I guess there's an inherent risk in everything like this. No risk means total isolation (network or otherwise - floppies, etc) - not a terribly practical solution.
Fil
Visser, Martin (Sydney) wrote:
Split-tunnelling always has a risk.
Consider this "secure" scenario:-
1. You ensure that IP packets from the Internet *cannot* be forwarded to
the Office network (and vice versa). 2. You deny all traffic except
a. You allow application A to connect to (say) port 80 on the
Internet
b. You allow application B to connect to (say) port 80 on the Office
network
This sounds secure, however, can you guarantee that:-
1. Application A is in fact Application A (and not some trojan), and of course App B is App B?
OR
2. Trojan application T isn't somehow using creating covert channel between the Internet and the Office by effectively manipulating information from application B to drive application A (or vice versa)?
If you can't ensure this, then you will be at risk.
I know I am exaggerating to the extreme, but this is the reason why
split-tunneling is insecure, even if you are fairly careful about
routing at the IP layer, it is very diffcult to prevent application
level interaction. (That being said I imagine today people using
split-tunneling have never had a security attack, as they are unlikely
to have a trojan this smart.)
Martin Visser ,CISSP
Network and Security Consultant Technology & Infrastructure - Consulting & Integration
HP Services
3 Richardson Place North Ryde, Sydney NSW 2113, Australia Phone *: +61-2-9022-1670 Mobile *: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com
-----Original Message-----
From: Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 May 2003 12:07 PM
To: [EMAIL PROTECTED]
Subject: Fwd: [SLUG] VPN security issue
i forwarded that link to a network admin friend of mine who has this to say fyi:
It doesn't have to be insecure, it just requires careful setup to
ensure
that incoming from the internet is controlled (ie not allowed, or allowed
in a completely accountable way) and that there is no capacity for traffic
to cross the two nets: internet <-> tunnel
The vpn product that *** offer uses a cisco client and disables split-tunnelling. It cannot be worked around as the the client has
no local config. Start the client and it downloads its config from the
server, which cannot be changed without restarting the client...
sounds like a good way of doing it.
..S.
-- Phil Scarratt Draxsen Technologies IT Contractor/Consultant 0403 53 12 71
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
