I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
Briefly list and explain the technology you will recommend using to setup the VPN.
When setting up a VPN, now that we have the budget to do so, I would setup a hardware VPN. While a hardware VPN does not allow for scalability and it is more expensive, it has its own processor and all traffic will be routed through it, providing better protection and the processing power will be used by the VPN versus a separate software server that was setup. When considering the hardware VPN though it is crucial to determine what your network needs are, and if you are going to grow. Because there is no scalability with a hardware VPN, it is more financially beneficial to go bigger than to get what you think you need, just to have to upgrade it later which would in turn just be costing more money; plus the time to reconfigure the new VPN!
List the best practices you intend to use.
I would place the VPN in a DMZ. This would allow the web servers (if there were any) to have access to the internet without a VPN, but then the firewall would protect the VPN as well as the connections past the VPN into the corporate network.
Explain any potential threats and exploits, and what precautions will be taken to prevent them.
I think the biggest threat to the company are the users. Whether advertently or inadvertently, users cause the biggest threats to a network. Between checking personal emails, clicking on random attachments, clicking on random links, or visiting potentially dangerous websites, users are what bring in the threats and exploits. To combat this I would make sure that every employee gets a statement of understanding so they know what they can and can not do on the network, with consequences if they were to do what they are not allowed to do including a counseling making them resign the statement of understanding. To include this I would also have monthly or quarterly training that everyone must attend to review the policies as well as if there are any changes.
The following recommendations ensure VPNs are implemented with a focus on protecting Confidentiality, Integrity, and Availability.
According to Network Security, Firewalls, and VPNs by Michael Stewart, VPN deployments should include strong authentication, strong encryption, and the VPN should be protected by a firewall (Stewart, 2015) to protect against modern threats and exploits. The book states, strong authentication ensures only authorized clients connect to the VPN server while strong encryption protects from man-in-the-middle attacks and ensures confidentiality of data transmitted over the internet. Lastly, putting the VPN behind a firewall protects it from internet based attacks such as Distributed Denial-of-Service (DDoS) (Stewart, 2015).
For this reason, to protect against threats and exploits I recommend IPsec. According to the article, what is IPsec by Josh Lake, IPsec works by establishing an encrypted point-to-point connection between the VPN server and client. IPsec uses Security Associations (SAs) to establish the parameters and encryption algorithms of the tunnel. IPsec then uses Encapsulating Security Protocol (ESP) and Authentication headers (AH), to encrypt the payload (lake, 2019). The primary drawback of IPsec is it requires a VPN client to be installed on the client workstation. This is not a requirement on other implementations such as Secure Socket Layer (SSL).
Additionally, the VPN should be placed in a De-militarized zone (DMZ) configuration. This ensures the VPN is located behind the firewall and protected from internet attacks (Stewart, 2015).
Other implementations include point to point tunneling protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), & Secure Socket Layer (SSL) for implementing VPN authentication and encryption.
Stewart, J. M. Network Security, Firewalls and VPNs. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812841077…
Lake, Josh (2019). What is IPsec and how does it work. Retrieved from https://www.comparitech.com/blog/information-security/ipsec-encryption/