Free Essay

It Infrastructure Security

In: Computers and Technology

Submitted By GHendrix
Words 1125
Pages 5
Unit 4 Assignment 1: Create a VPN Connectivity Troubleshooting Checklist

1. Find out who is affected
The first step in troubleshooting any VPN problem is to determine who is affected by it. That information can go a long way toward helping you figure out where to start looking for the problem. For example, if everyone in the company is having problems, you might look for a hardware failure on your VPN server, an incorrect firewall rule, or perhaps a configuration problem on your VPN server.
On the other hand, if there is only one person who is having a problem who can never seem to remember his/her password or Some other person who insists on connecting from their home computer, that too can tell you a lot about what may be going on 2. Check to see whether users can established VPN connectivity
When you begin the actual troubleshooting process, you might want to start by determining whether the affected users can establish VPN connectivity. Not all VPN problems involve connection failures. Sometimes users can connect, but they can't access the network’s resources. 3. Look for policies preventing connectivity
If you find that certain users are having trouble establishing connectivity, have them try to log in from a known good machine. If that doesn't work, there may be a policy in place preventing them from logging in. For example, if you are operating in a Windows Server environment, one should check the Active Directory Users and Computers console to verify that the user has been given permission to log in remotely. Likewise, some VPNs could be designed so that users are allowed to log in only during certain times of the day. 4. Don’t rule out the client
If only a single user is affected by the problem and has no trouble logging in from another computer, the problem would most likely related to the computer that he/she was trying to connect from.
In one scenario, one of the users could be having trouble connecting to a VPN from a home computer. If you tried talking him through the problem, they kept telling you that what they were seeing didn't match what you were asking them to do. It turned out that the user had installed a freeware VPN client because a friend had told him it was much better than what he'd been using. On another occasion, I had someone who was unable to establish VPN connectivity because a virus had destroyed the computer's TCP/IP stack. If users are attempting to connect from their own computer, you can't assume anything about the system they're using. 5. Try logging in locally
This probably sounds silly, but when users say that they are having trouble logging in to the VPN, one of the first things you do is verify that they can log in locally.
I once heard there was a user complaint of VPN problems. The troubleshooter spent a lot of time trying to troubleshoot the issue. When nothing they tried seemed to make any difference, they decided to double-check the user's account to see whether there were any restrictions on it. When they did, they noticed that the account was locked out. They unlocked the account and tried again, but it wasn't long before the account was locked again.
The troubleshooter reset the user's password and was able to log in without any problems. When they told the user about it, the user told the troubleshooter that he'd never been able to log in with that account. When the troubleshooter asked how he got his work done each day, he told him that he always logged in as one of his coworkers. (You can't make this stuff up.) Ever since that incident, the troubleshooter always checked to verify that the user's account is working properly.

6. See if affected users are behind NAT firewalls
Another thing one should check is whether affected users are connecting from computers that are behind a NAT firewall. Normally, NAT firewalls aren't a problem. However, some older firewalls don't work properly with VPN connections. 7. Check for Network Access Protection issues
Microsoft created the Network Access Protection feature as a way for administrators to protect network resources against remote users whose computers are not configured in a secure manner. Although Network Access Protection (NAP) works well, it has been known to cause problems for end users.
Network Access Protection is based on group policy settings. So, if a user attempts to connect from a computer that is not a domain member, NAP will not work properly. Depending on how the VPN is configured, either the health of the user's computer will be ignored or the user will be denied access to the network.
It is also common to configure NAP so that if a user's computer fails the various health checks, a VPN connection is established to an isolated network segment containing only the resources necessary to address the health problem (sometimes through automatic remediation). When this happens, some users may not understand what is going on and may assume that there is a problem with the VPN. 8. Try accessing various network resources
If users can log in to the VPN but they can't do anything once they're connected, the next step is to systematically attempt to connect to various resources on the network. This is important because you may find that some network segments are accessible while others are not.
For example, when a user connects to a VPN server, the computer is typically assigned an IP address by a DHCP server. However sometimes, there are situations in which the DHCP server could have been configured incorrectly, and users who were assigned addresses from one specific scope couldn't access remote network segments 9. Test connecting to resources by IP address rather than server name
You can also try connecting to network resources by their IP address instead of by their name. If you can access previously inaccessible resources by using IP addresses, you can bet that a DNS problem is to blame. If that happens, you should check to see which DNS server VPN clients are configured to use. 10. Determine if users are having performance problems
Sometimes, users may find that although a VPN connection is functional, it is painfully slow. When this happens, you will have no choice but to do some performance monitoring on your infrastructure servers to ensure that they are not experiencing performance bottlenecks.
Sometimes it might just be the infrastructure servers are the source of performance problems, you will usually have multiple users complaining about poor performance. If only a single user is complaining, the problem is likely to be related to that user's Internet connection.…...

Similar Documents

Free Essay

It Infrastructure

...In an IT infrastructure, domains there can be many threats that can take down your system. There is a threat out there that can harm our system, which we need to address. I feel that our system can be improved for better security and be protective from outside threat. This report is to inform you of the domains that can be affected by outside threat. In addition, people should know when dealing which company property and data that there no room for error. Next to properly handle company data when dealing with customer information. I feel that educating our employee would cut back on human error and keep the data safe. User domain can be defined, as the access point was the person meets the computer. The person can access the system through this point depending on the level of access that have. We would need to put in an “Acceptable Use Policy” it would give the employee the information on how to handle company assets. Now there would be certain measure to where we give access to employee, but that would be handling in the hiring process. With this information, the employee would be responsible for his or her action when handling sensitive data. That would ensure that company data would be safe when an employee logged on to the system. The User Domain is the weakest access point and employee should understand that. Next is the “Workstation Domain” is the device to where a user can access the company system. Only employees with the right access should be using these......

Words: 429 - Pages: 2

Premium Essay

Ecommerce Infrastructure and Security Management for Sarbanes-Oxley

...2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. The legislation not only affects the financial side of corporations, it also affects the IT departments whose job it is to store a corporation's electronic records. The Sarbanes-Oxley Act states that all business records, including electronic records and electronic messages, must be saved for "not less than five years." The consequences for non-compliance are fines, imprisonment, or both. IT departments are increasingly faced with the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation. Section 404 of Sarbanes-Oxley In consequence, Search Financial Security (2009) shows the Section 404 of SOX mandates that all publicly traded companies must establish internal controls and procedures for financial reporting and must document, test and maintain those controls and procedures to ensure their effectiveness. The purpose of......

Words: 2280 - Pages: 10

Premium Essay

Layered Security Strategy for Ip Network Infrastructure

...Week 4 Lab - Assessment Worksheet Design a Layered Security Strategy for an IP Network Infrastructure Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data? I would place the e-commerce server in the DMZ with the private and credit card data......

Words: 475 - Pages: 2

Premium Essay

Firewalls and Infrastructure Security

...whose purpose is to enforce a security policy across its connections. It is comparable to a wall that has a window where the wall serves to keep things out, except those permitted through the window. A security policy acts like the glass in the window; it permits some things to pass, light, while blocking others, air. The heart of a firewall is the security policy that it enforces. Security policies are a series of rules that define what traffic is permissible and what traffic is to be blocked or denied. These are not universal rules, and there are many different sets of rules for a single company with multiple connections. A web server connected to the Internet may be configured only to allow traffic on port 80 for HTTP, and have all other ports blocked. An e-mail server may have only necessary ports for e-mail open, with others blocked. A key to security policies for firewalls is the same as has been seen for other security policies, the principle of least access. Only allow the necessary access for a function, block or deny all unneeded functionality. How an organization deploys its firewalls determines what is needed for security policies for each firewall. The security topology will determine what network devices are employed at what points in a network. At a minimum, the corporate connection to the Internet should pass through a firewall. This firewall should block all network traffic except that specifically authorized by the security policy. Blocking......

Words: 1184 - Pages: 5

Free Essay

Network Infrastructure Security

...Network Infrastructure Security Robert Collazo Rasmussen College Network Infrastructure Security The first thing that I will be covering is the virtual private network in windows 7. A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. The VPN connection across the Internet is technically a wide area network (WAN) link between the sites but appears to the user as a private network link—hence the name "virtual private network”. The following authentication protocols are supported for logon security for VPN connections in Windows 7: * PAP Stands for Password Authentication Protocol; uses plaintext (unencrypted) passwords. * CHAP Stands for Challenge Handshake Authentication Protocol; uses one-way MD5 hashing with challenge-response authentication. * MSCHAPv2 Stands for Microsoft Challenge Handshake Authentication Protocol version 2; an extension by Microsoft of the CHAP authentication protocol that provides mutual authentication of Windows-based computers and stronger data encryption. MSCHAPv2 is an enhancement of the earlier......

Words: 683 - Pages: 3

Premium Essay

Infrastructure

...none of the DISCOMs are working satisfactorily. Three distribution companies NESCO, WESCO, SOUTHCO are run by BSES while CESCO is run by AES Corporation. OERC reported that losses of these distribution companies are increased. Collection of electricity bills from consumers is decreased. The OERC has threatened to cancel the licenses of the distributing companies unless they show a steady improvement in their performance. 3. PRIVATE SECTOR GENERATION PTC has asked the promoters of the 3960 MW Hirma Project to scale it down to 1000 MW. Rajasthan, Haryana, Madhya Pradesh, Punjab, Gujarat, will be five takers of power from this project, promoted by Reliance Industries. Promoter is busy in taking different approvals from government. Payment Security Mechanism (PSM) is currently under advanced stage of approval by the Government of India. Power Purchase Agreement (PPA) is under negotiation with the developers. The first unit is likely to be declared commercial by December 2006 and the complete station by March 2008. The transmission scheme developed by Powergrid consisting of HVDC and AC systems is currently under approval by the Central Electricity Authority. ____________________________________________________________ __________________________ Issue-4, August 2002 Prayas 5 India Power Sector Reforms Update ____________________________________________________________ __________________________ 4. PRIVATE SECTOR DISTRIBUTION Performance of the DISCOMs was reviewed......

Words: 5753 - Pages: 24

Premium Essay

Design a Layered Security Strategy for an Ip Network Infrastructure

...Design a Layered Security Strategy for an IP Network Infrastructure NaTasha Scott Dr. Danielle Babb CIS 534 Advanced Network Security Design March 6, 2014 1. Block diagram design of a layered security solution 2. A written function overview of your design Lab Assessment Questions and Answers for Lab 8 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regard to......

Words: 779 - Pages: 4

Premium Essay

Understanding It Infrastructure Security Case Study

...Week 1: Understanding IT Infrastructure Security Case Study Hello my name is YGS and I am an Independent contractor for TJX, they have requested my assistant and I will be in charge of all IT matter at TJX. In recent happenings at TJX you should by now be aware that this company was breached by a hacker by the name of the Albert Gonzalez. He stole over $170 million dollars of customer’s credit card information. As a result TJX has taken a major financial loss and our honor and credibility is in question. The reason we are in question is because it turns out the matter was not discovered until an outside source (our gateway/payment-card processing) partners came in and performed an audit to then discover we were breached. Before the audit we should have caught the transfer of 80 GB of stored data by Mr. Gonzalez. Prior to any breach of this company TJX should have been compliant with the payment card industry compliance and validation regulations. In complying with the Federal Trade Commission (FTC) under FTC jurisdiction our IT team should be consistently taking measures in place to keep customer information secure at all times. By being on top of things we would have been less vulnerable to an attack of this size and speared the embarrassment of not discovering the breach for over seven months. To of eradicated this from ever happening TJX should have made sure that our payment gateway client was compliant with their firewall configuration, protect stored......

Words: 361 - Pages: 2

Premium Essay

Infrastructure

...through an unsecured site leading to the disclosure of business sensitive and companywide strategic information pertaining current contract negotiations and company mergers. IDI CIO has enlisted the help of an Information Systems Infrastructure Architect and An Information Systems Security Specialist to investigate and recommend improvements to IDI’s IT Infrastructure. To date, IDI’s network weaknesses out way the network strengths. The larger of the weaknesses is that IDI has no secondary locations in the event of a large scale disaster. Second to that is the lack of security implementations at some of the sites, i.e., Remote access to the Warsaw office runs through a completely unsecure channel and the blatant disregard for adherence to network security policies at the home office. Further evaluations of some of IDI sites have led us to come up with a fairly comprehensive plan to fix and mitigate and major issues that may arise in the future. Our greatest challenge will be to ensure that all sites are working towards the same goal using the same equipment. We are driven to set IT standards which will help us: * Avoiding technological dead ends * Reducing dependency on outside vendors * Promote universality San Paulo’s infrastructure is going to be the basis for the rest of the sites. We recommend that each site have the following hardware and software setups: * Microsoft Windows 2008 Server R2 * Microsoft Exchange 2010 * Microsoft......

Words: 3151 - Pages: 13

Premium Essay

Project Deliverable 5 Infrastructure and Security

...Project Deliverable 5: Infrastructure and Security This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment. The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted.......

Words: 724 - Pages: 3

Premium Essay

Infrastructure

...Infrastructure and Economic Development in Africa Infrastructure and Economic Development in Africa 2014 Mohamed Salah Abdel Rehim 10200210 12/21/2014 2014 Mohamed Salah Abdel Rehim 10200210 12/21/2014 Presented to: Dr. Azza El Sharabasy Course: Economic Development Presented to: Dr. Azza El Sharabasy Course: Economic Development Table of contents * Introduction * Literature review * Africa’s infrastructure endowment * Ways of financing infrastructure * Impact of Infrastructure on Economic Growth. * Conclusions and recommendations * References Introduction * Generally, a consensus has developed that, under the right circumstances, infrastructure evolution can play a major role in improving growth and equity-and, through those two channels, help to eradicate poverty. * However, in spite of this acknowledged aspects and their importance, sub Saharan Africa “SSA” falls behind other regions in infrastructure services and its quality, and this gap is increasing over time. * This is intensely showed in the energy sector, with around 800 million population, the 48 sub Saharan Africa countries produce all together about as much power as Spain, which has only 5.5% of the population of the SSA countries. * Investment in maintaining the current infrastructure is also lagging behind, leaving many African countries with deteriorated and inefficient infrastructure services;......

Words: 2755 - Pages: 12

Premium Essay

It Infrastructure.

...One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.1. What are the differences between ZeNmap GUI (Nmap) and Nessus?ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace...

Words: 310 - Pages: 2

Premium Essay

It Infrastructure

...partnership to develop a new set of information technology (IT) infrastructure capabilities which enabled the company to provide the necessary services for its large customers while at the same time reducing costs at Johnson & Johnson [Weill & Broadbent, 1998]. In the late 1990s, Charles Schwab focused on delivering customized information to its investors in a timely manner. Using the company's IT infrastructure and applications aligned with its business focus, Schwab became a full service brokerage firm. The firm was able to provide information and process transactions in meeting its business objectives. Customers could retrieve stock quotes and place orders via Schwab's Web site. As a result, the corporation continues to be an industry leader. These two examples demonstrate that an organization’s IT infrastructure can provide tangible benefits and a continuity of business practices [Kettinger, Grover, Subanish, & Segars, 1994]. A particularly important characteristic of IT infrastructure is flexibility [Byrd & Turner, 2000]. Researchers have stated that IT infrastructure flexibility should be viewed as an organizational core competency and that IT infrastructure flexibility is necessary to handle increased customer demands without increased costs [Davenport & Linder, 1994; Weill, 1993]. As we discuss next in developing the theoretical framework for our study, two important aspects of IT infrastructure flexibility emerge from previous research: the core......

Words: 328 - Pages: 2

Free Essay

Infrastructure

...INFRATSRUCTURE The Eleventh Five Year Plan emphasized the need for removing infrastructure bottlenecks for sustained growth. It, therefore, proposed an investment of US $500 billion in infrastructure sectors through a mix of public and private sectors to reduce deficits in identified infrastructure sectors. As a percentage of the gross domestic product (GDP), investment in infrastructure was expected to increase to around 9 per cent. For the first time the contribution of the private sector in total investment in infrastructure was targeted to exceed 30 per cent. Total investment in infrastructure during the Eleventh Plan is estimated to increase to more than 8 per cent of GDP in the terminal year of the Plan --higher by 2.47 percentage point s a s c ompa red t o the Tenth Pl an. The private sector is expected t o be contributing nearly 36 per cent of this investment. RAILWAYS Some of the major goals set for Vision 2020 in the document include (a) laying of 25,000 km of new lines; (b) quadrupling of the 6,000 km network with segregation of passenger and freight lines; (c) electrification of 14,000 km; (d) completion of gaugeconversion; (e) upgradation of speed to 160-200 kmph for passenger trains; and (f) construction of 2,000 km of high-speed rail lines. • Freight performance: Freight loading on Indian Railways during April-November 2011 was 618.0 MT as compared to 593.4 MT in April-November 2010, an increase of 4.14 per cent. •......

Words: 1202 - Pages: 5

Free Essay

It Infrastructure

...Tiffany’s Networking Request for Proposal for a Technology Network Infrastructure May 6, 2011 1 Purpose The purpose of this Request for Proposal (RFP) is to invite prospective vendors to submit a proposal to supply a Structured Cabling solution to Tiffany’s networking. The RFP provides vendors with the relevant operational, performance, and architectural requirements for the solution. 2 Coverage & Participation The intended coverage of this RFP, and any agreement resulting from this solicitation, shall be for the use of all departments at Tiffany’s networking along with any satellite offices. Tiffany’s networking reserves the right to add and/or delete elements, or to change any element of the coverage and participation at any time without prior notification and without any liability or obligation of any kind or amount. General Information The Enterprise Insert Enterprise Description Here Describe the enterprise in a few brief paragraphs. State the core business of the enterprise, the number of employees and the general size of the IT infrastructure: number of workstations, servers, etc. Include a description of the business and location including any satellite offices that will be involved in the project. Describe the overall objectives of the Structured Cabling solution purchase. Focus on larger business goals, not technical specifications. For example, most enterprises put the purchase of a Structured Cabling......

Words: 2282 - Pages: 10

Drontal for Cats Genuine Bayer 8 Tablets Dewormer Allworms Round and Tap Worm | All Movies | Resonate