We continue our series into the concept of the Virtual Private Network.
We have examined this from different angles, and the last blog post provided to you, the small business owner, a template as to how a VPN could be deployed at your organization.
However, it was also stressed that it was only just that, how a VPN actually gets deployed depends a lot on your own security and business-related requirements.
Also note that it’s important to keep in mind that a VPN is used to primarily to secure the lines of communication from a remote based employee to the central and vice versa, as he or she accesses shared resources and files.
In this blog post we examine a key post deployment area that you need to formulate: The components of your VPN security policy.
The Components of a Virtual Private Security Policy
In implementing a Virtual Private Network system, formulating and developing a very sound and “airtight” security policy becomes of prime importance.
The components of a very strong Virtual Private Network based security policy should include some of the following components:
1. Access Rights:
a) Which employees should have access to what kinds and types of resources;
b) When, where, and how often is access allowed through resources via the VPN;
2. Access Control rights which include the following:
a) IP address source;
b) Data packet content and destination from within the Virtual Private Network;
3. Virtual Private Network Management Responsibilities, which include the following:
a) Who will administer and oversee the Virtual Private Network solution;
b) Whom will enforce the security of the Virtual Private Network;
c) Whom will authorize the issuance and the distribution of the digital certificates;
d) Whom will perform the Registration Activities.
4. The types and the degrees of the of the degree of encryption which is required:
a) Deciding upon the types of and kinds of IPSec Protocol settings and options which are required;
b) The management and distribution of the public keys and the private keys;
c) The length of time for digital certificate activity and expiration;
5. Virtual Private Network Endpoints: This simply involves where the IP tunneling will be routed through:
a) Gateway to gateway;
b) Gateway to desktop;
c) Desktop to desktop
In terms of a Virtual Private Network system, all types of programs and applications which run in your place of business or organization need to be double checked in order to make sure that they will be compatible to the new VPN hardware and software. Such programs and applications need to closely examined, which include:
> Database access and maintenance programs;
> Mainframe access through terminal emulators;
> Any type or kind of software development tools and their respective databases;
> All sorts of dynamic web content generators used for intranet development;
> Any type or kind of document sharing program;
> All remote server administration hardware/software;
> All backup as well as remote backup tools utilized at your place of business or organization.
The next blog post will conclude the series on Virtual Private Networks, and we’ll examine the impacts it has on your employees.
After all they will be the ultimate “consumers” of your VPN, and it will be important to have their buy in and support into it as well.