Teaching Cyber Blog

Split Tunnel VPN & Full Tunnel VPN why is it relevant to Cybersecurity

A VPN is a VPN, so everything is secure?  Not quite.  Both split tunnel and full tunnel are the different ways network traffic is routed from you and the VPN server and beyond.

Split tunnel is like having multiple pipes traffic can flow, some of your traffic will go direct to the VPN server while some of your other traffic will not, it will go straight out to the internet.  You would think everything should go through a VPN for total security, while this may be helpful for security it may not be helpful for performance.  Everyone sending traffic through dedicated systems may be achievable for a small workforce but in a large enterprise It can be costly, especially if it stops working and suddenly no network connectivity for all.

Traffic destined to route through the VPN server should be the most sensitive in your organisation, data from internal products, solutions.  You will need to really know and understand your data to achieve this.

What about traffic that does not go through the VPN server?  This can be local traffic, for example employees in the office printing or accessing local network storage devices.  These devices do not require sending traffic through a VPN and back into the office as it’s a wasteful and long transfer.  There are also large enterprise services such as Microsoft that simply work on the internet and are so trusted many organisations choose not to route this type of traffic through a VPN.

The remaining traffic should be monitored, as unencrypted business data routed straight to the internet could be at risk of interception.

Split tunnel is recommended where performance can be an issue and you want to avoid creating network bottlenecks while at the same time want to access local network resources.  It’s a trade off, get some secure networking and accept the risk some data may be at risk.

If you can afford it as an organisation, both cost and effort, go full tunnel! All the network traffic is encrypted, all traffic is routed through to the VPN server.  This includes working from within the office or working from a hotel lobby, you are working within your own secure network for maximum privacy.