Hmm... I'm as much a stickler as anyone for security (ask anyone :), however
isn't this one of those situations where we're:

- attempting to avoid a *potential* cost (ex: a security breach)

- by paying a *certain* cost (ex: lost functionality, increased support
costs, attempts to route around...)?

And it seems to me that the potential increase in risk (of allowing
split-tunneling) is minor, since the "horse is already out of the barn" so
to speak, in that the security of the remote machines connecting in to the
VPN is an unknown. And that's pretty much the same as the vast majority of
machines on campus too.

The cost/benefit doesn't seem to work out.

On Thu, Oct 14, 2010 at 10:32 PM, Dan Brisson <[log in to unmask]> wrote:

> Bryan is correct that security best practices dictate not using split
> tunneling.