space from the VM, making sure the VM’s footprint is as compact as possible.)
- VMware Workstation 14
- disable USB / floppy. Making sure to have a small attack surface.
- 1 vCPU / 4 GB RAM / 40+ GB disk size
Well that is how I use it at the moment. Feedback / input is welcome. I hope you enjoyed this article.