Q

The detection and prevention of split tunneling

How can I detect and prevent split tunneling on my wireless network?

There is no way to detect this, as far as I know. Perhaps you could routinely ping a known Internet address using source routing through your client, but I doubt even that would work. The key is prevention and the only way to do that is through configuration control. All remote clients must have the same configuration as any client that is directly connected, with the exception for the VPN software, of course. In all cases, users should not have administrator or root access to the client machine and should not be given the privilege of installing software or changing software configurations. Anything short of that, and you will not be able to prevent split tunneling.

Many corporations do not allow VPN access at all for the reasons that have been discussed. To access corporate resources, they will instead provide an SSL-protected Web portal for employees to access their e-mail or other resources. They still need to authenticate to the system, but the authentication is protected by the SSL encryption. This solution can provide remote employees with basic capabilities, but is not the same as what they would have directly connected.

Other solutions that are used are things like PCAnywhere, GoToMyPC and others. All of these have security problems similar to VPN, and in some cases more, as they rely on a third-party being trusted. I don't recommend those solutions, either.

As always though, remember that there needs to be a balance between usability and security. Only a risk assessment can analyze those trade-offs and help you decide what level of risk is acceptable.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: Best practices for securing remote-access solutions
  • Ask the Expert: VPNs and split tunneling
  • Ask the Expert: Disabling split tunneling for secure remote access


  • This was first published in February 2003

    Dig deeper on Secure Remote Access

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close