VPN STRATEGY 1
VPN Strategy
Samantha Smith
University of Maryland Global Campus
COP 620: Cybersecurity Defense
Professor Matthew Brown
September 28, 2021
This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00
https://www.coursehero.com/file/109810226/VPN-Strategydocx/
VPN STRATEGY 2
Table of Contents
VPN and Remote Access Requirements…..…………………………………….3
Key VPN Components and Description………………………….……………..3-4
Architecture Diagram Showing Components……………………………………4
VPN Security Plan……………………………………………………………..……4-5
References…………………………………………………………………………..6
This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00
https://www.coursehero.com/file/109810226/VPN-Strategydocx/
VPN STRATEGY 3
VPN and Remote Access Requirements
The subnets that will be remotely accessed are 192.168.0.0 from resources using
software, hardware, and networking. My existing servers can be modified and configured to
enable remote access by the following steps: On your Mac, choose Apple menu > System
Preferences, click Sharing, then select the Remote Management checkbox. If prompted, select the
tasks remote users are permitted to perform. My network bandwidth will support the traffic and
will be connected by corporate and BYOD devices with about 100 simultaneous users. The
remote users' internet connections be used if secured properly. The operating systems that
need to be supported for remote users Include Mac, Windows, and Linux for the everyday use
connecting to the VPN in which two-factor authentication will be used for data protection.
Key VPN Components
With AWS Client VPN, there are two types of user personas that interact with the Client
VPN endpoint: administrators and clients.
The administrator is responsible for setting up and configuring the service. This involves
creating the Client VPN endpoint, associating the target network, and configuring the
authorization rules, and setting up additional routes. After the Client VPN endpoint is set up and
configured, the administrator downloads the Client VPN endpoint configuration file and
distributes it to the clients who need access. The Client VPN endpoint configuration file includes
the DNS name of the Client VPN endpoint and authentication information required to establish a
VPN session (Scott et al, 2020).
The client is the end user. This is the person who connects to the Client VPN endpoint to
establish a VPN session. The client establishes the VPN session from their local computer or
This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00
https://www.coursehero.com/file/109810226/VPN-Strategydocx/
VPN STRATEGY 4
mobile device using an OpenVPN-based VPN client application. After they have established the
VPN session, they can securely access the resources in the VPC in which the associated subnet is
located. They can also access other resources in AWS, an on-premises network, or other clients if
the required route and authorization rules have been configured (Scott et al, 2020).
Architecture Diagram Showing Components
VPN Security Plan
In today’s computing environment and with more and more employees working remotely,
enterprises need a way to secure their communications with their corporate network. While
VPNs provide security by encrypting data and sending it through a “tunnel”, there are risks to
that security. These risks include VPN hijacking, in which an unauthorized user takes over a
This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00
https://www.coursehero.com/file/109810226/VPN-Strategydocx/
VPN STRATEGY 5
VPN connection from a remote client; man-in-the-middle attacks, in which the attacker is able to
intercept data; weak user authentication; split tunneling, in which a user is accessing an insecure
Internet connection while also accessing the VPN connection to a private network; malware
infection of a client machine; granting too many network access rights; and DNS leak, in which
the computer uses its default DNS connection rather than the VPN’s secure DNS server.
To address these risks, the must-have security features to ensure a secure VPN include
support for anti-virus software and IDPS, digital certificate support, strong authentication and
encryption algorithms, and the ability to assign addresses to clients on a private network while
ensuring all addresses are kept private. Hardening VPNs with additional authentication will
ensure only the right people have access. Two-factor authentication prevents hackers from
accessing your network using compromised credentials. It requires users to validate their identity
by presenting a second security factor in addition to their password. When connecting to a
corporate network, users must first enter their Active Directory credentials, followed by a time-
based one-time password or HMAC. This OTP (a digital code) is displayed on something that a
user “owns”, such as a specialized smartphone application called an authenticator or a
programmable hardware token such as Token2 or YubiKey (Bunn, 2020). One of the key ideas
behind two-factor authentication is that it is extremely difficult to impersonate a user without
having access to this second factor. This means that even if hackers manage to steal all of your
employees’ usernames and passwords, they still won’t be able to access your VPN because they
don’t have the two-factor authentication code (Bunn, 2020). This is an additional layer of
security against unauthorized access to your systems.
This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00
https://www.coursehero.com/file/109810226/VPN-Strategydocx/
VPN STRATEGY 6
References
Bunn, C. (2020, August 7). Why your VPN connections need Two-factor authentication (2FA). Security Boulevard. Retrieved from https://securityboulevard.com/2020/08/why-your-vpn-connections-need-two-factor-authentication-2fa/.
Scott, C., Wolfe, P., Erwin, M., Utashiro, K., & Suda, T. (2020, November 4). VPN. Amazon. Retrieved from https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/how-it-works.html.
This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00
https://www.coursehero.com/file/109810226/VPN-Strategydocx/Powered by TCPDF (www.tcpdf.org)