Home > Ask the Security Experts > Questions & Answers > Split tunneling in a VPN environment & the security of 3DES encryption
Ask The Security Expert: Questions & Answers
EMAIL THIS

Split tunneling in a VPN environment & the security of 3DES encryption

Stephen Mencik EXPERT RESPONSE FROM: Stephen Mencik

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 23 April 2001
What are the security pros/cons of using split tunneling in a virtual private network (VPN) environment? Is there a particular tunneling protocol (IPSEC, L2TP, etc.) that provides better security than others? How secure is 3DES encryption with today's technology? Does the government use it?

>
Split tunneling is when a VPN client can connect to both secure sites(via VPN) and non-secure sites, without having to connect or disconnect your VPN connection. The client can determine whether to send the information over the encrypted path, or to send it via the non-encrypted path. The pro for split tunneling is ease of use. The main con is that you now could have a direct connection from the non-secure Internet to your VPN-secured network, via the client. This is a classic case of usability vs. security, and whether split tunneling is an acceptable risk is something that would need to be decided on a case-by-case basis.

It is not just the protocol that determines the security. The choice of the underlying cryptographic algorithm, the key management scheme and user authentication, all play important parts in determining the security of the application. Both IPSEC and L2TP can be implemented securely.

The security of 3DES encryption with today's technology depends on the sensitivity of the information you are trying to protect. Clearly as technology progresses, encryption algorithms need to be stronger. That is one reason why the National Institute of Standards and Technology (NIST) is in the process of creating the new Advanced Encryption Standard (AES). The Rijndael algorithm was selected for the AES, and a draft FIPS standard is now in its public comment phase.

Yes, the government does use 3DES. For many U.S. Government applications, 3DES is not only the algorithm of choice, it is mandated by agency regulations. It is used for data that is Sensitive But Unclassified (SBU). I don't know of any cases where it is used for classified data, but if 3DES is used for classified data, I'm probably not supposed to know. :)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts