That *is* split tunneling as I understand it.
And in response to Marc, you've basically defined the entire dilemma of any form of security. It is always a trade off between convenience and security.
Unfortunately in our times, "security" can also be defined as "cost containment" and "lawsuit avoidance". Because the potential cost of a security breach is quite high, convenience is on the chopping block most of the time.
On Oct 15, 2010, at 10:54 AM, Rama Kocherlakota wrote:
> Could we enable LAN access without enabling true split tunneling, as in this document:
> On 10/15/2010 10:39 AM, Marc Farnum Rendino wrote:
>> Hmm... I'm as much a stickler as anyone for security (ask anyone :),
>> however isn't this one of those situations where we're:
>> - attempting to avoid a *potential* cost (ex: a security breach)
>> - by paying a *certain* cost (ex: lost functionality, increased support
>> costs, attempts to route around...)?
>> And it seems to me that the potential increase in risk (of allowing
>> split-tunneling) is minor, since the "horse is already out of the barn"
>> so to speak, in that the security of the remote machines connecting in
>> to the VPN is an unknown. And that's pretty much the same as the vast
>> majority of machines on campus too.
>> The cost/benefit doesn't seem to work out.
>> On Thu, Oct 14, 2010 at 10:32 PM, Dan Brisson <[log in to unmask]
>> <mailto:[log in to unmask]>> wrote:
>> Bryan is correct that security best practices dictate not using
>> split tunneling.