Evidence of the risks of split tunneling

Evidence of the risks of split tunneling

Many thanks for the answer to my query. Steve backed up my theory. As I am not a professional hacker, it would be great to know how I could piggy back or hijack a VPN session from the Internet so that I can prove to our network guy that split tunneling is indeed a risk.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

I don't know how I could describe for you how to do this without giving out sources and methods to those that could be hackers. Ethically, I really can't do that. However, I can point you to some other sources so that perhaps having the overwhelming evidence will convince your network guy.

From the SANS Institute: Telecommuting safely -- remote node or remote session?, by Mark Levine

From CSOonline: Addressing teleworker network security risks, by Chad Robinson of Robert Frances Group

From SearchNetworking.com: Know your split-tunnel "gotchas", by Tom Lancaster

From Security Management Online: Tunnel of Secure Transmission, by Christopher J. Carlson

Finally, by allowing split tunneling, you are in effect dual-homing your remote client on both your internal network and the Internet at the same time. Since you likely cannot control how your remote client is configured, that is the same as opening up your corporate network to whatever bad things can happen to that remote client. Is the antivirus up-to-date on that remote client? I hope so, because if a virus gets on it, it can easily spread to the corporate network, bypassing any antivirus at your corporate firewall. Does your remote user have a wireless network at home? If so, can his neighbor hack into that network and then use the tunnel that has been set up because the shared permissions of the home network are setup wrong? Probably.

I really cannot emphasize enough that split-tunneling is a really bad idea.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: The threat of split tunneling with PPTP
Ask the Expert: Split tunneling in a VPN environment
Best Web Links: Infrastructure and network security


This was first published in January 2003