You are right that "split tunneling" does not guarantee that the remote
network offering the VPN connectivity is safe from a compromised client.
Generally the client will be allocated an address on the remote LAN -
that's usually the point of establishing the tunnel is it not? Now sure,
the vpn client software can ensure that the client can only make
connections through the tunnel and not to other devices on the local LAN
or out to the internet. But depending upon how controlled egress
connections are on the remote LAN, the compromised client can still pose
a risk. For example, the client has a shell bot installed that connects
out to the attacker's machine and there is no control on outbound
connections from the remote LAN... Compromised client establishes
tunnel, shellbot connects out to control machine _through tunnel_,
attacker has full access to VPN client and LAN that the client is
connected into. In a case like this, split tunneling gains nothing.
Pete
Jeffrey F. Bloss wrote:
David Jacoby wrote:
There are a few solutions for this, ive seen some VPN clients that
disconnects the client machine from the Internet once the VPN
connection is established, this will prevent the attacker to keep his
connection because the client machine only allows connection to be
sent to the remote network via the VPN client, no other connections
are allowed.
Just out of idle curiosity, how would one "disconnect the client from
the Internet" when it's typically the Internet that's being used to
establish the VPN tunnel? :)
I suppose a piece of software could go to great lengths trying to
prevent any and all connections that weren't VPN, but this would be a
daunting task even if we weren't adding to the mix a condition like
being compromised. Even without that I just don't see this alleged
disconnection as being all that comforting, and a cracker mucking
around in your machine for a few minutes might turn it into one of
those (false sense of) security nightmares.
