Homexnetd.com
xnetd.com

3.13 SYSTEM AND COMMUNICATIONS PROTECTION

3.13.7 Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling) | NIST 800-171 control 3.13.7 aims to prevent split tunneling, where a device connected to a VPN also uses a separate internet connection. This reduces the risk of unauthorized access to internal systems by restricting communication paths and enforcing network segmentation. System administrators configure VPNs and firewalls, while users follow policies.

3.13 SYSTEM AND COMMUNICATIONS PROTECTION
Back to "3.13 SYSTEM AND COMMUNICATIONS PROTECTION"
3.13 SYSTEM AND COMMUNICATIONS PROTECTION
🖨️

3.13.7 Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling)

By wnoble2005@gmail.com (William Noble) 📅 2024-03-03
NIST 800-171 control 3.13.7 aims to prevent split tunneling, where a device connected to a VPN also uses a separate internet connection. This reduces the risk of unauthorized access to internal systems by restricting communication paths and enforcing network segmentation. System administrators configure VPNs and firewalls, while users follow policies.



Split tunneling might be desirable by remote users to communicate with local system resources such as printers or file servers. However, split tunneling allows unauthorized external connections, making the system more vulnerable to attack and to exfiltration of organizational information. This requirement is implemented in remote devices (e.g., notebook computers, smart phones, and tablets) through configuration settings to disable split tunneling in those devices, and by preventing configuration settings from being readily configurable by users. This requirement is implemented in the system by the detection of split tunneling (or of configuration settings that allow split tunneling) in the remote device, and by prohibiting the connection if the remote device is using split tunneling.

Benefits:

Enhanced security for organizational networks by preventing split tunneling. This practice allows remote devices to access both the organization's internal network (through a VPN) and the public internet simultaneously. This creates a security risk as unencrypted traffic from the public internet could potentially access the internal network.

Accountability:

Senior Management: Approves and enforces policies: Establish policies prohibiting split tunneling and ensure awareness across the organization. Provides resources: Allocate budget and personnel to implement and maintain controls for disabling split tunneling. Reviews and audits: Conduct periodic reviews of control effectiveness and remediate any identified shortcomings.


IT Security Team: Implements technical controls: Configure VPNs and network devices to detect and prevent split tunneling. Develops and maintains procedures: Create guidelines and procedures for employees on proper VPN usage and troubleshooting. Monitors and logs activity: Monitor for potential split tunneling attempts and investigate suspicious activity.

System Owners: Configure systems: Ensure system configurations comply with the organization's split tunneling policy. Maintain system security: Implement additional security controls on systems accessed through VPNs. Report vulnerabilities: Report any vulnerabilities identified in systems that could be exploited through split tunneling.

Individual Users: Comply with policies: Understand and adhere to the organization's policy on split tunneling. Avoid unauthorized configurations: Refrain from modifying VPN configurations to enable split tunneling. Report suspicious activity: Report any attempts to circumvent or exploit security controls related to split tunneling.

Implementation:

Detection: Organizations can implement solutions that: Identify split tunneling configurations on remote devices. Monitor network traffic for signs of split tunneling activity.

Prevention: Disable split tunneling functionality on remote devices through configuration settings. Enforce full VPN tunnel usage for all traffic when connected to the organization's network.

Go to docs.google.com

About "3.13.7 Prevent remote dev...ling)" 🡃
Category:Cybersecurity Maturity Model
Family:System and Communications Protection (AC 3.13)
Type:Derived Security Requirements
#CybersecurityMaturityModel #DerivedSecurityRequirements
⬅ Back to 3.13 SYSTEM AND COMMUNICATIONS PROTECTION

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024