https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35654#M2678 <P>Recently had the exact same conversation with C-suite - not interested in stirring the hornet's nest during the current crisis.&nbsp;</P><P>&nbsp;</P><P>So, implemented a new sort of split tunnel based on route at source. All our cloud apps are now routed over VPN and then internet, allowing all other traffic to go out locally. It's not perfect, at all, but it's a better middle ground to build from.&nbsp;</P><P>&nbsp;</P><P>fun times.&nbsp;</P> Thu, 14 May 2020 09:26:25 GMT HTCPCP-TEA 2020-05-14T09:26:25Z https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35642#M2674 <P>Think your communications are safe? What about that connection to your corporate application? Many corporate VPNs simply allow sensitive data to shuffle across the Internet. How? They allow split tunneling (previous discussion is <A href="https://community.isc2.org/t5/Industry-News/VPN-Split-tunnel-pros-and-cons-especially-for-high-bandwidth/td-p/5471" target="_blank" rel="noopener">here</A>). IT loves to offload as much traffic as they can onto the Internet. In this new era of WHF don't you think you should be reviewing your VPN traffic and shaping policies? Buckle up or loose your data.</P> Fri, 15 May 2020 02:06:11 GMT https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35642#M2674 AppDefects 2020-05-15T02:06:11Z https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35644#M2675 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;wrote:<BR /><P>Think your communications are safe? What about that connection to your corporate application? Many corporate VPNs simply allow sensitive data to shuffle across the Internet. How? They allow split tunneling (previous discussion is <A href="https://community.isc2.org/t5/Industry-News/VPN-Split-tunnel-pros-and-cons-especially-for-high-bandwidth/td-p/5471" target="_blank" rel="noopener">here</A>). IT loves to offload as much traffic as they can onto the Internet. In this new era of WHF don't you think you should be reviewing your VPN traffic and shaping policies? Buckle up or loose your data.</P><HR /></BLOCKQUOTE><P><EM>"But if I don't have split tunnel how can I send my office report to my printer at home?"</EM></P><P>&nbsp;</P><P>That was the basic complaint years ago when colleagues on WFH days learned of that limitation. IT chiefs2 ,CIOs and CISOs should hold firm on the rule of no split tunnels, and point out those folks can work just fine without paper copies.</P><P>&nbsp;</P><P>Craig</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 14 May 2020 03:12:43 GMT https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35644#M2675 CraginS 2020-05-14T03:12:43Z https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35647#M2676 <P>Amen.</P> Thu, 14 May 2020 03:54:35 GMT https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35647#M2676 Early_Adopter 2020-05-14T03:54:35Z https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35654#M2678 <P>Recently had the exact same conversation with C-suite - not interested in stirring the hornet's nest during the current crisis.&nbsp;</P><P>&nbsp;</P><P>So, implemented a new sort of split tunnel based on route at source. All our cloud apps are now routed over VPN and then internet, allowing all other traffic to go out locally. It's not perfect, at all, but it's a better middle ground to build from.&nbsp;</P><P>&nbsp;</P><P>fun times.&nbsp;</P> Thu, 14 May 2020 09:26:25 GMT https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35654#M2678 HTCPCP-TEA 2020-05-14T09:26:25Z https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35669#M2679 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/780103681">@CraginS</a>&nbsp;wrote:<BR /><HR /><EM>"But if I don't have split tunnel how can I send my office report to my printer at home?"</EM></BLOCKQUOTE><P>Or, allow split tunnelling to 192.168.0.0/16.&nbsp; Fixes local printers while still intercepting the Internet.</P><P>&nbsp;</P><P>Security is more about finding a balance everyone can accept than just enforcing "best practices".&nbsp;</P> Thu, 14 May 2020 15:34:09 GMT https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35669#M2679 denbesten 2020-05-14T15:34:09Z https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35714#M2684 <P>HI All</P><P>&nbsp;</P><P>But there are alternatives to Split tunneling.</P><P>&nbsp;</P><P>Just ensure you have a printer, which accepts Bluetooth or WiFI connection from the Work Desktop locally?</P><P>&nbsp;</P><P>You are in control of the printer i.e. it is almost beside you, it is part of your own local network.</P><P>&nbsp;</P><P>The alternatives are filtering, egress monitoring, all of which are overheads, which the organisation may not implement but actually put the emphasis on the individual abiding by the corporate regulations, Acceptable Use Policy or similar.&nbsp;&nbsp; Or in fact monitor discretely via usage of remote agents.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 16 May 2020 03:17:13 GMT https://community.isc2.org/t5/Tech-Talk/WFH-Epic-Fail-VPN-Split-Tunneling/m-p/35714#M2684 Caute_cautim 2020-05-16T03:17:13Z