Do you recommend configuring a VPN with split-tunneling features? How vulnerable do these mechanisms make your...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
In the most basic VPN scenario, a home user with a DSL modem, for example, can establish a VPN connection that forces all of his or her system's traffic through the VPN tunnel to a workplace network. This traffic includes everything from email and other corporate services to simple Web browsing.
When split tunneling is introduced into the equation, only a portion of the traffic is tunneled. Administrators configure the VPN tunnel to be network-aware, and the user's VPN client then makes intelligent routing decisions based upon each packet's destination address. If a packet is headed to a system on the workplace network, it gets routed through the VPN tunnel. If it's destined for an external site, it goes through the user's DSL gateway directly to the destination host.
The decision to use split tunneling depends upon your specific business needs. If your goal is to secure traffic between remote users and the workplace, it's fine to use split tunneling. If you do so, however, you'll need to educate your users and ensure that they know which traffic does and does not pass through the tunnel; you don't want to give employees a false sense of security.
Why wouldn't we want to avoid split tunneling altogether? When you don't use split tunneling, users can't access restricted resources on their local networks. Consider again the case of our home user. If that user has a privately addressed file server sitting on the home network, it won't be accessible without the use of split tunneling. Also, if the enterprise has a large number of users following this model, it may not want to bear the burden of processing large amounts of traffic bound for other networks.
Dig Deeper on IPsec VPN Security
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.