VPN Implementation Best Practices
The VPN is only as safe as the machine where used. Before deploying a VPN, review the implementation best practices, listed as do’s and don’ts, in TABLE 12-1.
| DO | DON’T | |
|---|---|---|
| Passwords | Do change the original password to a strong password you will remember. | Don’t write down your password unless it will be stored in a safe. |
| Software | Do buy or upgrade antivirus detection software. Do ensure your virus definitions are set to update automatically. Do check frequently for updated OS patches and application patches. |
Don’t go without antivirus software. Don’t ignore OS and application updates/patches. Don’t use unsafe applications such as peer-to-peer file sharing tools or applications of unknown origin. |
| Firewalls | Do enable built-in firewalls. Do use external standalone firewalls whenever possible. |
Don’t go without either a built-in or standalone firewall. |
| Hardware | If connecting via a wireless interface, do disconnect or disable the wired network interface. If connecting via a wired interface, do disconnect the wireless. Do use the VPN for work purposes only. |
Don’t enable or connect more than one network interface while using a VPN-connected computer. Don’t allow people to use the computer who might do so unsafely. |
| Services and protocols | Do disable any unneeded services or protocols. | Don’t run default services and protocols unless each is specifically needed. |
Additional steps you can use for the VPN server include:
- Use strong authentication—Ensure that only authorized clients can connect. Because the VPN server will have a public IP address, it is accessible from an Internet user anywhere in the world. If someone can easily log on to the VPN server, that person can easily access your Internet network.
- Use strong encryption—The two primary encryption protocols used in VPNs today are IPSec and SSL/TLS. Either of these is strong enough to protect a VPN, but evaluate other protocols for the best match to your needs.
- Protect the VPN server behind a firewall—Whether you are using a host-to-gateway or gateway-to-gateway configuration, you should not put the VPN server directly on the Internet. Instead, place it behind a firewall such as in a DMZ configuration. This will provide a layer of protection from Internet attacks.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.