How serious is a problem is multi-homed networks?

1. Massive is debatable but it is a security issue. Your laptop machine (in this case) is directly connected to the Internet and the LAN without any of the corporate firewall measures in place to protect one from the other.

2. A VPN is an encrypted session providing access for an outside machine to internal resources. In many ways it is similar on the surface where an infected PC could still cause issues for the LAN but in this case, the traffic is traveling through corporate devices (VPN server, firewall, etc.) that are often monitored and can be further secured with intrusion detection and other services that can minimize the risk. By contrast, in your example, the PC is the only thing between the intruder and the LAN.

3. I'm not sure the difference here as "public wireless network" typically means "Internet" to me. But the same holds true, the PC is acting as the bridge between networks and it is not secured or designed for that purpose.

4. Remote access from unsecured machines is always a challenge for security. This is why many corporate machines are equipped with firewall software like Symantec Endpoint Security and required to access the LAN via approved methods (VPN) which are further secured with intrusion protection, virus scanning, and other security mechanisms.

Essentially, it routes around the security put in place by the company, either with an inbound connection or outbound connection or both. Some of these security measures include restricting employee access to the internet. As such, picking up another wireless connection completely works around the firewall set up on outbound connections. Not only does this allow employees to screw around on company time, but it may also introduce viruses into the internal network through compromised websites.

Alternatively, it can provide a hacker with a direct route into the corporate network, from which they can launch attacks. Similar issues have happened in the past where someone set up their own modem for dialup access into the company, without asking the IT department. Attackers then were able to get complete access to the internal network. It's kind of like the fortress at Helm's Deep. Having stone walls 17 feet thick doesn't matter much when someone digs a hole through it for a drain.

Multihoming is having a connection to two different network connections at the same time. Such as two network cards. However, the security problems extend to more than just that, such as you described with additional virtual network connections being tunneled over the single physical connection.

Network security professionals to take these sorts of configurations seriously, as it increases the attack surface of the network they're trying to defend. When you bridge a workstation between the corporate intranet and the public internet (via something like a ClearWire modem), it does indeed bypass all the corporate protections and your machine is the only thing standing between the two. Therefore, the security managers have to pay attention to it.

1. Is this really a massive security hole? Pretty large, yes, Though it can be mitigated if managed correctly. The key being to manage it. Rogue ClearWire modems or 3G network dongles do not qualify as 'managed' and thus incur the maximum penalty.
2. How (if any) does this differ from being connected to a VPN? Is that not the same thing? If the VPN is managed by the company, there are standards they can put in place on that VPN to make sure the traffic is managed. Or if it isn't, at least be able to tell which user was responsible for the bad traffic that managed to get through. On the other hand, if the VPN is one you're running to your home network somehow, that counts as 'unmanaged' and will be treated as #1. Even if your home network is firewalled six was from Sunday.
3. How (if any) does this differ from being connected to a LAN and public wireless network at the same time? As far as the security manager is concerned, establishing a VPN connection to some unidentified remote part of the Internet and connecting to a public wireless network are exactly the same thing as far as risk management goes.
4. How do you protect from this? It's a cat and mouse game. To prevent VPN connections outbound, Firewalls are configured to attempt to block VPN-like traffic. To prevent wireless connections, asset-inventory and network-access-control software can identify workstations with more network connections than authorized, which will trigger whatever actions are needed. Users are wiley, and will find ways around most network access controls (almost anything can be tunneled over HTTP these days), so this game is continually evolving.

The thing to keep in mind is that from a Security Manager's point of view, there is no real difference, risk-wise, between a VPN to your home network, a wireless connection to the Starbucks downstairs, or a ClearWire modem naked on the internet. Each of these have varying levels of risk, but it is impossible to truly automatically discriminate between them. Thus, each has to be treated as if the remote connection is pointed at the naked internet.

I've never heard multi-homed used in this context. Multi-homed generally means that one machine has it's foot into two or more networks via multiple adapter cards.

What you're describing is internet browsing while logged onto a lan. While there are risks to this, the risks have little to nothing to do with whether you're doing them at the same time or not.

There are numerous steps you can take to mitigate those risks. Is it a massive security hole? It can be.

I supposed you could consider being connected to a vpn as "multi-homed" if you're using split tunneling.

Edited to add

Websurfing from a multi-homed firewall for instance, would not be the best of ideas.