Controls are not in place to prevent bridging, multi-homing and split tunneling

All - going through a security audit and that are asking us to implement controls to  prevent bridging, multi-homing and split tunneling.

we have lots of engineers both on Macs and PC's using VirtualBox and VMWare with network bridging and NATing also, has anyone ever deal with a request like this?
LVL 2
IT GuyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
we have lots of engineers both on Macs and PC's using VirtualBox and VMWare with network bridging and NATing also, has anyone ever deal with a request like this?

The problem is that these applications, require Local Administrator rights, and only way to stop them using Network Bridging and NAT, is to move them ALL the a Corporate Platform, like Hyper-V  or VMware vSphere.

It's not easily done within the application, and when it's done breaks the application. To stop it you have to stop them using it!

Which comes down to WHY do they need VMs ? if there is a developer need migrate them to a controlled platform which can be Audited.

Which we have done.....e.g. banned VMware Workstation and Virtualbox at the desktop.
andyalderSaggar maker's framemakerCommented:
Does this give you an alert when you press "start" ?
https://www.myabandonware.com/game/spaceward-ho-30l/play-30l

Just trying to confirm your requirement of removing the bridging/routing/NAT function from the TCP/IP stack but maintaining endpoint connectivity at this late a stage.
Dr. KlahnPrincipal Software EngineerCommented:
I'm with Andrew.  The easiest control is "We would like to remind everyone that the corporate network is the backbone of our operation and anything other than normal everyday use requires the approval of IT Networking.  The following in particular are prohibited: ..."

Then, having fired the warning shot, wait three weeks until everyone is thinking "toothless tiger", and terminate someone very publicly with Security marching them out the door.  (You can rent "employees" for this purpose, by the way.)  The word will get around within 15 minutes, and end of problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.