Del Monte Organization Structure Diagram. Source: Dolente. Co. Z The business halogens: Provide role-based access to network resources for employees and business partners Reduce administrative and network costs Provide high-confidentiality for business information on the network Network requirements: Flexible and adaptive security appliance provides a variety of secure remote access Pre-configured telethon solution provides convenient voice and data networking for home workers VPN solution integrates with existing network systems to enforce access policies Del Monte Diagram VPN protocols and technologies VPN generally can handle three of these scenarios such as Remote access network, ranch office connection network, also business partner/supplier network or can be called as Extranet. Some of the VPN technologies are MILS, Pipes and GREG. Pipes is an evolve form from the IPPP development and is shorted of being finalized by the IETF. It is an open architecture for IP packet encryption and authentication, thus it is located in the network layer. One of the VPN authentications that have been around for some time is Generic Routing Encapsulation (GREG). “It was first developed by Cisco as a mean to carry other routed protocols across a predominantly IP network.
Some outwork administrators tried to reduce the administrative overhead in the core of their networks by removing all protocols except IP as a transport. ” (Pearson, n. D. ) Multiprocessor Label Switching (MILS) is a standard-based technology used to speed up the delivery of network packets over multiple protocols such as ‘P, ATM and Frame Relay network protocols. It would allow us some significant improvements, not the least of which was an increase in speed. Perhaps the most important to us at the time, though, was that each branch could directly connect to both WHQL locations without the need for an additional PVC. It also allows every branch to communicate directly with every other branch without traversing the WHQL locations.
This is important as if we were looking to implement a Poi solution. VPN service provider must have a network infrastructure that can support of integrating remote access directly into an MILS VPN network in order for it to provide a good scalable and complete end-to-end VPN service. The customers can be Sips or large enterprises that want to provide access to remote users but avoid the need for maintaining their own separate and expensive access network. Virtual Private Network (VPN) uses hared public telecoms infrastructure, such as the internet, to provide secure access to remote offices and users in a cheaper way than an owned or leased line.
VPN are secure because they use tunneling protocols and procedures such as Layer 2 Tunneling Protocol (LOTT) and Point-to-Point Tunneling Protocol (PPTP). For this case in this assignment, I would suggest Pipes as the VPN technologies and authentication. This is the same as a basic concept that is being introduced by Security Association. The Job of AS is to make sure two or more entities secure when they are communicating with each other. Pipes itself has many options in providing security which includes encryption, integrity, and authenticity. For determining the Pipes security in details, both of Pipes peers must determine exactly which algorithm to use (e. : DES or DES for encryption, MAD or SHAH for integrity). Then continue with exchanging and sharing session keys. “An Pipes transform in Cisco ISO specifies either an AH or an ESP. protocol and its corresponding algorithms and mode. The Cisco Secure VPN Client uses the concept of security policies to specify the same parameters. ” (Cisco Press, n. D. ) Network Solutions for Del Monte Major and required equipment and their significance Some important equipment that needed by the office are: Cisco AS 5500 series Adaptive Security Appliance Cisco MAC Appliance The Cisco MAC Appliance is a turnkey solution that condenses the four MAC functions into one appliance.
Some of MAC components are: Cisco NAS, Cisco NAME, Cisco ANA and Rule-set updates. MAC helps maintain network stability by providing authentication and authorization, posture assessment, quarantining of noncompliance systems and remediation of noncompliance systems. Cisco Secure ACS Cisco AS 5500 Series Adaptive Security Appliance is the best suit for Del Monte. This series provide advance firewall, compatible with the VPN architecture, Intrusion Prevention and content security all in single platform. It is also an industry-leading secure mobility technology for an organization. With its Suspect VPN edition, Del Monte offers employees a wide range of remote access options.
An offside worker can set up a clientèles VPN connection using a web browser without pre-installed software. And also, SSL technology that delivers secured access to network by establishing an encrypted tunnel across the internet. Some of the specific details of Cisco AS sass’s features: Cisco Easy VPN This feature centralized the management of VPN deployments and helps reduce their complexity. Centralized the management is done by managing Pipes policies and push to the client device by the server. It also allows a remote end user to communicate using IP security with any Cisco ISO VPN gateway. VPN authentication The authentication is done with Cisco Secure Access Control Server (ACS).
ACS is an access policy control platform that helps you comply with growing regulatory and corporate requirements. It is utilized for wireless infrastructure. This ACS helps improve productivity and contain costs. ACS works with VPN and other remote outwork access devices to enforce access policies. It also supports administrators’ authentications, authorizes commands and provides an audit trail. Cisco Anecdote VPN Client LANA-like users can use it for the network connection optimization in a full tunnel client mode on a variety of end-user platforms. Customizable SSL VPN and Pipes Services for Any Deployment Scenario Depending on the series of the AS 5500, PIPS SSP is built-in to help preventing the intrusion.
The Cisco AS 5500 Series helps businesses increase effectiveness and efficiency in protecting their networks and applications while delivering exceptional investment retention through the Market-proven security capabilities, Extensible integrated service architecture, Reduced-deployment and operations costs also Comprehensive management interface. Company’s ERP and CRM Cisco VPN actually integrates smoothly with Del Mote’s existing network to give employees access only to the resources that they need. This meaner that VPN will make sure only the authorizes users can access to the certain parts of the network and company resources. ERP integrates all departments and functions throughout an organization into a single IT system so that employees can make enterprise-wide sessions by viewing enterprise-wide information on all business operations.
Enterprise System Automate business process ERP systems collect data from across an organization and correlate the data generating an enterprise-wide view to help run the business. Measuring ERP success There are several different departments in the company. Example, sales representative might need to access to Del Mote’s data warehouse system (CRM) application to track a shipment. While finance organization need to access to ERP system, file sharing and administrative tools from their portal. So Cisco VPN makes ere that each department can only access to their own but not others. And yet IT professional might need access to everything on the network for troubleshooting or monitoring.
Security To provide additional network security for remote employees, Del Monte can use the Cisco MAC appliance to enforce security policy compliance. It identifies the security policies before permitting those devices access to the network. Cisco MAC appliance is a network admission control that is designed by Cisco to produce a secure and clean network environment. Two Pipes Peers Using Active Directory-based Pipes Policy, Source: techno. Microsoft. Mom Pipes packet filtering Pipes has an ability to provide limited firewall capabilities for end systems by performing host-based packet filtering. It also can be configured to permit or block specific types of incase IP traffic based on source and destination address combinations and specific protocols and specific ports.
While the security can be strengthen by using Pipes packet filtering to control exactly the type of communication that is allowed between systems. Filtering Packets by Using Pipes, Source: techno. Microsoft. Com Types of attacks Some of the possible attacks that can happen to VPN are: Brute force attacks and cautionary attacks. STEP attacks An STEP attack typically involves the creation of bogus root bridge. This can be accomplished using available software from the internet such as broccoli or step- packet. In this attack, Buds sent by the attacking host announce a lower bridge priority in an attempt to be elected as the root bridge, then the topology change Buds to force spanning-tree recalculations.
If successful, the attacking host becomes the root bridge and sees a variety of frames that otherwise are not accessible. STEP attacks Brute force attack A cryptanalytic type of attack that is used against any encrypted data to guess the seer’s surname and password. It is simply because this attack has a dictionary of commonly used passwords and cycle through those words until it gains access to the account. Brute force attack takes different variety times to complete as it is depending on the number of encryption size (64-bit, 128-bit or 256-bit). The higher number of the encryption, the longer time it is needed by Brute force to accomplish its attack.
Dictionary attack A technique which is used by hacker to determine the decryption key of the authentication mechanism by trying it repeatedly until the real possibility is come UT. Basically, it is acting like a person who searches a keyword from a dictionary. Yet this attack only tries the best possibilities that are most likely to success. References: J. Charged and J. Pacer, MILS and VPN Architectures, 1st deed. Indianapolis, IN: Cisco System, Inc. , 2003. G. A. Donahue, Network Warrior, 2nd deed. Soapstone, CA: Reilly Media, 2011. J. Afraid and O. Santos, Cisco AS, 2nd deed. Indianapolis, IN: Cisco System, Inc. , 2010. O. Santos, End-to-end network security, USA-landslips, IN: Cisco System, Inc. , 2008. Pipes security. Retrieved from http://techno. Microsoft. Com