Could we enable LAN access without enabling true split tunneling, as in
On 10/15/2010 10:39 AM, Marc Farnum Rendino wrote:
> Hmm... I'm as much a stickler as anyone for security (ask anyone :),
> however isn't this one of those situations where we're:
> - attempting to avoid a *potential* cost (ex: a security breach)
> - by paying a *certain* cost (ex: lost functionality, increased support
> costs, attempts to route around...)?
> And it seems to me that the potential increase in risk (of allowing
> split-tunneling) is minor, since the "horse is already out of the barn"
> so to speak, in that the security of the remote machines connecting in
> to the VPN is an unknown. And that's pretty much the same as the vast
> majority of machines on campus too.
> The cost/benefit doesn't seem to work out.
> On Thu, Oct 14, 2010 at 10:32 PM, Dan Brisson <[log in to unmask]
> <mailto:[log in to unmask]>> wrote:
> Bryan is correct that security best practices dictate not using
> split tunneling.