Network Hardening Essay
It was created to establish a virtual pint-to-point connection through the using of dedicated connections, virtual tunneling protocols or traffic encryptions. Three Strategies for hardening the network environment 1 Firewall Friendly VPN The increase demands of e-business come with a compelling requirement for data security. Virtual Private Network with IP Security Architecture (Pipes VPN) meets this requirement by providing end-to end encryption and authentication at the Player and protecting confidential data that flows over possibly untrustworthy networks.
Pipes has the advantage of a wide scope of coverage ND agile granularity of protection; however, incompatibilities exist between Pipes VPN and the Network Address Translation (NAT) that firewalls use. 2 Security policy enforcement: Means of enforcement of security policy should be a primary consideration throughout the research, test and implementation phases of any security technology. Careful research, review of manufacturer’s documentation, questions presented to vendors and manufacturers, and testing of the technology can serve to meet this criteria.
Without a method of enforcement, effectiveness of security policy is questionable at best. While audit trails, hardware analysis and security logs should be reviewed regularly; it is a time-intensive process and this alone alerts the administrator to violations and security threats after they have occurred. Without a means of enforcement, the administrator is risking the security of the VPN by relying upon the remote VPN users to voluntarily comply with policy.
As the secure network perimeter is being extended to encompass the VPN client, security policy must be enforced in ‘real-time’ to protect the integrity of both the VPN client and the network. Having addressed security policy issues that require the VPN client to have antivirus software installed and using the latest update; policy also requires a properly configured personal firewall to be running on the client PC or Laptop, and requires a time limit on inactive VPN sessions. How is this to be made obligatory, and remove the responsibility from the VPN user to voluntarily comply with policy?