COVID-19 AND CYBERSECURITY 3: WEB FILTERING AND SPLIT TUNNEL VPNS
“Do you have a policy on web filtering which is communicated to the workforce?”
James Preston from ANSecurity continues his guidance on the basic questions that those “CISOless” organisations need to ask themselves in order to remain secure. Remember the biggest benefit is gained from confronting the basics and executing them to the highest possible standard every single time. So what should you be asking when it comes to web filtering and split tunnel VPN’s?
Let’s start with what we know. Well the new work from home culture is now becoming Business as Usual for the vast majority, corporate networks are being tested and extended over the internet through VPNs. Organisations therefore need to ask the question, “Are the same network security policies being applied universally regardless of the user’s location?
Web filtering may sound draconian with many organisations acting in a flexible manner and expecting, and trusting, staff to exercise self-discipline in their use of social media and similar services whilst in their new working environment.
However humans by their very nature are fallible and the reality of web filtering today is that is a fully comprehensive, feature rich and powerful tool to block access to domains hosting malware, credential phishing sites and even block in browser crypto miners. In short you need to look at a web filtering strategy.
Crucially organisations should also be wary of whitelisting IPs/domains – in particular those from Cloud Service Providers; while fast to act on misuse many have been exploited by Threat Actors to host malicious content.
So you’ve probably been wondering, what’s this all got to do with split tunnels? While ISPs have been proud to announce that they are coping with the rise in internet usage with aplomb, the stark reality is many business are finding themselves with pretty large bandwidth constraints by not just the normal daily internet traffic but the rise in access to internal resources over VPN.
This has led some to ‘split tunnelling’ scenarios whereby only traffic destined for the corporate network is sent down the tunnel and all other traffic (including destined for those previously blocked malicious domains) breaks out at the users home internet connection instead.
With the drop in traffic over the VPN comes a rise in risk.
So with all this in mind, what do you need to be asking yourself?
- Do you have a policy on web filtering which is communicated to the workforce?
- In reviewing your logs how many web delivered threats have been blocked in the past? Do the results concern you?
- Have you tested your policies? Are they being enforced universally and are you using split tunneling features?
- If split tunneling has been deployed has the additional risk been recorded in your risk register and been communicated to the board?
As a business we are committed to providing help, guidance and support to our customers, particularly those on the front line and in critical industries. We want to do our part to help, so if you have questions, want to chat some things through, you know where we are
Image by pikisuperstar on Freepik