PaulDotCom mailing list archives
Re: VPN Split DNS
From: Andrew Johnson <andrew () infosiege net>
Date: Mon, 4 Mar 2013 19:27:32 -0800
I believe you're referring to split tunneling. In short, if split tunneling is enabled and that host is compromised, it may be possible to pivot through that host and gain access to the resources behind the VPN. Such a scenario would undermine multi-factor authentication and other controls you've put in place. Andrew Johnson (Sent from my mobile device) On Mar 4, 2013, at 18:59, Matthew Perry <mlperry () gmail com> wrote:
All, We have some branch offices that connect to a client VPN in our datacenter to access certain resources. Currently we are sending all traffic through the VPN when they connect, but this keeps them from being able to access resources on their network. What are the security concerns of using split DNS to allow them to access their local resources and the resources in the datacenter? I currently work with an admin who thinks it is a very bad idea to use split DNS, but can't really give me any examples of why. Thanks and I look forward to everyones responses. -- Matthew Perry _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- VPN Split DNS Matthew Perry (Mar 04)
- Re: VPN Split DNS Andrew Johnson (Mar 04)
- Re: VPN Split DNS Chris Campbell (Mar 05)
- Re: VPN Split DNS subodh pachghare (Mar 04)
- <Possible follow-ups>
- Re: VPN Split DNS Herndon Elliott (Mar 05)
- Re: VPN Split DNS Colin Edwards (Mar 05)
- Re: VPN Split DNS Matthew Perry (Mar 05)
- Re: VPN Split DNS wynn (Mar 05)
- Re: VPN Split DNS Colin Edwards (Mar 05)
- Re: VPN Split DNS Andrew Johnson (Mar 04)