Cisco ScanSafe, aka Cisco Cloud Web Security

Justin M. Streiner streiner at cluebyfour.org
Wed Dec 4 15:33:31 UTC 2013


> First of all, why are you allowing or disallowing split tunnel networks ?
>
> There is always the risk that he/she may get infected with some malware
> that your antivirus does not recognize and it spreads through the internet
> network when the user VPNs to the corporate network.

>From what I've seen, many government agencies - particularly those 
that work with sensitive data - take a very risk-averse position when dealing
with remote access - if it is allowed at all.

Such networks also tend to be fairly compartmentalized out of necessity. 
Still the possibility of a breach that originated from a user that was 
VPN'd in and happened to open "not-infected-srsly.zip" gives IT admins in 
such environments more than a bit of heartburn.

jms



More information about the NANOG mailing list