Re: VPN service -- Quick Poll (split tunneling?)

["Schumacher, Adam J." <adamschumacher () CREIGHTON EDU>]

> For those that have answered yes, would you mind outlining whether you
> allow split tunneling or not? I would also appreciate your rationale one way or
> the other.
Our current IPsec solution does not do split tunneling, but the AnyConnect/SSL solution that we are moving to will.  
Our stance is that if anything going out to the internet isn't already "secure", isn't going to get that much of a 
benefit from going through us first.  It saves our bandwidth and improves the overall experience for the customer.  The 
solution is smart enough that any traffic destined for either our public or private address space goes through the 
tunnel.


> I've always been taught that split tunneling is a really bad idea, but this topic
> has recently come up in our remote access project.

It just depends on what risks are/aren't acceptable to you or your institution.  Personally, I'd rather not be a 
conduit for all the crazy stuff that ends up on home/personal devices any more than I have to.


> --
> Kris Monroe, CISSP, CISA, CISM
> Information Security Officer
> Office of Information Technology Services Job Hall
>
> Ithaca College
> 953 Danby Rd. | Ithaca, NY 14850
> 607.274.1997 | 607.274.1484 fax
> kmonroe () ithaca edu | ithaca.edu
> Follow us: facebook.com/ICInfosec | twitter.com/IC_infosec
>
> On 3/9/2012 9:18 AM, Zahid Mehmood wrote:
> > Hi All,
> >
> > Quick Poll Please:
> >
> > 1.      Is your campus using, or does it plan to use,  VPN access for remote
> users?
> > 2 .     What vendor(s) and protocols (SSL, IPSec, other) are you using?
> > 3.  How many concurrent remote users can your system support?
> > 4.  Do you offer any specialized/custom VPN services for departments,
> researchers, etc.?
> > 5.  Is your VPN offering part of your DR plan/requirement?
> >
> > Thanks!
> >
> > Zahid Mehmood
> > Network Software and IT Enablement Systems Columbia University
> > Information Technology