Week 13 research activity1
docx
keyboard_arrow_up
School
Schoolcraft College *
*We aren’t endorsed by this school
Course
262
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
5
Uploaded by DrRamMaster341
CNT 262 Week 13 Research Activity
Using your place of work (or Schoolcraft College) as an example, answer the following questions
What is/are the use case(s) for a VPN?
Do these use cases require remote access or site-to-site functionality?
Choose a VPN protocol for each use case mentioned previously
Do these protocols provide layer 2 or layer 3 VPNs?
Does the VPN protocol change depending on the functionality you need? Why or why not?
Answers:
Use Case(s) for a VPN at Schoolcraft College:
1.
Remote Access:
Use Case:
Allowing faculty, staff, or students to securely connect to the Schoolcraft College network from off-campus locations.
Functionality:
Remote access.
2.
Site-to-Site Connectivity:
Use Case:
Connecting multiple campuses or branch offices of Schoolcraft College located
in different regions.
Functionality:
Site-to-site connectivity.
VPN Protocols:
1.
Remote Access VPN:
Protocol:
SSL VPN.
Layer:
Typically layer 3 VPN.
2.
Site-to-Site VPN:
Protocol:
IPsec for secure communication between campuses.
Layer:
Layer 3 VPN.
Protocol Selection:
Remote Access VPN:
SSL VPN is chosen for its ease of use and adaptability. It allows users to connect securely to the Schoolcraft College network using a web-based interface, which is convenient for remote access scenarios.
Site-to-Site VPN:
IPsec is chosen for site-to-site connectivity due to its robust security features. IPsec provides a secure tunnel between different campuses, ensuring confidential and authenticated communication.
Layer 2 or Layer 3 VPNs:
Both protocols (SSL VPN and IPsec) primarily provide Layer 3 VPNs. They operate at the network layer, enabling secure communication between networks or hosts.
Does the VPN Protocol Change Depending on Functionality? Why or Why Not?
In the example of Schoolcraft College, the choice of VPN protocol does change based on functionality. SSL VPN is suitable for remote access scenarios because it allows users to connect to the college's network securely using a web-based interface, which is user-friendly and accessible from various devices.
On the other hand, for site-to-site connectivity between different campuses, IPsec is chosen due to its ability to create secure tunnels between network endpoints. The protocol selection aligns with the specific requirements and security considerations of each use case, optimizing the VPN setup for the intended functionality.
CNT 262 Week 13 Research Activity
What type of authentication requirements would you mandate for using a VPN in these use cases? Why? 1.Remote Access VPN:
Authentication Requirements:
Username and Password:
Users connecting remotely need to authenticate using a unique username and a strong, confidential password.
Multi-Factor Authentication (MFA):
An additional layer of security where users must provide a second form of authentication, such as a code
from a mobile app or a hardware token.
Because Remote access VPNs are a crucial entry point for users connecting from outside the college network. Username-password authentication ensures that only authorized users with valid credentials can access the network remotely. Multi-Factor Authentication adds an extra layer of security, reducing the risk of unauthorized access even if login credentials are compromised.
2.Site-to-Site VPN:
Authentication Requirements:
Pre-Shared Key (PSK):
A shared secret key configured on both ends of the VPN tunnel to authenticate and establish a secure connection.
Certificate-Based Authentication:
Certificates are used for mutual authentication between the VPN peers.
Because Site-to-site VPNs involve secure communication between different campuses or branch offices. The use of a pre-shared key and certificate-based authentication ensures that the VPN connection is established between trusted and authenticated network endpoints, adding an extra layer of security to the inter-site communication.
Do the protocols you chose earlier support these requirements? Yes, the protocols chosen earlier, SSL VPN for remote access and IPsec for site-to-site connectivity, generally support the specified authentication requirements for Schoolcraft College.
Research “Cloud based VPN” and write a short summary that includes:
Which company(ies) offer such a service?
CNT 262 Week 13 Research Activity
1.Amazon Web Services (AWS):Service Name: AWS VPN.
Link: AWS VPN
2.Microsoft Azure:Service Name: Azure VPN Gateway.
Link: Azure VPN Gateway
3.Google Cloud Platform (GCP):Service Name: Cloud VPN.
Link: Google Cloud VPN
What is it? Are there multiple types?
A cloud-based VPN is a service that allows organizations to establish secure and encrypted connections over the internet to cloud resources. There are multiple types:
Remote Access VPN: Enables users to connect securely to the cloud environment from any location.
Site-to-Site VPN: Connects on-premises networks to the cloud, creating a secure communication channel.
What protocol(s) does it use?
Cloud-based VPN services typically support industry-standard protocols, including:
IPsec (Internet Protocol Security): Widely used for secure site-to-site VPN connections.
SSL/TLS (Secure Sockets Layer/Transport Layer Security): Commonly used for remote access VPNs due to its web-based interface.
How is it different than traditional site-to-site or remote access VPN technologies?
Differences from Traditional VPN Technologies:
No Physical Hardware: Unlike traditional VPNs that may require physical hardware, cloud-based VPNs leverage the infrastructure of cloud service providers, eliminating the need for dedicated on-premises equipment.
Scalability: Cloud-based VPNs are highly scalable, allowing organizations to adapt to changing requirements without significant hardware investments.
Flexibility and Accessibility: Users can access cloud resources securely from anywhere, making it ideal for remote work scenarios.
How does it impact perimeter security? (make sure to include concepts from the course)
Cloud-Based VPN: A Short Summary
Companies Offering Cloud-Based VPN Services:
Several companies offer cloud-based VPN services, including major cloud service providers:
Amazon Web Services (AWS):
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
CNT 262 Week 13 Research Activity
Service Name: AWS VPN.
Link: AWS VPN
Microsoft Azure:
Service Name: Azure VPN Gateway.
Link: Azure VPN Gateway
Google Cloud Platform (GCP):
Service Name: Cloud VPN.
Link: Google Cloud VPN
What is Cloud-Based VPN? Are There Multiple Types?
A cloud-based VPN is a service that allows organizations to establish secure and encrypted connections over the internet to cloud resources. There are multiple types:
Remote Access VPN: Enables users to connect securely to the cloud environment from any location.
Site-to-Site VPN: Connects on-premises networks to the cloud, creating a secure communication channel.
Protocols Used:
Cloud-based VPN services typically support industry-standard protocols, including:
IPsec (Internet Protocol Security): Widely used for secure site-to-site VPN connections.
SSL/TLS (Secure Sockets Layer/Transport Layer Security): Commonly used for remote access VPNs due to its web-based interface.
Differences from Traditional VPN Technologies:
No Physical Hardware: Unlike traditional VPNs that may require physical hardware, cloud-based VPNs leverage the infrastructure of cloud service providers, eliminating the need for dedicated on-premises equipment.
Scalability: Cloud-based VPNs are highly scalable, allowing organizations to adapt to changing requirements without significant hardware investments.
Flexibility and Accessibility: Users can access cloud resources securely from anywhere, making it ideal for remote work scenarios.
Impact on Perimeter Security:
Cloud-based VPNs impact perimeter security by redefining the traditional security perimeter. Key
concepts include:
Zero Trust Security Model: Cloud-based VPNs often align with a zero-trust security model, where
access is based on identity and device security posture rather than relying solely on a defined network perimeter.
CNT 262 Week 13 Research Activity
Micro-Segmentation: Security policies are applied at a granular level, allowing organizations to segment and control access to specific resources within the cloud environment.
Dynamic Perimeter: The perimeter becomes dynamic and adaptive, responding to changing conditions and access requirements in real-time.
Encryption and Authentication: Cloud-based VPNs ensure secure communication by encrypting data and enforcing strong authentication measures, enhancing overall perimeter security.