Split-tunnelling always has a risk. Consider this "secure" scenario:-
1. You ensure that IP packets from the Internet *cannot* be forwarded to the Office network (and vice versa). 2. You deny all traffic except a. You allow application A to connect to (say) port 80 on the Internet b. You allow application B to connect to (say) port 80 on the Office network This sounds secure, however, can you guarantee that:- 1. Application A is in fact Application A (and not some trojan), and of course App B is App B? OR 2. Trojan application T isn't somehow using creating covert channel between the Internet and the Office by effectively manipulating information from application B to drive application A (or vice versa)? If you can't ensure this, then you will be at risk. I know I am exaggerating to the extreme, but this is the reason why split-tunneling is insecure, even if you are fairly careful about routing at the IP layer, it is very diffcult to prevent application level interaction. (That being said I imagine today people using split-tunneling have never had a security attack, as they are unlikely to have a trojan this smart.) Martin Visser ,CISSP Network and Security Consultant Technology & Infrastructure - Consulting & Integration HP Services 3 Richardson Place North Ryde, Sydney NSW 2113, Australia Phone *: +61-2-9022-1670 Mobile *: +61-411-254-513 Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com -----Original Message----- From: Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2003 12:07 PM To: [EMAIL PROTECTED] Subject: Fwd: [SLUG] VPN security issue i forwarded that link to a network admin friend of mine who has this to say fyi: > It doesn't have to be insecure, it just requires careful setup to > ensure > that incoming from the internet is controlled (ie not allowed, or > allowed > in a completely accountable way) and that there is no capacity for > traffic > to cross the two nets: internet <-> tunnel > > The vpn product that *** offer uses a cisco client and disables > split-tunnelling. It cannot be worked around as the the client has > no local config. Start the client and it downloads its config from the > server, which cannot be changed without restarting the client... sounds like a good way of doing it. ..S. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
