Risk Description
An attacker takes advantage of external organizational or personal information systems (e.g., laptop computers at remote locations) that are simultaneously connected securely to organizational information systems or networks and to nonsecure remote connections, commonly known as “Split Tunneling”.
Category: Asset Management
What is VPN Split Tunneling
Split tunneling refers to a network configuration where a device connected to a secure network (such as a corporate VPN) simultaneously connects to an insecure network (such as a public Wi-Fi). This situation can expose the secure network to various security risks and vulnerabilities. Here’s how attackers can exploit split tunneling:
Network Reconnaissance
Attackers can use the insecure connection to gather information about the secure network, identifying potential targets and vulnerabilities.
Man-in-the-Middle Attacks
Attackers can intercept data transmitted over the insecure connection, gaining access to sensitive information and potentially injecting malicious code.
Data Leakage
Information intended for the secure network might inadvertently travel over the insecure connection, leading to unintentional data leaks.
Malware Injection
Devices connected to insecure networks are more vulnerable to malware. Once infected, these devices can spread malware to the secure network.
Eavesdropping
Attackers can monitor unencrypted traffic on the insecure connection, gaining access to private communications and sensitive data.
Mitigation Strategies
- Disable Split Tunneling: Ensure that devices connected to the secure network do not simultaneously connect to insecure networks.
- Use Full Tunneling: Route all traffic through the secure VPN to prevent data from traveling over insecure connections.
- Implement Strong Encryption: Ensure that all data transmitted over the network is encrypted to protect against interception and eavesdropping.
- Network Segmentation: Separate sensitive data and systems from less secure areas of the network to limit the impact of any potential breaches.
- Endpoint Security: Use robust endpoint security solutions, including firewalls, antivirus software, and intrusion detection/prevention systems.
- User Education: Train users on the risks of split tunneling and the importance of adhering to security policies.
By addressing the risks associated with split tunneling and implementing appropriate security measures, organizations can protect their networks from potential attacks.
Routing all client traffic (including web-traffic) through the VPN (OpenVPN)
Please check here on how to route all traffic on all of your client machines/devices