VPN STRATEGY 1

VPN Strategy

Samantha Smith

University of Maryland Global Campus

COP 620: Cybersecurity Defense

Professor Matthew Brown

September 28, 2021

This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00

https://www.coursehero.com/file/109810226/VPN-Strategydocx/

VPN STRATEGY 2

Table of Contents

VPN and Remote Access Requirements…..…………………………………….3

Key VPN Components and Description………………………….……………..3-4

Architecture Diagram Showing Components……………………………………4

VPN Security Plan……………………………………………………………..……4-5

References…………………………………………………………………………..6

This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00

https://www.coursehero.com/file/109810226/VPN-Strategydocx/

VPN STRATEGY 3

VPN and Remote Access Requirements

The subnets that will be remotely accessed are 192.168.0.0 from resources using

software, hardware, and networking. My existing servers can be modified and configured to

enable remote access by the following steps: On your Mac, choose Apple menu > System

Preferences, click Sharing, then select the Remote Management checkbox. If prompted, select the

tasks remote users are permitted to perform. My network bandwidth will support the traffic and

will be connected by corporate and BYOD devices with about 100 simultaneous users. The

remote users' internet connections be used if secured properly. The operating systems that

need to be supported for remote users Include Mac, Windows, and Linux for the everyday use

connecting to the VPN in which two-factor authentication will be used for data protection.

Key VPN Components

With AWS Client VPN, there are two types of user personas that interact with the Client

VPN endpoint: administrators and clients.

The administrator is responsible for setting up and configuring the service. This involves

creating the Client VPN endpoint, associating the target network, and configuring the

authorization rules, and setting up additional routes. After the Client VPN endpoint is set up and

configured, the administrator downloads the Client VPN endpoint configuration file and

distributes it to the clients who need access. The Client VPN endpoint configuration file includes

the DNS name of the Client VPN endpoint and authentication information required to establish a

VPN session (Scott et al, 2020).

The client is the end user. This is the person who connects to the Client VPN endpoint to

establish a VPN session. The client establishes the VPN session from their local computer or

This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00

https://www.coursehero.com/file/109810226/VPN-Strategydocx/

VPN STRATEGY 4

mobile device using an OpenVPN-based VPN client application. After they have established the

VPN session, they can securely access the resources in the VPC in which the associated subnet is

located. They can also access other resources in AWS, an on-premises network, or other clients if

the required route and authorization rules have been configured (Scott et al, 2020).

Architecture Diagram Showing Components

VPN Security Plan

In today’s computing environment and with more and more employees working remotely,

enterprises need a way to secure their communications with their corporate network. While

VPNs provide security by encrypting data and sending it through a “tunnel”, there are risks to

that security. These risks include VPN hijacking, in which an unauthorized user takes over a

This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00

https://www.coursehero.com/file/109810226/VPN-Strategydocx/

VPN STRATEGY 5

VPN connection from a remote client; man-in-the-middle attacks, in which the attacker is able to

intercept data; weak user authentication; split tunneling, in which a user is accessing an insecure

Internet connection while also accessing the VPN connection to a private network; malware

infection of a client machine; granting too many network access rights; and DNS leak, in which

the computer uses its default DNS connection rather than the VPN’s secure DNS server.

To address these risks, the must-have security features to ensure a secure VPN include

support for anti-virus software and IDPS, digital certificate support, strong authentication and

encryption algorithms, and the ability to assign addresses to clients on a private network while

ensuring all addresses are kept private. Hardening VPNs with additional authentication will

ensure only the right people have access. Two-factor authentication prevents hackers from

accessing your network using compromised credentials. It requires users to validate their identity

by presenting a second security factor in addition to their password. When connecting to a

corporate network, users must first enter their Active Directory credentials, followed by a time-

based one-time password or HMAC. This OTP (a digital code) is displayed on something that a

user “owns”, such as a specialized smartphone application called an authenticator or a

programmable hardware token such as Token2 or YubiKey (Bunn, 2020). One of the key ideas

behind two-factor authentication is that it is extremely difficult to impersonate a user without

having access to this second factor. This means that even if hackers manage to steal all of your

employees’ usernames and passwords, they still won’t be able to access your VPN because they

don’t have the two-factor authentication code (Bunn, 2020). This is an additional layer of

security against unauthorized access to your systems.

This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00

https://www.coursehero.com/file/109810226/VPN-Strategydocx/

VPN STRATEGY 6

References

Bunn, C. (2020, August 7). Why your VPN connections need Two-factor authentication (2FA). Security Boulevard. Retrieved from https://securityboulevard.com/2020/08/why-your-vpn-connections-need-two-factor-authentication-2fa/.

Scott, C., Wolfe, P., Erwin, M., Utashiro, K., & Suda, T. (2020, November 4). VPN. Amazon. Retrieved from https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/how-it-works.html.

This study source was downloaded by 100000819746520 from CourseHero.com on 03-28-2022 10:51:44 GMT -05:00

https://www.coursehero.com/file/109810226/VPN-Strategydocx/Powered by TCPDF (www.tcpdf.org)