CIS 505 discussion post responses.
Respond to the colleagues posts regarding:
After reading about and studying VPNs this week, describe a scenario where you might find a VPN useful in the business world. What are some major concerns you might have as a network manager?
There are two discussions here that need to be responded to thoroughly. Responses must be on APA format 150+words 1-2 legitimate verifiable sources per response.
GS post states the following:
As a company that utilizes VPN for the past 10 years we have found it a productive way for employees to conduct business in a secure fashion. We implemented a RSA token for extra security and this eases executives over security concerns. With our VPN (Checkpoint) we offer two ways to access our internal network:
-RSA token: This is handed out to personnel that use a laptop for business. This 3 part authentication requires username/pin/token code in order to access our network. This is very secure for a machine that was compromised. Now I said compromised not data that has been transmitted.
-VPN Web: This is usually offered to users that need to access our network temporarily from a desktop.
Now remote access software such as GOTOMYPC have incorporated two-way authentication which has upped the security level and offers the user access from any location with internet access. Our VPN RSA needs the software client installed. We as a company now offer GOTOMYPC to internal employees that wish to work from home, but salesreps still are provided with RSA tokens.
VPN is not a new technology; it is more like a legacy security/connectivity approach of VPN and not conceived for todays world of multi-cloud and mobile configurations and not on premise settings. There has been documentation of VPNS weak link architecture. The issue centers around the fact that data cant be routed securely at the application level with a VPN. So if your organization is still relying on VPNs to transmit sensitive data over the VPN providers server, then youre taking a big risk that you may be exposing that data to people who shouldnt see it and may compromise it. A study that included researchers from UC Berkeley and the University of South Wales revealed that the vast majority (more than 80 percent) of VPN apps on Android devices wanted access to personal user data.
The research also verified that:
Nearly 40% of the VPN apps injected malware to try to access user data.
84% leaked user traffic.
Around 20% failed to encrypt traffic.
The fact that VPNs simply cant protect privacy to the degree that is required in todays enterprises.
https://www.cpomagazine.com/cyber-security/why-virtual-private-networks-arent-very-private/
RR post states the following:
A scenario where I might find a VPN useful in the business world, would be if I were the CEO of a pharmaceutical company who was looking to do a Merger and Acquisition (M&A) of another company. Without a VPN, the companys data would be vulnerable to hackers who can see data in transit, and eventually reach the companys IP address. If hackers compromise the companys system during the M&A, confidential information may be exposed which could affect the outcome of the M&A.
As a network manager, the main concern I might have is when the company uses VPNs to provide third-party vendors access to their network. When they do, those vendors either have full access or they dont. There are no shades of gray, no ability to give partial access only to required resources. The more servers, applications, and network equipment vendors can access, the more the company has at risk (Howlett, 2019). Other network manager concerns are connection speed and performance decrease, and third-party vendors may not have in-house technical support
References:
Howlett, T. (2019). 7 common VPN problems: The not-so-good, the bad, and the ugly. Retrieved from https://www.securelink.com/blog/vpn-problems/