01 Jul ISSC421 vpn discussion response
Question Description
Hello,
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
Briefly list and explain the technology you will recommend using to setup the VPN.
List the best practices you intend to use.
Explain any potential threats and exploits, and what precautions will be taken to prevent them.
Student one:
Hello Class,
Briefly list and explain the technology you will recommend using to setup the VPN.
When setting up a VPN, now that we have the budget to do so, I would setup a hardware VPN. While a hardware VPN does not allow for scalability and it is more expensive, it has its own processor and all traffic will be routed through it, providing better protection and the processing power will be used by the VPN versus a separate software server that was setup. When considering the hardware VPN though it is crucial to determine what your network needs are, and if you are going to grow. Because there is no scalability with a hardware VPN, it is more financially beneficial to go bigger than to get what you think you need, just to have to upgrade it later which would in turn just be costing more money; plus the time to reconfigure the new VPN!
List the best practices you intend to use.
I would place the VPN in a DMZ. This would allow the web servers (if there were any) to have access to the internet without a VPN, but then the firewall would protect the VPN as well as the connections past the VPN into the corporate network.
Explain any potential threats and exploits, and what precautions will be taken to prevent them.
I think the biggest threat to the company are the users. Whether advertently or inadvertently, users cause the biggest threats to a network. Between checking personal emails, clicking on random attachments, clicking on random links, or visiting potentially dangerous websites, users are what bring in the threats and exploits. To combat this I would make sure that every employee gets a statement of understanding so they know what they can and can not do on the network, with consequences if they were to do what they are not allowed to do including a counseling making them resign the statement of understanding. To include this I would also have monthly or quarterly training that everyone must attend to review the policies as well as if there are any changes.
Eric
Student two:
Greetings Class,
The following recommendations ensure VPNs are implemented with a focus on protecting Confidentiality, Integrity, and Availability.
According to Network Security, Firewalls, and VPNs by Michael Stewart, VPN deployments should include strong authentication, strong encryption, and the VPN should be protected by a firewall (Stewart, 2015) to protect against modern threats and exploits. The book states, strong authentication ensures only authorized clients connect to the VPN server while strong encryption protects from man-in-the-middle attacks and ensures confidentiality of data transmitted over the internet. Lastly, putting the VPN behind a firewall protects it from internet based attacks such as Distributed Denial-of-Service (DDoS) (Stewart, 2015).
For this reason, to protect against threats and exploits I recommend IPsec. According to the article, what is IPsec by Josh Lake, IPsec works by establishing an encrypted point-to-point connection between the VPN server and client. IPsec uses Security Associations (SAs) to establish the parameters and encryption algorithms of the tunnel. IPsec then uses Encapsulating Security Protocol (ESP) and Authentication headers (AH), to encrypt the payload (lake, 2019). The primary drawback of IPsec is it requires a VPN client to be installed on the client workstation. This is not a requirement on other implementations such as Secure Socket Layer (SSL).
Additionally, the VPN should be placed in a De-militarized zone (DMZ) configuration. This ensures the VPN is located behind the firewall and protected from internet attacks (Stewart, 2015).
Other implementations include point to point tunneling protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), & Secure Socket Layer (SSL) for implementing VPN authentication and encryption.
Regards,
-Stephen
References
Stewart, J. M. Network Security, Firewalls and VPNs. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812841077…
Lake, Josh (2019). What is IPsec and how does it work. Retrieved from https://www.comparitech.com/blog/information-security/ipsec-encryption/
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.