Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ VPN Split Tunneling with Twingate

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š VPN Split Tunneling with Twingate


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: twingate.com


VPN split tunneling is a partial solution to the performance and usability issues VPN technologies create. By concentrating all remote traffic through gateways, VPN systems burden network infrastructure and degrade the user experience. Split tunneling can fix some of these issues. However, setting up split tunneling the wrong way can create holes in a companyโ€™s secure perimeter.

In this article, we will explain the intention behind VPN split tunneling, the benefits it offers, as well as the risks it creates. We will also explain why split tunneling is another reason companies are switching from VPN systems to modern access control solutions based on Zero Trust.

What is VPN Split Tunneling

VPN split tunneling routes protect traffic through a companyโ€™s VPN gateway while sending less sensitive traffic through the userโ€™s local network and the public internet. Split tunneling solves several problems inherent to VPNโ€™s design.

VPN gateway performance - By default, VPN systems encrypt and route all user traffic through a VPN gateway. The encryption applies to user emails, video conference streams, and Facebook scrolling. The VPN gateway must decrypt all this traffic and then encrypt everything going back to the user. With fixed processing capacity, gateway appliances struggle with sudden surges in remote activity.

Network performance - VPN imposes a burden on the private network by concentrating all remote traffic. The private network must route all traffic, whether or not it is work-related. Networks that were not designed for high volume remote traffic will need expensive upgrades to restore bandwidth to optimal levels.

Endpoint performance - Congested VPN gateways and bandwidth-constrained private networks directly impact the user experience. In addition, user traffic must also travel through the private network to cloud resources and back. This backhaul can significantly increase latency, further undermining productivity.

Access to local resources - The all-or-nothing nature of VPN default settings can block access to local resources. A remote user sitting in a co-working space, for example, will not be able to access local networked printers while their corporate VPN is engaged.

Access to multiple resources - Companies improve network security by segmenting their networks and assigning each subnet its own VPN gateway. Users can only connect to one gateway โ€” and one set of resources โ€” at a time. They must disconnect and reconnect as they switch between resources.

What are the benefits of VPN Split Tunneling?

VPN split tunneling routes essential, protected traffic and non-essential, personal traffic differently. The protected traffic travels through an encrypted tunnel to the companyโ€™s VPN gateway. The remote userโ€™s local network connection handles the non-essential traffic. Splitting traffic like this addresses the issues VPN creates.

VPN gateway performance - With less traffic arriving at the VPN gateway, the applianceโ€™s overall workload is reduced, and congestion eases. Split tunneling lets a companyโ€™s existing gateways handle more remote users, which could postpone the need for expensive upgrades.

Network performance - As VPN gateway traffic declines, so does network traffic. Administrators can further improve performance by splitting video conferencing and other bandwidth-intensive activities from the VPN tunnel. However, traffic destined for cloud resources will still get backhauled through the company network.

Endpoint performance - The gateway and network performance improvement will bring the remote user experience closer to the in-office experience. Shifting video conferencing apps to the userโ€™s internet connection may improve video and audio quality.

Access to local resources - VPN split tunneling applies to all network traffic on usersโ€™ devices, not just their internet traffic. As a result, users regain access to printers and other resources on their local networks.

Access to multiple resources - Companies can configure VPN split tunneling so users can have multiple active VPN sessions. This configuration eliminates the need for users to switch between gateways and improves productivity.

Different types of split tunneling

When companies want to take advantage of VPN split tunnelingโ€™s benefits, they can combine one or more of the following approaches:

Split-include - An access control list (ACL) defines which IP addresses or apps must be included in the VPNโ€™s encrypted tunnel. All other traffic routes through the userโ€™s local network or onto the public internet. This may be useful in bring-your-own-device scenarios. Administrators can define the company-related traffic to include in the secure VPN tunnel while leaving usersโ€™ personal activity alone.

Split-exclude - Also referred to as inverse split tunneling, this approach defines which IP addresses or apps to exclude from the encrypted tunnel. All other user traffic passes through the VPN gateway. Administrators can use split-exclude tunneling to shift bandwidth-intensive traffic off the private network.

Dynamic - When resources rely on pools of IP addresses or pass through NAT firewalls, the destination IP address will change from session to session. Rather than creating complex static ACL rules, dynamic split tunneling applies to exclude or include rules when a DNS server resolves domains.

Dual-stack networking - In many cases, the ACL rules that a VPN system applies to IPv4 traffic will not automatically apply to IPv6 traffic. Administrators can take advantage of this to apply separate rules for any applications that use IPv6. Otherwise, administrators should ensure that their VPN systems apply consistent rules to both stacks.

Are there any risks with split tunneling?

VPN split tunneling alleviates the performance and usability issues associated with VPNโ€™s hub-and-spoke topology. However, those benefits come at a cost. The traffic that does not pass through a VPN gateway does not pass through the companyโ€™s security stack.

A split-include implementation may be particularly risky. Letting much of a userโ€™s traffic bypass these systems create opportunities for hackers to compromise the userโ€™s device and penetrate the company network.

Exclusion rules, whether static or dynamic, can be more secure. Administrators define the specific apps, IP addresses, or domains that can safely bypass the security stack. For example, a video conferencing serviceโ€™s internal security may justify excluding its traffic from the companyโ€™s security measures.

Another risk associated with VPN split tunneling is the impact on network visibility. Certain types of user traffic will not be monitored, making it harder to identify malware or hackers moving through the network. Split tunneling can also impact security compliance as inappropriate user activity may go unmonitored.

The complexity of VPN split tunneling configurations also creates risk. Conflicting or inconsistent rules could open pathways into the network. In addition, administrators need to look closely at the applications they exclude from VPN tunnels. For example, how should the company handle a video conferencing app with file-sharing capabilities?

How Twingate can help

In todayโ€™s distributed network environment, the concentration of traffic imposed by VPN technologies does not work. Companies have many resources stored in the cloud, and work-from-home policies have become common. VPN split tunneling is a partial solution that creates problems of its own.

Twingateโ€™s modern approach to secure access creates a distributed network architecture designed for the way companies work today. All encrypted connections between user devices and protected resources are routed along the most performant direct path:

  • Traffic between a user and an on-premise resource travels over the company network.
  • Traffic between a user and cloud-hosted resources travels over the public internet.
  • Non-essential traffic never enters secure tunnels.

Twingateโ€™s architecture enables split tunneling by default. The userโ€™s local network and internet connection handle all non-essential traffic. All traffic destined for protected resources passes through dedicated encrypted tunnels. Only traffic for on-premise resources reaches the private network โ€” traffic between the user and protected cloud resources tunnels across the public internet.

Twingateโ€™s approach eliminates the issues that VPN technologies create. Networks become more performant and simpler to manage without legacy VPN technologies. The user experience also improves as they access multiple resources through low-latency connections.

Twingate simplifies access control

VPN split tunneling is a partial fix to the issues created by VPNโ€™s aging technology. Even when a company does everything right, maintaining these systems pile more responsibilities onto network administrators. But VPN split tunneling is easy to do wrong. And that opens holes in the secure perimeter that hackers could breach at any time.

Twingate lets companies create distributed network architectures. Users and resources connect directly, freeing private networks from unnecessary traffic and maximizing the user experience. And Twingateโ€™s split-tunneling-by-default policies remove non-essential traffic from the companyโ€™s private network.

Contact us to learn more about Twingateโ€™s distributed network architecture. Or try it yourself by joining our free plan for individuals and small teams.

...



๐Ÿ“Œ VPN Split Tunneling with Twingate


๐Ÿ“ˆ 58.84 Punkte

๐Ÿ“Œ Cisco, others, shine a light on VPN split-tunneling


๐Ÿ“ˆ 36.84 Punkte

๐Ÿ“Œ What is VPN split tunneling and should I be using it?


๐Ÿ“ˆ 36.84 Punkte

๐Ÿ“Œ DNS Tunneling: DNS Tunneling using powershell to download and execute a payload


๐Ÿ“ˆ 33.19 Punkte

๐Ÿ“Œ ExpressVPN - DNS Leak Vulnerability With Split Tunneling


๐Ÿ“ˆ 30.34 Punkte

๐Ÿ“Œ What is Split Tunneling?


๐Ÿ“ˆ 30.34 Punkte

๐Ÿ“Œ ExpressVPN Removes Split Tunneling Feature Over DNS Leak


๐Ÿ“ˆ 30.34 Punkte

๐Ÿ“Œ ExpressVPN leaked DNS requests due to a bug in the split tunneling feature


๐Ÿ“ˆ 30.34 Punkte

๐Ÿ“Œ How to Choose an Enterprise VPN | Twingate


๐Ÿ“ˆ 28.5 Punkte

๐Ÿ“Œ Twingate: the Anti-VPN for the Work from Anywhere era


๐Ÿ“ˆ 28.5 Punkte

๐Ÿ“Œ [$] Developers split over split-lock detection


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ Fortinet stock split: Will second FTNT split drive up demand for cyber security shares?


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ When You Split the Brain, Do You Split the Person?


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ How to use Split View for split-screen on iPad


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ Python Split String โ€“ How to Split a String into a List or Array in Python


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ PDF Split and Merge 1.5 - Split,Merge & Edit PDF Anytime


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ CVE-2024-0684 | GNU Coreutils split src/split.c heap-based overflow


๐Ÿ“ˆ 27.49 Punkte

๐Ÿ“Œ Best Free Trusted VPN Services of 2019 | Fastest VPN | Unlimited VPN | Secure VPN


๐Ÿ“ˆ 26 Punkte

๐Ÿ“Œ iOS-Bug unterbindet vollstรคndiges VPN-Tunneling


๐Ÿ“ˆ 23.09 Punkte

๐Ÿ“Œ iOS-Bug unterbindet vollstรคndiges VPN-Tunneling


๐Ÿ“ˆ 23.09 Punkte

๐Ÿ“Œ Looking for a free VPN with multi tunneling


๐Ÿ“ˆ 23.09 Punkte

๐Ÿ“Œ New Linux Client & Designing Twingate for Developers


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Twingate in the News


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ New Linux Client & Designing Twingate for Developers


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Introducing Twingate


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Team Spotlight: Caleb's Journey to Twingate


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ How to sign up for Twingate Starter: Simple, Secure & Free Remote Access to your home network


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Zero Trust Infrastructure Automation with Twingate


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Deploying Twingate to GKE


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Deploying Twingate to AKS


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Deploying Twingate to AWS EKS


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Announcing Secure DNS with Twingate


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Connecting Twingate to Render


๐Ÿ“ˆ 22 Punkte

๐Ÿ“Œ Announcing SOC 2 Compliance for Twingate


๐Ÿ“ˆ 22 Punkte











matomo