ExampleFinancial got attacked by a group of hackers from Elbonia. Forensic analysis shows that a home users machine was infected with a spreading Trojan that got into the corporate network through the VPN. The attackers wanted to use it to capture important source code but also ended up using it to obtain information from the dataset of customer information.
What policy can they implement to avoid this in the future?
A) Enable a 25 character password for all VPN access
B) Do not allow VPN access from home computers
C) Use only dial-up connections for VPN access to a segmented gateway
D) Require bio-metric authentication

Question

Quizplus · Accepted Answer

"Split Tunneling" should not be allowed from home users. If a data or process is accessed from a less secure source, while at the same time that same client is accessing a more secure source, unintentional exposure can result. If the VPN can be accessed from home, all other network activity should be disabled, or the access should not be allowed to the VPN at all.

ExampleFinancial Got Attacked by a Group of Hackers from Elbonia