Free Essay

It Infrastructure Security

In:

Submitted By GHendrix
Words 1125
Pages 5
Unit 4 Assignment 1: Create a VPN Connectivity Troubleshooting Checklist

1. Find out who is affected
The first step in troubleshooting any VPN problem is to determine who is affected by it. That information can go a long way toward helping you figure out where to start looking for the problem. For example, if everyone in the company is having problems, you might look for a hardware failure on your VPN server, an incorrect firewall rule, or perhaps a configuration problem on your VPN server.
On the other hand, if there is only one person who is having a problem who can never seem to remember his/her password or Some other person who insists on connecting from their home computer, that too can tell you a lot about what may be going on 2. Check to see whether users can established VPN connectivity
When you begin the actual troubleshooting process, you might want to start by determining whether the affected users can establish VPN connectivity. Not all VPN problems involve connection failures. Sometimes users can connect, but they can't access the network’s resources. 3. Look for policies preventing connectivity
If you find that certain users are having trouble establishing connectivity, have them try to log in from a known good machine. If that doesn't work, there may be a policy in place preventing them from logging in. For example, if you are operating in a Windows Server environment, one should check the Active Directory Users and Computers console to verify that the user has been given permission to log in remotely. Likewise, some VPNs could be designed so that users are allowed to log in only during certain times of the day. 4. Don’t rule out the client
If only a single user is affected by the problem and has no trouble logging in from another computer, the problem would most likely related to the computer that he/she was trying to connect from.
In one scenario, one of the users could be having trouble connecting to a VPN from a home computer. If you tried talking him through the problem, they kept telling you that what they were seeing didn't match what you were asking them to do. It turned out that the user had installed a freeware VPN client because a friend had told him it was much better than what he'd been using. On another occasion, I had someone who was unable to establish VPN connectivity because a virus had destroyed the computer's TCP/IP stack. If users are attempting to connect from their own computer, you can't assume anything about the system they're using. 5. Try logging in locally
This probably sounds silly, but when users say that they are having trouble logging in to the VPN, one of the first things you do is verify that they can log in locally.
I once heard there was a user complaint of VPN problems. The troubleshooter spent a lot of time trying to troubleshoot the issue. When nothing they tried seemed to make any difference, they decided to double-check the user's account to see whether there were any restrictions on it. When they did, they noticed that the account was locked out. They unlocked the account and tried again, but it wasn't long before the account was locked again.
The troubleshooter reset the user's password and was able to log in without any problems. When they told the user about it, the user told the troubleshooter that he'd never been able to log in with that account. When the troubleshooter asked how he got his work done each day, he told him that he always logged in as one of his coworkers. (You can't make this stuff up.) Ever since that incident, the troubleshooter always checked to verify that the user's account is working properly.

6. See if affected users are behind NAT firewalls
Another thing one should check is whether affected users are connecting from computers that are behind a NAT firewall. Normally, NAT firewalls aren't a problem. However, some older firewalls don't work properly with VPN connections. 7. Check for Network Access Protection issues
Microsoft created the Network Access Protection feature as a way for administrators to protect network resources against remote users whose computers are not configured in a secure manner. Although Network Access Protection (NAP) works well, it has been known to cause problems for end users.
Network Access Protection is based on group policy settings. So, if a user attempts to connect from a computer that is not a domain member, NAP will not work properly. Depending on how the VPN is configured, either the health of the user's computer will be ignored or the user will be denied access to the network.
It is also common to configure NAP so that if a user's computer fails the various health checks, a VPN connection is established to an isolated network segment containing only the resources necessary to address the health problem (sometimes through automatic remediation). When this happens, some users may not understand what is going on and may assume that there is a problem with the VPN. 8. Try accessing various network resources
If users can log in to the VPN but they can't do anything once they're connected, the next step is to systematically attempt to connect to various resources on the network. This is important because you may find that some network segments are accessible while others are not.
For example, when a user connects to a VPN server, the computer is typically assigned an IP address by a DHCP server. However sometimes, there are situations in which the DHCP server could have been configured incorrectly, and users who were assigned addresses from one specific scope couldn't access remote network segments 9. Test connecting to resources by IP address rather than server name
You can also try connecting to network resources by their IP address instead of by their name. If you can access previously inaccessible resources by using IP addresses, you can bet that a DNS problem is to blame. If that happens, you should check to see which DNS server VPN clients are configured to use. 10. Determine if users are having performance problems
Sometimes, users may find that although a VPN connection is functional, it is painfully slow. When this happens, you will have no choice but to do some performance monitoring on your infrastructure servers to ensure that they are not experiencing performance bottlenecks.
Sometimes it might just be the infrastructure servers are the source of performance problems, you will usually have multiple users complaining about poor performance. If only a single user is complaining, the problem is likely to be related to that user's Internet connection.

Similar Documents

Premium Essay

Understanding It Infrastructure Security Case Study

...Week 1: Understanding IT Infrastructure Security Case Study Hello my name is YGS and I am an Independent contractor for TJX, they have requested my assistant and I will be in charge of all IT matter at TJX. In recent happenings at TJX you should by now be aware that this company was breached by a hacker by the name of the Albert Gonzalez. He stole over $170 million dollars of customer’s credit card information. As a result TJX has taken a major financial loss and our honor and credibility is in question. The reason we are in question is because it turns out the matter was not discovered until an outside source (our gateway/payment-card processing) partners came in and performed an audit to then discover we were breached. Before the audit we should have caught the transfer of 80 GB of stored data by Mr. Gonzalez. Prior to any breach of this company TJX should have been compliant with the payment card industry compliance and validation regulations. In complying with the Federal Trade Commission (FTC) under FTC jurisdiction our IT team should be consistently taking measures in place to keep customer information secure at all times. By being on top of things we would have been less vulnerable to an attack of this size and speared the embarrassment of not discovering the breach for over seven months. To of eradicated this from ever happening TJX should have made sure that our payment gateway client was compliant with their firewall configuration, protect stored cardholder...

Words: 361 - Pages: 2

Free Essay

Network Infrastructure Security

...Network Infrastructure Security Robert Collazo Rasmussen College Network Infrastructure Security The first thing that I will be covering is the virtual private network in windows 7. A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. The VPN connection across the Internet is technically a wide area network (WAN) link between the sites but appears to the user as a private network link—hence the name "virtual private network”. The following authentication protocols are supported for logon security for VPN connections in Windows 7: * PAP Stands for Password Authentication Protocol; uses plaintext (unencrypted) passwords. * CHAP Stands for Challenge Handshake Authentication Protocol; uses one-way MD5 hashing with challenge-response authentication. * MSCHAPv2 Stands for Microsoft Challenge Handshake Authentication Protocol version 2; an extension by Microsoft of the CHAP authentication protocol that provides mutual authentication of Windows-based computers and stronger data encryption. MSCHAPv2 is an enhancement of the earlier MS-CHAP...

Words: 683 - Pages: 3

Premium Essay

It456 Db2

... Security Architecture Design IT456_DB2 Security architecture is an important aspect of any security system safeguarding an organizations data, employee/client demographic information and many other vital data. Deployment of an effective scalable network security system requires proper design according to the risk analysis and employing security principles in best practices and maintaining a satisfactory level of compliance. www.disa.mil/.../mil Should any of the key areas of the security infrastructure be compromised it will have devastating effects on the reliability, availability, viability of operational abilities and integrity of data. As well the system vulnerabilities are more easily. Attacks are carried out on these compromised infrastructures including industrial espionage, revenge, financial gain, and terrorism. ISSA.com/security Some of the principles used in the design of a secure Infrastructure are compartmentalization of information, principle of least privilege, weakest link, defense in depth, authentication password security, antivirus, packet filtering,, firewalls, policies both permitting and restricting activities, DMZ’s and designing the security around and for the most critical systems. Do not forget the ever more important intrusion detection...

Words: 727 - Pages: 3

Premium Essay

Assignment 2 Critical Infrastructure Protection

...Assignment 2: Critical Infrastructure Protection Strayer University Introduction In the wake of a terrorist attack, natural disaster, or emergency, the Department of Homeland Security (DHS) is prepared to respond.   DHS primary responsibilities are combatting terrorism, securing boarders, enforcing immigration laws, safeguarding cyberspace, and responding to natural disasters. Coordination with the federal response teams and partnerships with local, state, and private sectors, enhance the DHS response tactics in a national emergency. Department of Homeland Security Mission, Operations, and Responsibilities The Department of Homeland Security’s mission is to keep America safe, protected, and resilient from various elements that threaten the country.  As identified by (dhs.gov, 2013) DHS has three key concepts that strategies are based upon security, resilience, and customs and exchange.  The process that defines homeland security missions and incorporates the key concepts is the Quadrennial Homeland Security Review (QHSR). DHS missions are spread across the enterprise and do not only cover DHS.  The delegated missions define in detail how to prevent, protect, respond, recover, secure, ensure resilience, and facilitate customs and exchange as noted by (dhs.gov, 2013).     Department of Homeland Security operations encompass five core objectives.  The objectives covered under DHS are prevention of terrorism and enhancing security; secure and manage our boarders; enforce and administer...

Words: 1685 - Pages: 7

Free Essay

Cis 502 Critical Infrastructure Protection

...CIS 502 Critical Infrastructure Protection Click Link Below To Buy: http://hwaid.com/shop/cis-502-critical-infrastructure-protection/ Due Week 6 and worth 50 points Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. The following documents titled, “National Infrastructure Protection Plan”, and “Critical Infrastructure Protection”, may be used to complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the Department of Homeland Security’s : a. mission b. operations c. responsibilities 2. Explain what Critical Infrastructure Protection (CIP) initiatives are, what are protected, and the methods used to protect our assets. 3. Describe the vulnerabilities IS professionals need to be concerned with when protecting the U.S.’s critical infrastructure. 4. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure. 5. Suggest three (3) methods to improve the protection of our critical infrastructure and justify each suggestion. 6. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times...

Words: 1288 - Pages: 6

Premium Essay

Case Study

...Case Study 2: Information Security and the National Infrastructure Tamika C. McCray Professor Darrel Nerove SEC 310 – Homeland Security July 19, 2012 In reading the article, I gather that our country’s natural resources might be at very real danger due to cyber threats. I am once again surprised that there is no effective plan in place for protecting these very important resources. In any company that has something to lose, there should be appropriate security measures taken in accessing their company information. Along with those passwords, a level of security needs to be given to each individual with a password. Learning of the different security possibilities to protect our resources should be at the top of voter’s lists along with job security and a few other things this coming election. If we are easily hacked with simple things, more individual than world-wide, we should take heed when a security breech on a national level will affect millions. All possible threats should be taken seriously as with everything being wireless these days, there is more of a chance for hackers to find a way to get through the cracks. The fact that these industries rely heavily on information technology to conduct everyday service alone is a very real reason to be concerned. Being that there might be thousands of miles between employees, branches and facilities that operate in these areas, there is a great emphasis on telecommuting. When dealing with any type of outpost employment...

Words: 835 - Pages: 4

Premium Essay

Firewalls and Infrastructure Security

...whose purpose is to enforce a security policy across its connections. It is comparable to a wall that has a window where the wall serves to keep things out, except those permitted through the window. A security policy acts like the glass in the window; it permits some things to pass, light, while blocking others, air. The heart of a firewall is the security policy that it enforces. Security policies are a series of rules that define what traffic is permissible and what traffic is to be blocked or denied. These are not universal rules, and there are many different sets of rules for a single company with multiple connections. A web server connected to the Internet may be configured only to allow traffic on port 80 for HTTP, and have all other ports blocked. An e-mail server may have only necessary ports for e-mail open, with others blocked. A key to security policies for firewalls is the same as has been seen for other security policies, the principle of least access. Only allow the necessary access for a function, block or deny all unneeded functionality. How an organization deploys its firewalls determines what is needed for security policies for each firewall. The security topology will determine what network devices are employed at what points in a network. At a minimum, the corporate connection to the Internet should pass through a firewall. This firewall should block all network traffic except that specifically authorized by the security policy. Blocking communications...

Words: 1184 - Pages: 5

Free Essay

Assignment 2: Critical Infrastructure Protection

...Assignment 2: Critical Infrastructure Protection Benard Braxton, Jr. Dr. Bouaffo Kouame CIS 502 – Theories of Security Management May 17, 2015 The Department of Homeland Security’s vison is to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards (DHS, 2015). To achieve this vision there are three key concepts that creates the foundation of our national homeland security strategy. They are security, resilience, and customs and exchange (DHS, 2015). These key concepts drive wide-ranging areas of action that the Quadrennial Homeland Security Review process describes as homeland security missions. These missions are not restricted to the Department of Homeland Security. These objectives and goals says what it means to prevent, to protect, to respond, and to recover. They also shows how build in security, to ensure resilience, and to facilitate customs and exchange (DHS, 2015). There are thousands of people from across the all over the country who are responsible for executing these missions. These are the people who interact with the public, are responsible for security and public safety, operate our country’s critical services and infrastructures, develop technology, perform research, watch, prepare for, and respond to emerging disasters and threats (DHS, 2015). The five homeland security core missions are to prevent terrorism and enhancing security; secure and manage our borders; enforce and administer our immigration laws; safeguard...

Words: 1124 - Pages: 5

Premium Essay

Cjus254 Unit 5 Ip

...Department of Homeland Security and private sector companies. She has requested an information paper that shows her why these relationships are important, as well as how the DHS uses these companies as a tool for the protection of critical infrastructure and key resources. To: Director, Executive Secretariat of the Office of the Secretary, DHS From: Action Officer, Executive Secretariat of the Office of the Secretary, DHS Ma’am, Cooperation with all levels and forms of security entities is of paramount importance. We cannot profess to be the best at what we do if we are blind to this fact. There are hundreds of security firms that specialize in all different types, as well as local, state, tribal, and territorial governments and law enforcement agencies that just know the area, the terrain, and the local customs and day to day operations better than any federal agencies ever could. This is why it is important for us to work with these agencies on the ground when we are tasked with preventing or reacting to any security emergencies. This is important because the private sector actually owns and controls the grand majority of the infrastructure that we are sworn to protect. This makes it slightly more complicated for us to control the safety of anything, if we aren’t in direct control. Rather than create a fascist state that dictates laws that may not be the best for the security of a particular field, we have established Critical Infrastructure Advisory Partnerships...

Words: 1338 - Pages: 6

Free Essay

Private Security

...Private security is an absolute necessity as part of our country’s homeland security. After the terrorist attacks of September 11th 2001, the concept of “homeland security” truly came into a whole new focus. Prior to this tragic incident, the abundance of security vulnerabilities that existed in our country were not as well known or as well publicized. Furthermore, it was just assumed and expected that the public sector was quite capable of handling our domestic security needs. This could not have been farther from the truth. The concept of “homeland security” is a both a broad and highly complex term that encompasses virtually every facet of the American infrastructure on land, in air, at sea, and even underground. Just taking into account the vast amounts of land that the United States encompasses is a difficult task within itself. The Office of Homeland Security (which was the predecessor to the Department of Homeland Security) attempted to simplify the concept of homeland security by describing it as a “concerted national effort to prevent terrorist attacks within the United States, reduce America’s vulnerability to terrorism, and minimize the damage and recover from any attacks that do occur.” Moreover, a number of federal agencies such as the Department of Homeland Security, Department of Defense, and the Congressional Budget Office just to name a few, have recognized the important role that private security firms will play in bringing the total concept of “homeland...

Words: 1945 - Pages: 8

Free Essay

Critical Infrastructure Protection

...The U.S. CIP is a national program to ensure the security of vulnerable and interconnected infrastructures of the United States The United States possesses both the world's strongest military and its largest national economy. Those two aspects of our power are mutually reinforcing and dependent. They are also increasingly reliant upon certain critical infrastructures and upon cyber-based information systems. Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private. Many of the nation's critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks. Addressing these vulnerabilities will necessarily require flexible, evolutionary approaches that span both the public and private sectors, and protect both domestic and international security. Because of our military strength, future enemies, whether nations, groups or individuals, may seek to harm us in non-...

Words: 468 - Pages: 2

Free Essay

School Paper

...Keiah Vail Professor: Seitu Stephens COM/156 April 29, 2012 Research Paper: Airport Security Airport security includes the procedure of guarding public transportation by airplane, as well as the terminals from which passengers of aircraft arrive and depart. Airport security has drawn the attention of the American public for invasive pat-downs, body scans and various news reports on concerns from TSA on failures to catch contraband items. A lot of people often wonder what is the reason for pat downs and body scans. Pat-downs are used to resolve alarms at the checkpoint, including those triggered by metal detectors and units. Pat-downs are also used when a person chooses out of screening in order to detect potentially dangerous and prohibited items. Because pat-downs are specifically used to resolve alarms and prevent dangerous items from going on a plane, the vast majority of passengers will not receive a pat-down at the checkpoint. All passengers have important rights during a pat-down. You have the right to request the pat-down be conducted in a private room and you have the right to have the pat-down witnessed by a person of your choice. All pat-downs are only conducted by same-gender officers. The officer will explain the pat-down process before and during the pat-down. Instead of making everyone strip down, the TSA has organized a type of body scan screening machine that let passengers skip the undressing part. The machine “undresses” you by using either x-rays or millimeter...

Words: 1154 - Pages: 5

Premium Essay

Airport Secuirty

...Airport Security Design Introduction The world and the United States stood still on 11 September 2001 as terrorist attacked the United States using four jetliners. Over the course of the next thirteen months, the President of the United States along with the U.S. Congress passed a series of bills that would change the structure of the U.S. government. On 20 September 2001, President George W. Bush announces to congress the formation of the Office Homeland Security. In a speech to congress, President Bush states, “Our nation has been put on notice:  We are not immune from attack.  We will take defensive measures against terrorism to protect Americans.  Today, dozens of federal departments and agencies, as well as state and local governments, have responsibilities affecting homeland security, which includes airport security (Bush, 2001).   Of these government agencies, the Federal Aviation Administration (FAA) and the Transportation Security Administration (TSA) provides the federal guidelines, which all airports must adhere to for security. The FAA and TSA provide these guidelines through the Recommended Security Guidelines for Airport Planning, Design, and Construction, and TSA civil aviation rules, CFR 49-1542. It is up to airport operators to follow these guidelines to insure passenger and employee safety. Security Force Many airports across the United States use local law enforcement to aid in the security of their airports. However, several airports have...

Words: 3562 - Pages: 15

Premium Essay

Project Deliverable 5 Infrastructure and Security

...Project Deliverable 5: Infrastructure and Security This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment. The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted. Additionally...

Words: 724 - Pages: 3

Premium Essay

Layered Security Strategy for Ip Network Infrastructure

...Week 4 Lab - Assessment Worksheet Design a Layered Security Strategy for an IP Network Infrastructure Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data? I would place the e-commerce server in the DMZ with the private and credit card data stored...

Words: 475 - Pages: 2