[c-nsp] Cisco ScanSafe, aka Cisco Cloud Web Security
John Kougoulos
john.kougoulos at gmail.com
Wed Dec 4 13:43:02 EST 2013
On Wed, Dec 4, 2013 at 6:18 PM, Eugeniu Patrascu <eugen at imacandi.net> wrote:
> On Wed, Dec 4, 2013 at 5:53 PM, Herro91 <herro91 at gmail.com> wrote:
>
> > Has anyone on the lists explored Cisco's ScanSafe SaaS offering, now
> called
> > Cisco Cloud Web Security - as a means of providing protection in the
> cloud
> > that would potentially negate the requirement to have a full tunnel (i.e.
> > allow split tunneling) for teleworkers?
> >
>
> First of all, why are you allowing or disallowing split tunnel networks ?
>
> The only case I see when you want to route all traffic through the gateway
> is when you have a big network that changes constantly and you don't want
> to update ACLs all day to make sure a teleworker can reach certain
> equipment no matter what.
>
Hi,
one argument against split tunneling is the possibility that the attacker
would install somehow a proxy on the laptop of the victim. This would
expose the corporate network to the attacker via the victim's laptop, while
the victim is connected to the corporate net.
On the other hand, split tunneling is something that is enforced on the
client...
Regards,
John
More information about the cisco-nsp
mailing list