I believe you're referring to split tunneling. In short, if split tunneling is enabled and that host is compromised, it may be possible to pivot through that host and gain access to the resources behind the VPN. Such a scenario would undermine multi-factor authentication and other controls you've put in place.
Andrew Johnson (Sent from my mobile device) On Mar 4, 2013, at 18:59, Matthew Perry <[email protected]> wrote: > All, > > We have some branch offices that connect to a client VPN in our datacenter to > access certain resources. Currently we are sending all traffic through the > VPN when they connect, but this keeps them from being able to access > resources on their network. > > What are the security concerns of using split DNS to allow them to access > their local resources and the resources in the datacenter? I currently work > with an admin who thinks it is a very bad idea to use split DNS, but can't > really give me any examples of why. Thanks and I look forward to everyones > responses. > > -- > Matthew Perry > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
