After being blacklisted with SpamHause on more than one occasion and working through a root cause analysis I've managed to lock things down even better than they were in much of our security equipment. What I'm looking to do now is find the Best Practice and proof in documentation as to whether we should allow users to access the Internet through our gateway while connected to us.
Most users connect using Network Connect. If they forget to disconnect from us before continuing their browsing, their Internet traffic effectively uses us as their gateway. This has proven to be bad on more than one occasion.
Is it advisable to block I.V.E. users from the Internet while connected to us? Can you please point me to the supporting documentation?
There is no best practices document for the same:
If you are concerned about security and want users to access only internet websites you want them to access while during the VPN session,disable split tunneling is recommended.
From the internal interface of the IVE, you can filter the internet websites that the users are allowed to access using content filtering feature on the firewall, this will ensure that users do not vist any malicious websites while connected to the VPN.
Yes so it is advisable to block users from accessing malicious websites while connected to VPN but not block it completely.
Also, Host check policies need to be enforced so that Users have the appropriate AV installed on their PC, PC is scanned, AV has updated DAT files etc
If users are allowed to access internet via their ISP while connected to VPN, they can access any website they want. and hence disable split tunneling is considered more secure than enable split tunneling.