VPN Case Study

Summerbreeze_25Summerbreeze_25 Registered Users Posts: 1 ■□□□□□□□□□
I have this case and I am wondering about the answer.

Nancy is the network administrator for a defense company. Many of its researchers do some work from home, particularly work on mathematics, algorithms and so on. The data they send must be absolutely secure. These remote users wish to use VPN connections to the company network. Nancy takes the following actions:

1. She implements a PPTP VPN using Windows XP as the VPN server.
2. All remote users are set up for compulsory tunneling.
3. All remote users are given very strong passwords that change every 30 days.

Are the steps nancy took adequate and appropriate? What other steps, should she have done?

Thank you

Comments

  • _netmon_netmon Level 99 Wizard Mod Posts: 878 Mod
    She works for a defense company, and the data must be absolutely secure. So using PPTP would be a security risk as there is no encryption. A better choice would be to use IKEv2 with IPSec for encryption. This requires you use Windows 7 so the XP server would need to be changed. Windows 7 has better security than XP anyway.

    The other two options seem okay, although I'm not sure whether compulsory tunneling would be required, unless the laptop they are using is primarily for work and safe from outside threats.
    2020 goals: Server 2016 MCSA/MCSE (70-740, 70-741, 70-742, 70-744), Powershell training
    2021 goals: RHCSA/RHCE, AWS, Python training

    Train people well enough so they can leave, treat them well enough so they don't want to. - Richard Branson
Sign In or Register to comment.