Learn something new every day
More Info... by email
Split tunneling is a network architecture configuration where traffic is directed from a virtual private network (VPN) client to a corporate network and also through a gateway to link with the Internet. The Internet and corporate network can be accessed at the same time. One application involves being able to go on the Internet while using a network printer from the same machine. Security concerns have been raised with this computer networking concept, but with various security steps and policy controls, split tunneling can be disabled or certain information denied from entering the network.
Home office networks can also feature split tunneling. A router provides a connection to the Internet for each computer and device in the network. Access to the local network requires a connection to the local area network (LAN), but since the shortest route to resources must be found, the system will turn to a gateway if it can’t find the LAN destination. Any request is sent over the Internet without the computer’s Internet Protocol (IP) address, and the return signal goes through the router and back to the computer.
The concern with split tunneling is that corporate data can be leaked to places that could pose a security risk. Websites that can access data from computers can be blocked by a network firewall or be programmed into a list that prevents the user from accessing such sites. An employee working from home has access to the Internet and the network, but is usually not limited by the corporate firewall. With split tunneling, corporate policies can be set to apply to a home machine to extend network access control.
Another way to ensure security is for an administrator to set what IP addresses data packets can be accepted from. If the packet comes from an unrecognized or blocked address, then it will not be allowed into the network. Protocols can also be filtered according to their identification, what address or port they come from, and the connection from which they arrive. A profile can be programmed into the system to determine the rules for letting information in.
Policies can also be set to manage split tunneling. Computer network security in a company can be compromised by malicious software that gets through. Documents can be accessed in this manner and be tunneled to another network. Applications, protocols, and ports can be automatically associated via policies, and the split tunneling configuration can be set to shut down if a banned application is launched.