Protect Internal Networks from Internet Exposure
This article explains a common misconfiguration with serious security
implications. The Split Tunneling feature of VPN clients leaves them
connected to the Internet while accessing internal networks. This conduit
exposes internal systems to hackers, viruses and other malware.
By disabling Split Tunneling, the VPN client switches default gateways from
the external ISP router to the VPN interface on the internal network. The
encrypted tunnel between the client workstation and the internal network is
the only network connection that remains.
Network administrators should force this configuration and lock all clients
so it cannot be altered.
Kind regards,
Gideon
Gideon T. Rasmussen
CISSP, CISA, CISM, SCSA
Charlotte, NC
gideon@...
http://www.ussecurityawareness.org
http://www.gideonrasmussen.com
http://www.cramsession.com/articles/files/vpn-clients-and-split-tun-9172003-1220.asp
Posted:
Sun Feb 26, 2006 5:00 am
Copyright © 2002 - 2007 Gideon T. Rasmussen All Rights Reserved.
Legal Notices