Wednesday, April 9, 2014

Split Tunnelling Debate - A never ending one



This article discusses both sides of the story

For corporate users with VPN access, this is a common debate.

My philosopy is again based on RISK. If split tunnelling poses certain risks , then they can be minimized.
If the organization wants to be security conscious and disable split tunneling then
They should have enough bandwidth
Proxy admins available to make exceptions to all the false positives and resolve all other issues that users face.

In my previous job, the nature of the business mandated that we enable split tunneling and we implemented a few compensatory controls to reduce the risk
  1. Juniper SSL VPN ( pure web traffic including RDP)
  2. Endpoint compliance check through Host Checker
  3. Selective (Ports / IP Address/ Users) Layer 3 Tunnel VPN with stricter Endpoint Check.


I guess everything boils down to layered security and remembering that our ultimate goal is to  enable the business and part of that is keeping security transparent to users.



DISCLAIMER:

"I am not GOD so, I admit that I could be wrong anywhere between 0 - 100%"



The link below has more information:-

No comments:

Post a Comment