Problem solve Get help with specific problems with your technologies, process and projects.

The detection and prevention of split tunneling

How can I detect and prevent split tunneling on my wireless network?

There is no way to detect this, as far as I know. Perhaps you could routinely ping a known Internet address using source routing through your client, but I doubt even that would work. The key is prevention and the only way to do that is through configuration control. All remote clients must have the same configuration as any client that is directly connected, with the exception for the VPN software, of course. In all cases, users should not have administrator or root access to the client machine and should not be given the privilege of installing software or changing software configurations. Anything short of that, and you will not be able to prevent split tunneling.

Many corporations do not allow VPN access at all for the reasons that have been discussed. To access corporate resources, they will instead provide an SSL-protected Web portal for employees to access their e-mail or other resources. They still need to authenticate to the system, but the authentication is protected by the SSL encryption. This solution can provide remote employees with basic capabilities, but is not the same as what they would have directly connected.

Other solutions that are used are things like PCAnywhere, GoToMyPC and others. All of these have security problems similar to VPN, and in some cases more, as they rely on a third-party being trusted. I don't recommend those solutions, either.

As always though, remember that there needs to be a balance between usability and security. Only a risk assessment can analyze those trade-offs and help you decide what level of risk is acceptable.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: Best practices for securing remote-access solutions
  • Ask the Expert: VPNs and split tunneling
  • Ask the Expert: Disabling split tunneling for secure remote access

  • This was last published in February 2003

    Dig Deeper on Secure remote access

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.