Internet Access and Corporate Remote Access VPN

Unanswered Question
Sep 1st, 2009


From security perspective, is it safe to allow internet access via Split Tunneling while the users are accessing the corporate network through Remote Access VPN ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
JORGE RODRIGUEZ Tue, 09/01/2009 - 12:07

Simple answer it poses high securitty risks to corporate network.

will give you an example...

Say User X who works in finance dept Remote access VPN from his home into his work corporate network that allows split tunneling, at the same time User Xs home firewall has a rule to allow RDP access from anyone on the outside to his machine.. becuase the corporate split tunnel policy User X internet is not going through corporate firewall, therefore User YY who is a finance hacker expert RDPs into User X machine and he/she will be able to look at finance folders while User X is VPNed into corporate network.

If RA were full tunnel vpn, User YY finance hacker cannot RDP into USER Xs machine because it will required to cross Corporate firewall .

Easy right?



This Discussion