|
I don't know how I could describe for you how to do this without giving
out sources and methods to those that could be hackers. Ethically, I really
can't do that. However, I can point you to some other sources so that perhaps
having the overwhelming evidence will convince your network guy.
From the SANS Institute: Telecommuting safely -- remote node or remote session?, by Mark Levine
From CSOonline: Addressing teleworker network security risks, by Chad Robinson of Robert Frances Group
From SearchNetworking.com: Know your split-tunnel "gotchas", by Tom Lancaster
From Security Management Online: Tunnel of Secure Transmission, by Christopher J. Carlson
Finally, by allowing split tunneling, you are in effect dual-homing your
remote client on both your internal network and the Internet at the same
time. Since you likely cannot control how your remote client is configured,
that is the same as opening up your corporate network to whatever bad
things can happen to that remote client. Is the antivirus up-to-date on
that remote client? I hope so, because if a virus gets on it, it can easily
spread to the corporate network, bypassing any antivirus at your
corporate firewall. Does your remote user have a wireless network at
home? If so, can his neighbor hack into that network and then use the
tunnel that has been set up because the shared permissions of the home
network are setup wrong? Probably.
I really cannot emphasize enough that split-tunneling is a really bad idea.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: The threat of split tunneling with PPTP
Ask the Expert: Split tunneling in a VPN environment
Best Web Links: Infrastructure and network security
|
