Split tunneling allows VPN clients to access both the corporate network and the internet simultaneously, but poses security risks. Policies and security measures can be put in place to mitigate these risks, including filtering based on IP addresses and protocols, and setting rules for entering information. Home office networks can also use split tunneling, but corporate policies can be extended to control network access.
Split tunneling is a network architecture configuration in which traffic is directed from a virtual private network (VPN) client to a corporate network and also through a gateway to connect to the Internet. You can access the Internet and your corporate network at the same time. An application implies the ability to access the Internet using a network printer from the same machine. Security concerns have been raised with this computer network concept, but with various security steps and policy checks, split tunneling can be disabled or some information denied from entering the network.
Home office networks can also feature split tunneling. A router provides an Internet connection for every computer and device on the network. Accessing the local area network requires a connection to the local area network (LAN), but since the shortest path to resources must be found, the system will turn to a gateway if it cannot find the LAN destination. Any request is sent over the Internet without the computer’s Internet Protocol (IP) address, and the return signal goes through the router and back to the computer.
The problem with split tunneling is that corporate data can be leaked to places that could pose a security risk. Web sites that can access data from computers may be blocked by a network firewall or may be programmed into a list that prevents the user from accessing those sites. An employee who works from home has Internet and network access, but is usually not restricted by the corporate firewall. With split tunneling, you can set corporate policies to apply to a home machine to extend network access control.
Another way to ensure security is for an administrator to set from which IP addresses data packets can be accepted. If the packet comes from an unrecognized or blocked address, it will not be allowed to enter the network. Protocols can also be filtered based on their identification, what address or port they come from, and what connection they come from. A profile can be programmed into the system to determine the rules for entering information.
You can also set policies to manage split tunneling. Computer network security in a company can be compromised by passing malicious software. Documents can be accessed this way and transferred to another network. Applications, protocols and ports can be automatically associated via policies and the split tunneling configuration can be set to stop if a prohibited application is started.
Protect your devices with Threat Protection by NordVPN
