StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Virtual Private Network as an Appropriate Control - Case Study Example

Cite this document
Summary
The paper "Virtual Private Network as an Appropriate Control" for establishing a secure channel recommends defining the scope i.e. the phoenix site should be ISO /IEC 27001 certified. A warm or hot site is recommended for ensuring business continuity in case of a disaster.   …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER99% of users find it useful
Virtual Private Network as an Appropriate Control
Read Text Preview

Extract of sample "Virtual Private Network as an Appropriate Control"

Full Paper Microsoft Windows Access Controls As per the scenario, the district offices incorporate employees connecting remotely via mobile devices and smart phones. For establishing a secure channel, Virtual private network is an appropriate control. VPN will encrypt the data before sending and it establishes a secure channel protected from hackers of cyber criminals. However, user credentials are required for authorization and authentication on the VPN server. Furthermore, for configuring multiple operating system environments on active directory, a domain server must be placed in Georgia, India, California, Canada and New York. As all applications are hosted on the Phoenix site, they should be configured on HTTPS and must use a VPN tunnel for exchanging data with the other 4 sites. Moreover, for adding an extra layer of security, MAC addresses should be linked with WAN IP addresses requesting access to one of the hosted applications. Access Control policy should be drafted that will address access to whom and why. A responsible, Accountable, Consulted and Informed (RACI) chart should be developed, as it will define roles and responsibilities for each user permitted to access web based applications. 2 Blowfish Encryption Algorithm for NextGuard As per computer desktop encyclopedia Blowfish encryption algorithm is defined as “A secret key cryptography method that uses a variable length key from 32 to 448 bits long. It uses the block cipher method, which breaks the text into 64-bit blocks before encrypting them. Written by Bruce Schneier, as a free replacement for DES or IDEA, it is considered very fast and secure” and as per network dictionary, it is defined as “Blowfish is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms. It is a symmetric (that is, a secret or private key) block cipher that uses a variable-length key, from 32 bits to 448 bits, making it useful for both domestic and exportable use”. Blowfish is an encryption algorithm that was invented by Bruce Schneier in 1993 (Pachghare, 2009). It is constructed on a variable length key ranging from 32 buts to 448 bits that is considered to be perfect for both local and international use along with a solid encryption algorithm. After its recognition to be relatively solid encryption algorithm, it is gradually gaining acceptance. Some of the core features of blowfish algorithm include (Pachghare, 2009): Blowfish has a block cipher of block consisted of 64 bit The length of the key can be up to 448 bits BladeCenter web interface: MM Control, Login Profiles page. (n.d.) On 32 bit microprocessor architecture, data encryption is supported at a rate of 18 clock cycles on every byte that is much quicker than DES and IDEA encryption. It is still free to use and is not patented Memory requirements for blowfish are less than 5 kilobytes of memory The semantics are simplified and is relatively easy to deploy The design requirements for a blowfish encryption algorithm incorporates robust, simple to code, compact, easily modifiable and flat key space features (Anderson, 1994). Likewise, flat key space facilitates random strings to be considered as a possible key from a required length. Moreover, it deploys data in massive byte size blocks and incorporates 32 bits blocks where applicable (Anderson, 1994). Key ranges, as mentioned earlier are from 32 to 448 bits and operations are common that are supported by microprocessors such as XOR, table lookup etc. furthermore, pre-computable sub keys are applicable with variable iterative numbers. These sub keys are massive and must be pre-calculated prior to encryption or decryption process carries out. In an example below, let’s assume that P is pre-calculated array consisting of 18, 32 bit sub keys from P1, P2… till P 18. In addition, there are S boxes (32 Bit) indicated by S with entries equal to 256 each (John Rittinghouse & Hancock, 2003). S1, 0, S1, 1…S1, 255; S2, 0, S2, 1….S2, 255; S3, 0, S3, 1…S3, 255; S4, 0, S4, 1….S4, 255; The sub key calculation process is calculated by deploying the following algorithm (John Rittinghouse & Hancock, 2003): Step1: Nextguard Technologies can prepare the P array along with four S-boxes in direction with a static string containing hexadecimal digits. Step 2: XOR P1 with the leading 32 bits from the key and XOR P2 with the next 32 bits of the key Step 3: By using the blow fish algorithm, Nextguard Technologies can encrypt all strings equal to zero by incorporating the sub keys mentioned in step 1 and step 2. Step 4: This step is associated with swapping P1 and P2 with the result of step 3. Step 5: In this step, the result of step 3 will be encrypted by utilizing the blow fish algorithm along with the modified sub keys. Step 6: Now P3 and P4 will be swapped with the result of step 5. Step 7: There is a requirement of making process to continue for swapping all the entries in order from the P array along with all four S-boxes. The result will be the blow fish algorithm that is changing on a continuous basis. Step 8: Lastly, a total of 521 are essential and mandatory to develop all the sub keys that are required. Applications can save the sub keys instead of executing them on a continuous basis along with the process of sub-key generation. 3 Plan for Countermeasures For Nextguard Technologies, a single domain model would be sufficient to establish a forest root domain. Once the domain is created, the DNS configuration is needed. Moreover, type of DNS versions, names for the domains, servers and Active Directory services, names of the forest and forest root domains are configured. In order to generate trust plan that is comparable to forest and domain plans. The outlines related to trust plan are manually designed additionally. In order to enhance the performance surrounded by single or separate forest, trust can be applied for several rationales. 1.1 Limited Access In order to limit the access for the sales department and other employees, configuration is carried out in “Active directory users and computers” console. Click Start menuAdministrative Tools,  Active Directory Users and Computers. In the console, click user account Right-click the user accounts, and then click Properties. Click Account , Next, click the option Logon Hours. Click Logon Denied after clicking All to select all available times. Select the time blocks as per the requirements to allow the specific user to log on to the domain, and then click Logon Permitted. A status line provides the options to edit logon times including days of the week, and timings. 1.2 User Login Restriction Active Directory Users and ComputersPropertiesAccounts Click the logon workstations dialog box by clicking the Log On To tab. Enter the name of a required workstation. Click Add. Replicate this procedure to identify additional workstations as per the organizations requirements. 1.3 User Restriction on Workstation In Windows 2003 Domain client’s restriction policy can be implemented by executing group policy. By executing group policy, the clients are restricted from logging onto different domains except their home domain. The aimed domain creates a new “domain wide group policy objects”. This can be activated by “Deny logon locally” to the client’s domain account. For the “deny logon locally” option, the check must be enabled. 1.4 Configuring mandatory file access By configuring the ‘User’s Environment Settings’, the compulsory file access is applied. Active Directory Users and Computers Users Properties  Profile tab. Click option named as local path. Insert the path to the home directory in the related field. Example C:\ NextGuard Technologies \ %UserName%. 1.5 Password Policy In the Active directory users and computer console, password policy is implemented. There are five core elements of password policy are implemented on all the created users. According to organizations need, the password history is applied. Maximum password age is applied i.e. 30 days. As per organizations need, minimum password age is defined. Minimum 10 characters password length is applied. Difficulty criteria must be assembled for passwords. According to organizations requirement. 1.6 Account Lockout Policy A group policy relieve is needed for the Account Lockout Configuration. On the right hand side expand the security optionsexpand computer configurations select Windows settings  click security settings click local Policies select security options. By double clicking properties of automatically log off users when login time expires opens a dialog for defining policy. Clicks define this policy setting and click on enabled tab. In fact, the restrictions regarding policy insist for logon an hour that is activated. 4 Incident Management /Disaster Recovery Plan for Next Guard Technologies The disaster recovery plan covering all the issues and counter measures is demonstrated below (Sandhu, 2002): Threats Counter Measures Power Failure Alternate power distribution link Database Failure Backing up data on 3 different locations at the same time by disk mirroring, ciphering, DLT or manual backup on a daily basis. System Failure Alternate system to replace the affected system Theft Lock Cabinets IP cameras, biometric fingerprint identification, Vandalism Hard steel box for Servers and Databases Flood Relocating or replicating the network room Create a duplicate or replica of crucial data servers that are geographically located away Fire water sprinklers, Fire extinguishers Earthquake Relocating data with data centers that are geographically located away The initial step is to identity the information assets of NextGuard Technologies on the network along with the services associated with it. The next consideration must be given to the replication of these services that can be implemented on other systems. For NextGuard Technologies, there were two issues contributing to each other i.e. application system failure, database failure and power failure. After identifying information assets on the network, Application server, Database, and power supply are considered as the critical services. In order to determine the cost associated with these three services, following factors are indicated. 4.1 Application Server An image of the primary application server can be replicated to the secondary machine in order to switch to other system, if a system failure arises. If both of the systems the primary and the secondary application server crashes, there must also be a third system that can be connected to the network. The cost can be determined by installing applications on three servers. 4.2 Database Database is a critical asset for every organization, which needs to be protected from system failure, hackers, viruses, intruders, physical theft etc. In order to determine the cost, database must be replicated to two separate points, i.e. Secondary system backup and data center backup. If both primary and secondary systems crashes, data is still secure in the third location i.e. data centers. The cost is linked with primary and secondary systems along with the cost associated with maintaining regular backups with secure data centers. 4.3 Floods Power is a crucial source for a network to be operational. Uninterruptable Power Supply must be connected to the critical assets on the network, as floods may disrupt power sources to critical assets. Moreover, alternate power source is also a requirement. It is useful when a primary source of power goes down. The cost is associated with UPS and alternate power source. 4.4 Internet Server / Proxy Server If WAN becomes unavailable on the Phoenix site, none of the remote branches or district offices can access the hosted applications. A primary link along with secondary link should be configured for replication. The configuration setting can be defined in the router so than they can switch instantly if one of the links are down. However, both links should not be from the same ISP. 5 Best Practices / Summary & Recommendations The recommended solution should be to define the scope i.e. the phoenix site should be ISO /IEC 27001 certified. As all critical assets are located on this site, a warm or hot site is also recommended for ensuring business continuity in case of a disaster. Similarly, after getting 27001/IEC certified, appropriate controls should be applied and regular audits will be conducted to identify non compliance issues. Currently, we have implemented VPN for a secure access to applications Blowfish encryption algorithm on emails and VPN tunnels for accessing hosted applications We have also implemented Disaster Recovery Plan that will be activated in case of a disaster References Anderson, R. (1994). Fast software encryption: Cambridge security workshop, cambridge, U.K., december 9-11, 1993 : Proceedings Springer-Verlag. Blowfish. (2007). Network Dictionary, , 71-71. BladeCenter web interface: MM Control, Login Profiles page. (n.d.). Retrieved from http://publib.boulder.ibm.com/infocenter/bladectr/documentation/topic/com.ibm.bladecenter.advmgtmod.doc/kp1bb_bc_mmug_mmloginprofilepage.html John Rittinghouse, P. D. C., & Hancock, W. M. (2003). Cybersecurity operations handbook Elsevier Science. Pachghare, V. K. (2009). Cryptography and information security Prentice-Hall Of India Pvt. Limited. Sandhu, R. J. (2002). Disaster recovery planning Premier Press. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Virtual Private Network as an Appropriate Control Case Study Example | Topics and Well Written Essays - 2000 words, n.d.)
Virtual Private Network as an Appropriate Control Case Study Example | Topics and Well Written Essays - 2000 words. https://studentshare.org/information-technology/1797091-you-are-a-security-professional-hired-by-nextgard-technologies-in-phoenix-az-to-provide-a-windows-security-implementation-model-for-their-organization-nextgard-specializes-in-network-consulting-services-for-us-companies-and-they-want-to-upgrade-and-secu
(Virtual Private Network As an Appropriate Control Case Study Example | Topics and Well Written Essays - 2000 Words)
Virtual Private Network As an Appropriate Control Case Study Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/1797091-you-are-a-security-professional-hired-by-nextgard-technologies-in-phoenix-az-to-provide-a-windows-security-implementation-model-for-their-organization-nextgard-specializes-in-network-consulting-services-for-us-companies-and-they-want-to-upgrade-and-secu.
“Virtual Private Network As an Appropriate Control Case Study Example | Topics and Well Written Essays - 2000 Words”. https://studentshare.org/information-technology/1797091-you-are-a-security-professional-hired-by-nextgard-technologies-in-phoenix-az-to-provide-a-windows-security-implementation-model-for-their-organization-nextgard-specializes-in-network-consulting-services-for-us-companies-and-they-want-to-upgrade-and-secu.
  • Cited: 0 times

CHECK THESE SAMPLES OF Virtual Private Network as an Appropriate Control

Technology Implementation Paper

hellip; The appropriate standard operating procedures or implementation of such development is necessary.... Hence the investment in new technology at appropriate time and place is paramount.... It includes all marketable or transferable product, process, service, standard, know-how, methodology, software, network, experience, etc.... Again, it adds an abstraction or virtualization layer, between the edge of server and network....
5 Pages (1250 words) Essay

Virtual Private Network Tools

VPN software enables a client to join a private network as if they are at a local computer within the network despite the physical distance the client might be away from the network.... For a smooth establishment and maintenance of a virtual private network, one is required to have appropriate networking software and hardware installed in their computers and the local network.... In order to completely set up a virtual private network, certain software and hardware tools known as the VPN tools are necessary....
18 Pages (4500 words) Term Paper

Requirements for Dental Office Network Design

The organization requires the formation of appropriate national standards for electronic healthcare operations (Stair & Reynolds, 2010).... Dental office network design Name Professor Institution Course Date Analyze the given case and provide a clear set of requirements for the network solution Operation of a single dental office does not require a lot of attention in terms of network solutions as compared to several offices....
4 Pages (1000 words) Case Study

Data communications and Network Fundamental

Introducing VPNA virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet.... irtual private network technology should be used in Brilliant Boats network infrastructure to solve a number of issues, such as remote access over the Internet, connecting computers over an intranet and connecting networks over the Internet.... By using a VPN server, the network administrator can ensure that only those users on the Brilliant Boats' intranet who have appropriate credentials can establish a VPN connection with the VPN server and gain access to the protected resources of the sales department....
4 Pages (1000 words) Assignment

Network Security and Growing Problems Protecting your Privacy

he typical hacker that finds ways to steal private information are not industry IT or IS professionals but enthusiast that are technically savvy enough to understand the inner workings of a computer and software language to control them.... In the last decade, federal governments like the FBI and other organizations have supported the Cyber command battling computer intrusions to fend of attacks network systems.... he problem with network systems security is how easy a hacker can access your system to gain what the criminal is targeting....
18 Pages (4500 words) Research Paper

Potential of virtual currency

The virtual currencies are evaluated in terms of computer applications as well as social networking.... There are various forms of virtual economies such as the closed loop economies; it is involved in the restriction of users to single entities, and the currency is acceptable.... Due to growth on the gaming systems and also virtual economies the gap between virtual systems and the real world has become blurred.... It should also get understood that there are possibilities of the virtual economies to get converted to real world goods, as well as currencies....
4 Pages (1000 words) Research Paper

Distributed Software Control: A Distributed Computer System

This report "Distributed Software control: A Distributed Computer System" presents cloud computing as a Remote Procedure Call by offering advantages relating to time and cost.... Remote Procedure Call as powerful distributed software control is client/server/client-based programs.... It is an establishment of an abstract version of an operating system, a storage device, a server, or network resources.... Storage is the pulling together of physical storage from several network storage devices into what looks like a single storage device that is controlled from a central console....
8 Pages (2000 words) Report

Computer Networks and Network Designs

This paper "Computer Networks and network Designs" will give an in-depth definition of these networks and where they should be best applied.... The most common network used in organizations is the LAN as it only covers a small geographical area.... The OSI and PCP/IP network models will be discussed in-depth in this paper explores the different layers of these models and their functions.... Much emphasis will be given to the OSI network model as it is the most commonly used model....
12 Pages (3000 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us