Educause Security Discussion mailing list archives
Re: VPN service -- Quick Poll (split tunneling?)
From: "Schumacher, Adam J." <adamschumacher () CREIGHTON EDU>
Date: Fri, 9 Mar 2012 23:18:50 +0000
For those that have answered yes, would you mind outlining whether you allow split tunneling or not? I would also appreciate your rationale one way or the other.
Our current IPsec solution does not do split tunneling, but the AnyConnect/SSL solution that we are moving to will. Our stance is that if anything going out to the internet isn't already "secure", isn't going to get that much of a benefit from going through us first. It saves our bandwidth and improves the overall experience for the customer. The solution is smart enough that any traffic destined for either our public or private address space goes through the tunnel.
I've always been taught that split tunneling is a really bad idea, but this topic has recently come up in our remote access project.
It just depends on what risks are/aren't acceptable to you or your institution. Personally, I'd rather not be a conduit for all the crazy stuff that ends up on home/personal devices any more than I have to.
-- Kris Monroe, CISSP, CISA, CISM Information Security Officer Office of Information Technology Services Job Hall Ithaca College 953 Danby Rd. | Ithaca, NY 14850 607.274.1997 | 607.274.1484 fax kmonroe () ithaca edu | ithaca.edu Follow us: facebook.com/ICInfosec | twitter.com/IC_infosec On 3/9/2012 9:18 AM, Zahid Mehmood wrote:Hi All, Quick Poll Please: 1. Is your campus using, or does it plan to use, VPN access for remoteusers?2 . What vendor(s) and protocols (SSL, IPSec, other) are you using? 3. How many concurrent remote users can your system support? 4. Do you offer any specialized/custom VPN services for departments,researchers, etc.?5. Is your VPN offering part of your DR plan/requirement? Thanks! Zahid Mehmood Network Software and IT Enablement Systems Columbia University Information Technology
Current thread:
- Re: VPN service -- Quick Poll, (continued)
- Re: VPN service -- Quick Poll Entwistle, Bruce (Mar 09)
- Re: VPN service -- Quick Poll Entwistle, Bruce (Mar 09)
- Re: VPN service -- Quick Poll Julian Y Koh (Mar 09)
- Re: VPN service -- Quick Poll Morrow Long (Mar 09)
- Re: VPN service -- Quick Poll Patrick Ouellette (Mar 09)
- Re: VPN service -- Quick Poll Miller,James R (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Kris Monroe (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Miller,James R (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Julian Y Koh (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Jeff Kell (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Schumacher, Adam J. (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Dave Koontz (Mar 09)
- Re: VPN service -- Quick Poll (split tunneling?) Valdis Kletnieks (Mar 11)
- Re: VPN service -- Quick Poll (split tunneling?) Dave Koontz (Mar 13)
- Re: VPN service -- Quick Poll Hugh Burley (Mar 09)