- You have been hired by a small company that has set up a VPN. The VPN is used by two business partners with which the company needs to communicate on a regular basis. You set up a simple mesh configuration, going from office to office to do the initial configuration, which includes SA table listings for all devices in the VPN. The VPN operates smoothly until your company purchases another business that has branch offices located overseas. You are given the assignment of expanding the VPN to include the new employees. You are told that all internal LANs should be able to communicate with one another and are told in confidence that more acquisitions may be in store. You are happy about the prospect of traveling overseas to extend the VPN, but the prospect of updating four or more VPN devices around the world on a regular basis seems impractical. What should you do to help the VPN grow?
In this case I will go for the Site-to-Site IPSEC VPN. This approach will enable me to use the communication structure of the WAN or Wide Area Network to make the different LAN able to communicate with each other and share resources. This is the best technique for connecting the different sites of the same business. This will is also cost effective techniques and can be implemented on the third-party internet.
- Your company (the same one from the previous exercise) does indeed follow through with the purchase of a distribution center located in another state. You are told, however, that only the central office and one branch office will need to communicate with the distribution center, to send delivery instructions and maintain shipping records. You are told that speed is of the essence in getting updated records, particularly at budget time each spring. What is the best way to expand this VPN?
In this case, I will go for the Remote-Access VPN techniques. This is a useful way to emulate the main office. It will however depend on the deployment requirements. I mean the choice to either use SSL VPN of IPsec will depend on these requirements. This VPN strategy can forward voice, video or any other data.
Question: Have you used a VPN (Virtual Private Network)
Yes I have used a VPN several times to connect to websites that were not available in the region I was living in. VPN connects you to a server by manipulating your ip address to be from somewhere else and hence a virtual connection is established.
I used ZenMate Desktop VPN Client ( https://zenmate.com/ ) for my VPN browsing. ZenMate is a security privacy service and is very useful and easy to use while becoming a part of a VPN on the internet. The basic usage is free and an extended premium version can also be acquired by making payments on monthly basis.
Question: Why is it so important to have a specific security policy that covers the use of VPN?
A VPN Security Policy provides a basis to the use of the VPN. This policy constitutes of almost everything related to how and who the VPN will be used by. It also defines the rules for who will be and who will not be allowed to use a VPN and how the access will be limited.
Following are some of the basic specific aspects of the VPN Security Policy:
- Is the user going to be allowed to use both unsecured and secure networks at the same time? In other words, is split tunneling required or not?
- Will a dedicated network device will be used at both the server and client side. It is important to know about the status of the strength of the possible security and the plausible threats to the VPN.
- How will the clients be treated who do not fulfill the security criteria? What will they have access to and what not?
- I is important to know about the authentication mechanism of the VPN.
- What type of encryption will be used? The use of 128-bit IPSEC (3DES) or 256-bit AES is recommended (“importance of an effective VPN security policy – TechRepublic,”).
The importance of an effective VPN security policy – TechRepublic. (n.d.). Retrieved from http://www.techrepublic.com/article/the-importance-of-an-effective-vpn-security-policy/