I have seen some IT security audits that request whether split tunneling is implemented for remote VPN users. I can appreciate the peace of mind benefits from disabling split tunneling, since you basically act as a proxy server if the user wishes to explore the nether regions of the Internet rather than your fancy new CRM solution. I've always been a bit gun shy about disabling tunneling though because I feel it could cause unintended consequences in terms of bandwidth hogging on the remote WAN links, over-utilization of the remote server, etc. It just seems rather heavy-handed. But on the other hand, there are legitimate risks involved when split tunneling is permitted, like malicious users hopping over to your VPN link and causing trouble.
Is there something (firewall rules, policy rules, etc) that is at least an "in-between" solution? The goal is to prevent unauthorized use of the VPN network, but I cannot think of a way to reliably defeat a would-be attacker from compromising the intermediate system and gaining access to the network.
Best Answer
Indeed, if your threat model includes adversaries coming in through the Internet to control the user's PC and then use it to access the VPN, you don't have much of an alternative. I could suggest all sorts of solutions to compartamentalize the user's PC into a part that can talk on the Internet and another part that can talk on the VPN while the parts can't talk to each other, from segragated routing domains to separate virtual machines, but it's all for naught if the adversary controls the PC.
Technically, you're not even safe WITHOUT split tunelling if you consider that the adversary could gain control of the PC while the VPN is down and then take advantage of it later (non-interactively) while the VPN is up.
So it all depends on what threat model you want to consider and how far you are willing to go to defeat it.