Re: Do you allow your vpn clients to do split tunneling?

["Miller,James R" <millerj () UAKRON EDU>]

John,

For security reasons, particularly allowing someone to access two different networks simultaneously, we prohibit split 
tunneling. Split tunneling would allow a client to directly connect our inside network to the internet or another 
network, bypassing quite a bit of our security.

Jim Miller
CISSP,CCSP
Lead Network Engineer
The University of Akron
(330) 972-7958
millerj () uakron edu



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John L. 
Isenhour
Sent: Monday, May 10, 2010 9:22 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Do you allow your vpn clients to do split tunneling?

Hi All,

We set up a citrix vpn service and I became aware that we're allowing split tunneling.  This is verboten most places 
I've been, but some of the network staff have voiced that it might be a preferred way to go.

We don't do traffic surveillance (aside from blocking p2p and external scans) so I would like to gain an understanding 
of whats the worst case, both allowing split tunneling and not.

Seems to me we're safer as an institution with it off.  VPN is for faculty and staff, btw. 

tnx,
-john

--
John Isenhour, Ph.D.
Chief Technology Officer
Information Systems Architect
Kennesaw State University
Kennesaw GA 30144
770-423-6620