VPN Responses

Provide (2) 200 words substantive response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.

RESPONSE 1:

As VPNs are becoming more and more popular with the average user base, some of the issues that come with them are not common knowledge. The use of a VPN to have your IP address hidden and to have your network traffic encrypted also comes with its fair share of problems if mishandled. The first thing that comes to mind with VPN issues is quality of service. The functionality of the VPN as well as any devices connected to it can be decreased due to poor stability of the service offered by the VPN provider, though this issue can be alleviated by switching to a new VPN provider or ensuring that your VPN isn’t misconfigured. Another issue that comes with implementing a VPN into your network is the actual data transmission process. While yur information is encrpted when being sent through the VPN server, the VPN provider may be able to see everything that goes through it unless it is specifically stated in their policy that they are unable to snoop on information being passed through their VPN. This issue can be alleviated by doing research on what VPN you plan to use before implementing it into your network as well as not defaulting to a cheaper not as well known VPN company. It is also very important to note that VPNS do not stop the transfer of malicious code or malware. It will be transferred the same way it would transfer any other piece of information. Id recommend having a firewall in place to filter your data before being sent through the VPN.

-MAURICE

RESPONSE 2:

While a Virtual Private Network (VPN) allows individuals to access the Internet or a remote system anonymously and reliably (usually)i.e., it essentially provides secure communications over insecure public networksthere are a multitude of issues to consider when establishing and deploying a VPN.

First, what type of VPN should you deploy? Is your organizational fit more so for a software or hardware VPN? As for encryption, should you use IPSec or SSL encryption? Should the connection be via Intranet or Extranet, or obtained using remote access? Finally, how about the configuration of it, i.e., is site-to-site or client-to-site better (Stewart, 2010)?

Misconfiguration can leave the VPN susceptible to compromises and attacks. For instance, when Internet Key Exchange protocol is used (by IPSec), there is an username enumeration vulnerability. Security specialists must ensure that other VPN compromises such as fingerprinting, issues with storing passwords, and no account locking out are remedied. Specifically, using tunnel mode can be worrisome, as it is estimated VPN tunnels are not set up correctly almost 90% of the time (Rahimi and Zargham, 2011).

As with most best practices system implementation recommendations, VPNs should use strong passwords, and ensure lock out after a certain number of attempts using an incorrect password or username. Having a small number of individuals using a VPN also inherently makes it more secure, so ensuring only the employees or individuals needing access, have it. Monitoring and maintenance must also occur regularly so any irregularities can be identified proactively or early on, to prevent compromises and attacks.

References

Rahimi, S. and Zargham, 2011. Security Analysis of VPN Configurations in Industrial Control Environments. 5th International Conference Critical Infrastructure Protection (ICCIP). Retrieved 14 March 2020, from https://hal.inria.fr/hal-01571782/document

Stewart, J.  (2010). Network Security, Firewalls and VPNs. Retrieved 14 March 2020, from https://www.oreilly.com/library/view/network-security-firewalls/9780763791308/

-GRETCHEN