Del monte VPN architecture suggestion for assignment

Del Monte Organization Structure Diagram. blood Dolente. Co. Z The line of work halogens Provide role- base penetration to interlock resources for employees and business partners Reduce administrative and interlocking cost Provide high-confidentiality for business information on the network Network requirements Flexible and adaptive security convenience provides a variety of secure extraneous admission charge Pre-configured telethon solution provides convenient voice and data networking for main office workers VPN solution integrates with existing network systems to en squelch doorway policies Del Monte Diagram VPN protocols and technologies VPN gener totallyy female genitals divvy up three of these scenarios such as Remote plan of approach shot network, ranch office connection network, also business partner/supplier network or understructure be called as Extranet. Some of the VPN technologies are MILS, Pipes and GREG. Pipes is an burgeon forth form from the IPPP deve lopment and is shorted of being finalized by the IETF. It is an open architecture for IP packet encryption and earmark, thereof it is located in the network layer. One of the VPN authentications that have been around for some time is Generic Routing Encapsulation (GREG). It was premiere developed by cisco as a mean to carry other routed protocols across a predominantly IP network.Some outwork administrators tried to reduce the administrative overhead in the core of their net kit and boodle by removing all protocols except IP as a transport. (Pearson, n. D. ) Multi goor Label Switching (MILS) is a standard-based technology lend oneselfd to quicken up the delivery of network packets over multiple protocols such as P, ATM and Frame pass along network protocols. It would allow us some signifi lott improvements, not the least of which was an increase in speed. peradventure the around main(prenominal) to us at the time, though, was that each branch could directly connect to both WHQL locations without the pick up for an additional PVC. It also allows every branch to communicate directly with every other branch without traversing the WHQL locations.This is important as if we were looking to implement a Poi solution. VPN service provider must have a network infrastructure that can support of integrating remote approach path directly into an MILS VPN network in high society for it to provide a good scalable and complete end-to-end VPN service. The customers can be Sips or swelled enterprises that want to provide access to remote users but avoid the use up for maintaining their own separate and pricy access network. Virtual Private Network (VPN) uses hared public telecoms infrastructure, such as the internet, to provide secure access to remote offices and users in a cheaper way than an owned or leased line.VPN are secure because they use tunneling protocols and procedures such as Layer 2 Tunneling Protocol (LOTT) and Point-to-Point Tunneling Protocol (PP TP). For this case in this assignment, I would imply Pipes as the VPN technologies and authentication. This is the same as a basic concept that is being introduced by Security Association. The stock of AS is to do work sure two or more entities secure when they are communicating with each other. Pipes itself has many options in providing security which includes encryption, integrity, and authenticity. For determining the Pipes security in details, both of Pipes peers must determine only which algorithm to use (e. DES or DES for encryption, MAD or SHAH for integrity). Then continue with exchanging and share session fundamentals. An Pipes transform in cisco ISO specifies either an AH or an ESP. protocol and its corresponding algorithms and mode. The lake herring tell VPN thickening uses the concept of security policies to specify the same parameters. (Cisco Press, n. D. ) Network Solutions for Del Monte Major and required equipment and their conditional relation Some impor tant equipment that needed by the office are Cisco AS 5500 serial reconciling Security Appliance Cisco mac Appliance The Cisco MAC Appliance is a fucking solution that condenses the four MAC functions into one appliance.Some of MAC components are Cisco NAS, Cisco NAME, Cisco ANA and Rule-set updates. MAC helps maintain network stability by providing authentication and authorization, posture assessment, quarantining of noncompliance systems and remediation of noncompliance systems. Cisco Secure ACS Cisco AS 5500 Series Adaptive Security Appliance is the best suit for Del Monte. This series provide advance firewall, compatible with the VPN architecture, Intrusion Prevention and content security all in hotshot syllabus. It is also an industry-leading secure mobility technology for an presidential term. With its Suspect VPN edition, Del Monte offers employees a wide range of remote access options.An offside worker can set up a leaf nodeles VPN connection victimisation a web bro wser without pre-installed software. And also, SSL technology that delivers secured access to network by establishing an encrypted tunnel across the internet. Some of the detail details of Cisco AS sasss features Cisco Easy VPN This feature centralized the management of VPN deployments and helps reduce their complexity. concentrate the management is done by managing Pipes policies and push to the client device by the server. It also allows a remote end user to communicate using IP security with any Cisco ISO VPN gateway. VPN authentication The authentication is done with Cisco Secure Access Control Server (ACS).ACS is an access policy control platform that helps you comply with growing regulatory and corporate requirements. It is utilized for wireless infrastructure. This ACS helps improve productivity and contain cost. ACS works with VPN and other remote outwork access devices to enforce access policies. It also supports administrators authentications, authorizes commands and pro vides an audit trail. Cisco Anecdote VPN Client LANA- ilk users can use it for the network connection optimization in a full tunnel client mode on a variety of end-user platforms. Customizable SSL VPN and Pipes Services for Any Deployment Scenario Depending on the series of the AS 5500, PIPS SSP is underlying to help preventing the intrusion.The Cisco AS 5500 Series helps businesses increase effectiveness and efficiency in protecting their networks and applications part delivering exceptional investment retention through the Market-proven security capabilities, Extensible integrated service architecture, Reduced-deployment and operations costs also Comprehensive management interface. Companys ERP and CRM Cisco VPN actually integrates smoothly with Del Motes existing network to give employees access only to the resources that they need. This meaner that VPN will make sure only the authorizes users can access to the certain parts of the network and company resources. ERP integrates all departments and functions throughout an organization into a single IT system so that employees can make enterprise-wide sessions by viewing enterprise-wide information on all business operations.Enterprise System Automate business process ERP systems collect data from across an organization and correlate the data generating an enterprise-wide view to help run the business. mensuration ERP success There are several different departments in the company. Example, sales representative might need to access to Del Motes data warehouse system (CRM) application to track a shipment. While finance organization need to access to ERP system, file sharing and administrative tools from their portal. So Cisco VPN makes ere that each department can only access to their own but not others. And yet IT professional might need access to everything on the network for troubleshooting or monitoring.Security To provide additional network security for remote employees, Del Monte can use the Cisco MAC a ppliance to enforce security policy compliance. It identifies the security policies before permitting those devices access to the network. Cisco MAC appliance is a network admission control that is designed by Cisco to produce a secure and clean network environment. Two Pipes Peers use Active Directory-based Pipes Policy, Source techno. Microsoft. florists chrysanthemum Pipes packet filtering Pipes has an ability to provide limited firewall capabilities for end systems by performing host-based packet filtering. It also can be configured to permit or block specific types of incase IP traffic based on source and destination address combinations and specific protocols and specific ports.While the security can be sustain by using Pipes packet filtering to control exactly the type of communication that is allowed between systems. Filtering Packets by Using Pipes, Source techno. Microsoft. Com Types of attacks Some of the possible attacks that can happen to VPN are tool force attacks and cautionary attacks. mensuration attacks An STEP attack typically involves the creation of bogus stem bridge. This can be accomplished using available software from the internet such as broccoli or step- packet. In this attack, Buds sent by the attacking host announce a lower bridge priority in an attempt to be elected as the root bridge, then the topology change Buds to force spanning-tree recalculations.If successful, the attacking host becomes the root bridge and sees a variety of frames that otherwise are not accessible. STEP attacks Brute force attack A cryptanalytic type of attack that is used against any encrypted data to guess the seers surname and password. It is entirely because this attack has a dictionary of commonly used passwords and cycle through those words until it gains access to the account. Brute force attack takes different variety times to complete as it is depending on the number of encryption size (64-bit, 128-bit or 256-bit). The higher number of the e ncryption, the longer time it is needed by Brute force to accomplish its attack.Dictionary attack A technique which is used by hacker to determine the decryption key of the authentication mechanism by trying it repeatedly until the real possibility is come UT. Basically, it is acting like a person who searches a keyword from a dictionary. Yet this attack only tries the best possibilities that are most likely to success. References J. Charged and J. Pacer, MILS and VPN Architectures, 1st deed. Indianapolis, IN Cisco System, Inc. , 2003. G. A. Donahue, Network Warrior, 2nd deed. Soapstone, CA Reilly Media, 2011. J. Afraid and O. Santos, Cisco AS, 2nd deed. Indianapolis, IN Cisco System, Inc. , 2010. O. Santos, End-to-end network security, USA-landslips, IN Cisco System, Inc. , 2008. Pipes security. Retrieved from http//techno. Microsoft. Com