This article explains a common misconfiguration with serious security
implications. The Split Tunneling feature of VPN clients leaves them
connected to the Internet while accessing internal networks. This conduit
exposes internal systems to hackers, viruses and other malware.
By disabling Split Tunneling, the VPN client switches default gateways from
the external ISP router to the VPN interface on the internal network. The
encrypted tunnel between the client workstation and the internal network is
the only network connection that remains.
Network administrators should force this configuration and lock all clients
so it cannot be altered.
