Q

Disabling split tunneling for secure remote access

My company is about to disable split tunneling for our VPN on the grounds of security. However, consider the following...

My home PC connects to the Net via cable modem, and I download some Active X Trojan. Later, I connect to the VPN. The Trojan can easily detect this and do whatever it wants to my corporate network. When I shutdown the VPN, the Trojan can send stuff back to to its home on the Internet. What am I missing? Why does it matter if the harm is caused in the time it takes to traverse my network or the time between enabling and disabling the VPN? To me it seems like disabling split tunneling is another thing the security vendors can do and hype, so the consumers just do it and blindly think they are now immune.


In one sense you are absolutely correct. Your scenario could indeed happen that way. That is why any corporation that wants to allow remote access and do it securely needs to have control of the configuration of the remote computers. That means they need to supply the machines and configure them properly. The end users should not be allowed to download and install any software. When they connect to the Net, the only thing they should be able to do is start their VPN software and connect to the corporate network. If they need to browse the Internet, their browsing should go through the VPN and back out the corporate firewall.

If the corporation allows users to supply the computers and have administrative access, it doesn't matter whether the corporation disables split tunneling anyway. If you have administrative access, you can re-enable it in most cases.

So, what you are missing is that to allow secure remote access to a corporate network, the corporation must have control of the remote machines just as if they were directly connected to the corporate network. The VPN is just a long extension cord to the corporate network. If you lose control of what machines connect to the network or who can load software on those machines, then you no longer can count on your security policies to be enforced they way that you set them up.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: VPNs and split tunneling
  • Ask the Expert: Split tunneling in a VPN environment
  • Ask the Expert: Evidence of the risk of split tunneling


  • This was first published in February 2003

    Dig deeper on Secure Remote Access

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close