Split Tunnelling

Split tunneling, while convenient in some cases, drastically increases organizational security risks by allowing clients to operate with simultaneous access to both the secure network and the public internet. This configuration creates a potential backdoor for attackers, enabling them to exploit compromised remote clients to gain unauthorized access to the organizational network.

To mitigate these risks, ICS must enforce a no split-tunneling policy for all remote access VPN users.

1.Navigate to Users > Resource Policies > Split Tunneling Networks in the ICS Web UI.

2.Delete all existing split tunneling policies unless explicitly required for testing or debugging with restricted roles.

3.Ensure permanent configurations route all traffic through the secure VPN tunnel.

4.Communicate and enforce the no split-tunneling policy as part of organizational security practices.

5.Monitor traffic centrally and audit configurations regularly to ensure compliance.

By enforcing a strict no split-tunneling policy, the organization significantly reduces its attack surface, enhances data security, and ensures compliance with advanced cybersecurity guidelines.

Considerations and Best Practices

•Monitor and Inspect Remote Client Traffic:

•With split tunneling disabled, all traffic from remote clients is routed through the VPN tunnel. Utilize network monitoring tools to inspect traffic and detect suspicious activity.

•If split tunneling is enabled, ensure the options for route precedence and traffic enforcement options are also enabled to inspect traffic and detect suspicious activity.

•Segment VPN Traffic: Restrict access to only the resources necessary for users to perform their roles. Implement Access Control Lists (ACLs) and isolate VPN traffic where possible.

•Educate Users: Inform remote users of the no split-tunneling policy and explain the importance of routing all traffic through the secure VPN tunnel. This includes ensuring their internet traffic adheres to corporate security standards.

•Log and Audit VPN Activity: Forward VPN traffic logs to an external log analysis platform (e.g., SIEM) for real-time monitoring and periodic auditing. This enables the detection of unusual activity or potential breaches.

•Compliance with Organizational Guidelines: Ensure the no split-tunneling configuration matches regulatory standards or industry best practices (e.g., NIST 800-53, CISA, or DoD guidelines).