Cisco ScanSafe, aka Cisco Cloud Web Security
Justin M. Streiner
streiner at cluebyfour.org
Wed Dec 4 15:33:31 UTC 2013
> First of all, why are you allowing or disallowing split tunnel networks ?
> There is always the risk that he/she may get infected with some malware
> that your antivirus does not recognize and it spreads through the internet
> network when the user VPNs to the corporate network.
>From what I've seen, many government agencies - particularly those
that work with sensitive data - take a very risk-averse position when dealing
with remote access - if it is allowed at all.
Such networks also tend to be fairly compartmentalized out of necessity.
Still the possibility of a breach that originated from a user that was
VPN'd in and happened to open "not-infected-srsly.zip" gives IT admins in
such environments more than a bit of heartburn.
More information about the NANOG