Archive for July 19, 2007

In the VPN configuration this seems to be a host discussion; so here we go

There are 2 options of internet traffic for the VPN users;

1. Split-Tunneling enabled :: This means all the corporate traffic goes through the vpn tunnel and all the internet (local browsing etc) goes through the user’s local internet connection which improves the browsing speed/experience for the end user.
2. Split-Tunneling disabled :: This means all the corporate traffic and local user traffic to internet traverse over the vpn tunnel and the internet traffic first goes to the vpn end-point and then exits to internet

Now, point 1 seems to be interesting to some security professionals for the reason that, while connected through VPN there is no local interaction and thus no ” security risk “. The argument being while connected to the corporate through VPN, the public internet is secluded and thus there is more security in terms of somebody/something from internet gets to the corporate!

Well, let me see; the way I see it – First of all it makes the internet browsing poor for the end user who is probably browsing more but still is *ON* VPN just for mail checking in the late evening (If that is happening ). Now security-wise, does it mean by just disabling the split-tunneling, an administrator can be assured that the user won’t harm the corporate ? I don’t think so;

How About users’ machine infected with a Virus/Trojan/Some Crap, whether you have enabled split-tunneling or not, this is going to enter corporate ???? YES.

So what security are we talking about ?

The best approach would be to have Network Access/Admission Control which is integrated with an AntiVirus/AntiSpyware/IPS and Firewall module.

Now is there something obvious I’m not seeing here? May be somebody can shed some light and I would really appreciate that!