PC Security and working remotely, any tips?

So I just got a job working remotely and they want me to use a program on my computer to log into another PC. I have some concerns about that program being able to look around my PC so I’m going to buy a second SSD and dual boot windows from it in my machine.

Still have to figure out a few things like limiting that windows install’s access to the other drives but it should be straight forward. If any one has any experience with this I’d love some advice or tips on things I should look out for.

Thanks!

Instead of dual booting can you run a VM that is for your job? That would be a better solution as far as security goes.

Install the program onto a VM that you only use for work. Then you are sandboxed instead of bare metal.

I would also look into using vlans with good rules. I have a work laptop I use at home and it’s loaded with security agents that I do not want scanning my LAN for shares, devices etc. so I made a vlan for work and rules in pfsense only letting that vlan have traffic with the wan.

I personally do this for remote work too, I have a Windows 10 Pro VM for JUST work functions hosted on my Windows 10 Pro workstation.

I just allocate 16GB of RAM and 8 CPU cores and run the VM on my boot NVMe SSD for as much speed as I can get.

A virtual machine is a great idea although I’ve never set up one before, any recommendations on software for windows? If you know a good video guide that would be awesome too :).

Microsoft Hyper-V and there a millions of how-to videos on YouTube

Thank you very much!

I personally use VMware, the player is free to try out but Workstation is a PAY version.

If it’s your computer, politely tell them no. Let them know you’ll install anything they want you to install so long as they provide the device. No reputable company will take issues with that. 100% of them have provided a company device or offered a stipend to buy a device that would be the company’s property.

If it’s their computer, don’t put your personal files on it. Privacy isn’t the only issue here; if it’s their device any work you do using it is done using their resources and they can claim ownership of it.

If it’s a remote desktop session that can work on Linux I’d even suggest scooping up a Pi 4 and use that as a thin client to access your remote station. It’s plenty enough to do such things and it’s a completly separated machine from your personal one and it’s reusable for lots of stuff in the future.

I agree with all the comments regarding VLANs and trying to isolate as much as possible the remote connection from the rest of the devices in your network.

If you need Windows I’d suggest using VMware Player. It’s reliable, free and has built in seamless mode between host and VM if they both run Windows.

A company I used to work for was asking only the WFH employees to install just OpenVPN and a sip phone (both FOSS) on their devices. I think that was reasonable, aside from requiring them to run Windows (there was 1 or 2 with macOS that we managed to work with, but it wasn’t easy). Very few needed office, so they used RDP to connect to a WinServer 2016 with office and another proprietary software running on it.

On Windows, if I must run a VM, first choice would be HyperV, followed by VirtualBox. Not a fan of VMWare Player / Workstation.