I just read your entry where you can't emphasis enough the dangers of split tunneling. Since I asked my last question on this issue, I've done a little bit more reading.
Basically, if a device ever connects to the Internet in an uncontrolled fashion, it can be compromised and that compromise can be exploited when that machine starts up its VPN connection. The results of the exploit sent back the hacker when the VPN shuts down. In fact, it can probably be sent out through the corporate proxy firewall. Therefore, all VPNs are a bad idea, not just the ones with split tunneling.
Further, the VPN vendor software can have complete control over the network interfaces on the remote machine (e.g. it can shut them down to disable split tunneling). Therefore, it should be able to prevent traffic coming in from one interface being routed down the virtual interface of the VPN. Along with the prevention of IP address spoofing for the local IP addresses, this can effectively disable the exploitation of an "active" split-tunnelled connection. I don't know if any of the software available attempts to do this, but all the information is available to it. This still doesn't solve the fact that a compromised machine is a compromised machine and once compromised, connecting it a corporate network is dangerous.
You raise some very valid points, but I would not go so far as saying all VPNs are a bad idea.
The preferred configuration for a remote computer connecting to the
corporate network via VPN is the following:
- Remote computer is configured the same as directly connected computers. That is, it has all the same security settings, antivirus protection, etc.
- The only connections the remote computer makes to the Internet are made via the VPN tunnel to the corporate network and then back out through the corporate firewall just like a directly-connected computer.
If configured this way, the VPN is nothing more than a very long extension cord of ethernet connecting to the remote location. This is then no more or no less secure than a directly-connected computer. If the remote computer is allowed to connect to the Internet via other means, whether at the same time as the VPN tunnel or a different time, then the concerns you mention are very real. If the security configuration of the remote computer can be changed by the remote user, as opposed to the corporate network system administrators, then you have a problem as well.
VPNs are NOT the security solution for every problem. However, they can be used to provide secure access to a corporate network in controlled situations. Like virtually every other security product, a careful analysis of the big picture is necessary to determine what the risks are and if the appropriate security measures have been taken to mitigate those risks.
For more information on this topic, visit these other SearchSecurity.com resources:
This was first published in February 2003