Running head: SECURE VPN CONNECTIONS 1
SECURE VPN CONNECTIONS 23
VPN Connections
Name
Institution
Abstract
Virtual Private Networks (VPNs) are beneficial to a company to create secure connections within, and remotely. However, establishing VPN is a complex task that requires making choices on what type of VPN and what VPN technologies to use. There are two types of VPN, but each type serves a different purpose. Further, establishing these types of VPNs require different hardware and software. Therefore, it is important to understand what is required for the type of VPN that one intends to establish. Above all, security is a major concern for VPNs. In addition to enjoying the benefits of VPN companies want to have their connection secure. This means ensuring data confidentiality so that the sent data is seen by the authorized users only. Data integrity defines that the data sent over the network is not altered or tampered with, and authentication entails users of the network to verify their identity. Different protocols provide different aspects of security. In addition, to set up a VPN one should choose the most appropriate protocol that offers the desired security elements. Therefore this paper explores VPN types, hardware and software required for the different types of VPNs and the VPN topologies. The paper starts with an introduction which is followed by a detailed discussion of VPN and the VPN types namely; the remote access VPN and the site to site VPN. VPN technologies continue within the paper and discusses how VPN meets the confidentiality, integrity and availability factors. Under the VPN technologies a more detailed discussion is provided for the IP Sec and GRE tunnelling and SSL VPN.
Table of Contents
Introduction 4
Virtual Private Networks 6
Site to Site VPN 7
Remote Access VPN 10
VPN Technologies 12
Generic Routing Encapsulation (GRE) 15
IPsec VPN 16
SSL VPN 20
Conclusion 21
References 23
Secure VPN ConnectionsIntroduction
The world is changing rapidly every day, more so in the technology industry. Businesses are now forced to cope with regional concerns in addition to their local ones. Many businesses are forced to consider the global markets and logistics. These organizations have established branches in different regions of the country or the world. Additionally, these companies need to be secure, fast, connected, and able to communicate effectively.
Until recently, communication between distant branches has been done using leased lines in a Wide Area Network (WAN) form of connection. Leased lines used have ranged from optical carrier-3 which has a speed of 155Mbps or ISDN with a speed of 144Kbps (Comer, 2015). These WAN networks have been advantageous in that the security, performance and reliability resulting in high proficiency. However, setting up and maintaining WAN networks over a large area using leased lines is expensive. Further, leased lines are not viable in terms of mobility .
Running head SECURE VPN CONNECTIONS1SECURE VPN CONNECTION.docx
1. Running head: SECURE VPN CONNECTIONS
1
SECURE VPN CONNECTIONS
23
VPN Connections
Name
Institution
Abstract
Virtual Private Networks (VPNs) are beneficial to a company to
create secure connections within, and remotely. However,
establishing VPN is a complex task that requires making
choices on what type of VPN and what VPN technologies to
use. There are two types of VPN, but each type serves a
different purpose. Further, establishing these types of VPNs
require different hardware and software. Therefore, it is
important to understand what is required for the type of VPN
that one intends to establish. Above all, security is a major
concern for VPNs. In addition to enjoying the benefits of VPN
companies want to have their connection secure. This means
ensuring data confidentiality so that the sent data is seen by the
authorized users only. Data integrity defines that the data sent
2. over the network is not altered or tampered with, and
authentication entails users of the network to verify their
identity. Different protocols provide different aspects of
security. In addition, to set up a VPN one should choose the
most appropriate protocol that offers the desired security
elements. Therefore this paper explores VPN types, hardware
and software required for the different types of VPNs and the
VPN topologies. The paper starts with an introduction which is
followed by a detailed discussion of VPN and the VPN types
namely; the remote access VPN and the site to site VPN. VPN
technologies continue within the paper and discusses how VPN
meets the confidentiality, integrity and availability factors.
Under the VPN technologies a more detailed discussion is
provided for the IP Sec and GRE tunnelling and SSL VPN.
Table of Contents
Introduction 4
Virtual Private Networks 6
Site to Site VPN 7
Remote Access VPN10
VPN Technologies 12
Generic Routing Encapsulation (GRE) 15
IPsec VPN 16
SSL VPN 20
Conclusion 21
References 23
3. Secure VPN ConnectionsIntroduction
The world is changing rapidly every day, more so in the
technology industry. Businesses are now forced to cope with
regional concerns in addition to their local ones. Many
businesses are forced to consider the global markets and
logistics. These organizations have established branches in
different regions of the country or the world. Additionally,
these companies need to be secure, fast, connected, and able to
communicate effectively.
Until recently, communication between distant branches has
been done using leased lines in a Wide Area Network (WAN)
form of connection. Leased lines used have ranged from optical
carrier-3 which has a speed of 155Mbps or ISDN with a speed
of 144Kbps (Comer, 2015). These WAN networks have been
advantageous in that the security, performance and reliability
resulting in high proficiency. However, setting up and
maintaining WAN networks over a large area using leased lines
is expensive. Further, leased lines are not viable in terms of
mobility (Comer, 2015). WAN highly limits the employees'
mobility. For example, a marketing staff might need to
frequently connect remotely to the company's network to access
sensitive information.
With the growing popularity of the internet, businesses have
sought ways to extend their connections. First, came the intranet
by which sites meant to be used by the company employees
were created. Currently, companies create Virtual Private
Networks with an aim to meet the need of connecting distant
offices and giving access to remote employees (Bays et al,
2015). A typical VPN may have the LAN established at the
main headquarter and the other LANs set up at the remote
facilities such that users can connect from remote areas.
Therefore, from this description, a VPN can be described as a
private network that makes use of the public network such as
the internet to connect to the company's resources (Bays et al,
2015). Further, instead of using a wired connection the VPN is a
4. virtual connection that has been routed from the organization's
private network through the internet to form a remote
connection.
To create and enable a VPN, tunnelling protocols are required
whereby one can establish a tunnel between the endpoints on the
network. VPN makes use of tunnelling and advanced encryption
techniques to enable organizations to establish an end to end
network connections over a public network that are secure. The
three main elements that VPNs seek to achieve are; data
integrity; data confidentiality and authentication. Data integrity
ensures that data communicated over the network is not altered
or tampered with (Computer-solutions.com, 2015). In this
regard, the data is transmitted from the source to the destination
whereas unauthorized personnel cannot tamper with it. To
ensure data integrity VPNs use hashes that act like a seal to
guarantee no unauthorized persons read the message content.
On the other hand, data confidentiality entails protecting data
from unauthorized persons such as hackers (Computer-
solutions.com, 2015). The main aim of data confidentiality is to
protect the message content for unauthorized interceptions, to
achieve this VPN uses encapsulation.
Authentication makes sure that the message comes from a
reliable source and is received at the authentic destination
(Computer-solutions.com, 2015). To achieve authentication,
VPNs identify parties on both ends of the network using digital
certificates, passwords, biometrics, and smart cards. Most
organizations deploy VPNs aimed at providing data
confidentiality, data integrity and authentication of packets
transmitted over the unsecure network. Virtual Private
Networks
When using a public internet, security is always a concern.
Virtual Private Networks (VPNs) not only enable the connection
of two sites, but also ensures that they are secure. To do so, the
VPN creates a private tunnel over the public network. Once the
VPN connection is established data is protected through
authentication and encryption making it possible to securely
5. shared information through the tunnel (Chamberlain et al,
2017). Tunnelling comprises of three protocols; the passenger
protocol which is the original data; the encapsulating protocol
which is the protocol wrapped with original data such as GRE;
and the carrier protocol which is the protocol over which
information travels over the network (Mano et al, 2017). The
passenger packet is encapsulated inside the encapsulating
protocol which is later put into the carrier protocol header to be
transmitted over the network. Further, the encapsulating
protocol encrypts data protocols such as IPX can be
successfully transmitted (Mano et al, 2017).
Virtual Private Network (VPN) is a technology that makes it
possible to create a secure network connection over an insecure
network (Salman, 2017). VPN protects the privacy of the
computer user accessing the internet. VPNs are highly preferred
for their beneficial features. To start with, VPNs are able to
extend connections across different locations without
necessarily using leased lines (Salman, 2017). Secondly, VPNs
implement security mechanisms such as encryption that makes it
possible to share data safely. In addition, VPNs provides a high
level of flexibility for remote employees and offices, so they are
able to access the company's intranet over the internet
connection created. This saves time and cost of commuting of
employees and for establishing multiple networks within the
company. Lastly, establishing VPNs is cheaper that connecting
sites using leased lines (Salman, 2017).
The two main VPN technologies are; (1) site to site VPN; (2)
Remote access VPN. A site to site VPN makes it possible for
sites in fixed locations to connect with each other securely over
a public network (Han, Gopalakrishnan, Ji & Lee, 2015). This
type of connection enables resource sharing by employees in the
different locations/sites. On the other hand, the remote access
VPN securely connects to a remote computer network, so
individuals can access these secured resources over the internet
(Han, Gopalakrishnan, Ji & Lee, 2015). To implement VPN over
a Wide Local Area Network (WLAN), the two most widely used
6. solutions are IPsec VPN and SSL VPN.Site to Site VPN
A site to site connection is established by connecting multiple
sites over the public network. A local connection to the public
network is set up for each site. This saves the cost that would
have been used to buy leased lines to connect the sites. Site to
site connections can further be classified as intranets and
extranets. When a site to site VPN connects branches of a
company it is referred to as an intranet VPN. On the other hand,
when a site to site VPN connects a company to its customers or
partners then it is referred to as an extranet VPN.
A site-to-site VPN acts as an extension to the Wide Area
Network, connecting other networks (Liyanage et al,2015). For
example, a headquarters office can be connected to all the other
branches using a site to site VPN. Previously leased lives have
been used to create connections, however they have since been
replaced by the highly configurable and manageable VPN
(Liyanage et al,2015).
A site to site VPN occurs when devices on both sides of the
VPN know about the VPN configuration, but the internal host is
unaware. In a site to site VPN hosts on the host end receive and
send TCP/IP traffic which passes through the VPN gateway
(Han, Gopalakrishnan, Ji & Lee, 2015). The work of the VPN
gateway is to encapsulate and encrypt outgoing traffic which
forwards it through the VPN tunnel to the VPN gateway located
at the distant end. The VPN gateway on the receiving side will
remove the headers, decrypt the available content and then relay
the packet to the target host in the private network. In this case,
to backup security, the routers have some add-on cards to assist
the router to encrypt data quickly. The Adaptive Security
Appliances (ASA) also is configured to act as a VPN
concentrator that supports many VPN tunnels (Bays et al, 2015).
From the diagram above a branch office located in a remote
location connects to the corporate head office using a site-to-
7. site VPN. The hosts in the remote branch office receive and
send files from TCP/IP traffic through the VPN gateway.
Further, the VPN gateway is responsible for routing the firewall
appliance. In addition, the VPN gateway encrypts and
encapsulates the outbound traffic from the office then transmits
it over the internet through the VPN tunnel to the VPN gateway
located at the distant end. Upon receipt, the branch VPN
gateway strips the header then decrypts the message content
before relaying the packet to the target client who is inside the
private network. To establish such a Site to Site connection
each side is required to have a device that has the software and
hardware needed which understands the set of VPN protocols
and security standards implemented in the network.Remote
Access VPN
Remote VPN is also referred to as the Virtual Private Dial−up
Network (VPDN). Remote VPN is a user-to-LAN connection
established to make it possible for employees at remote
locations to connect to the company's private network (Salman,
2017). Companies wishing to set up large remote VPN
connections provide an internet dial-up number and set up an
internet dial-up account using the Internet Service provider
(ISP) (Comer, 2015). The remote VPN uses third party service
providers to secure and encrypt connections between the remote
users and the organization's private network.
The remote access VPN caters to the mobile users,
telecommuters, consumer to business traffic, and the extranet.
Unlike the site to site VPN, the remote access VPN creation
does not entail a static set up, but rather it allows for dynamic
disabling and enabling where information can also be changed
(Salman, 2017). The remote access VPN can further be
described as a client/server architecture where a remote user is
allowed access to an enterprise network securely through a VPN
server device located at the network edge. To establish a
connection, the VPN client software will need to be installed at
the user's device. Security is ensured since data is sent over the
internet to be encrypted, upon receipt the VPN gateway here
8. removes the headers, decrypts the received content and finally
relays the packets just like in a Site to Site VPN (Salman,
2017).
For example, in the diagram above, User 1 and User 2 both want
to connect to the Head office intranet and access marketing
files. To do so, the users must have a VPN application installed
on their laptops. Additionally, they will dial up a number
provided by the company. As this progress, the user will be
prompted to enter their username and password. Only after the
password and username match with the database record details
that the user is allowed to access the intranet. Based on the
user’s level he/she will only be allowed to access permitted
files and perform the authorized functions. Assuming user 1 is
only allowed to copy files from the system then he/she will not
be able to alter or update these files. Further, if user 2 is
allowed to update certain files he/she will have the capability to
update but not to copy and so forth. All these transactions will
happen over the internet through a VPN tunnel as demonstrated
by the diagram. Further, to ensure secure transactions protocols
such as IPSec can be implemented. In the case of IPSec, the
remote access VPN client has the VPN software installed. When
the client tries to transmit information, the client software
encrypts and encapsulates the information prior to transmitting
it over the public network to the VPN gateway located at the
edge of the distant end.VPN Technologies
VPNs use different technologies to keep their connections safe
and secure. To ensure, data confidentiality, integrity and
authentication various applications are used. VPN
implementations use many different protocols namely; Internet
Protocol Security (IPsec); Point-to-Point Tunneling Protocol
(PPTP); Secure Socket Layer (SSL); Generic Routing
Encapsulation (GRE) Protocol; Layer 2 Tunneling Protocol
(L2TP); and Layer 2 Forwarding (L2F) Protocol (Computer-
9. solutions.com, 2015). Among these protocols, IPsec and SSL
provide data confidentiality, data integrity and authentication.
However, one can combine two or three of the insecure
protocols with one secure protocol. For example, GRE can be
used with L2TP, IPsec and MPLS. Within most large
organizations, IPSec is used since it caters to all the three
security elements.
Data confidentially happens to be the most important service
provided by VPNs. In the case of IPsec confidentiality is met by
using comprehensive authentication models and stronger
encryption techniques (Mano et al, 2017). The authentication
models used transport mode and tunnel mode. The tunnel mode
encrypts the payload and the header of the packet while the
transport mode encrypts only the payload. In addition, devices
under IPSec have a common key and share similar security
policies. IPSec implements confidentiality through tunnelling.
Mano et al (2017), defined tunnelling as a process that entails
encapsulating the entire packet within another packet before
sending it over the network. In the case of IPsec, tunnelling
works by adding a header to the existing packets such that the
source of the packet is hidden, thus hiding the identity of the
device. While using tunnelling, the trusted receiver of the
message is the only person who can determine the origin of the
packet after stripping the added header further implementing
integrity checks (Mano et al, 2017). For security of data it is
important to encrypt information transmitted over the network,
it is equally important to verify the originality of data. IPSec
has a mechanism to verify that the encrypted packet, the headers
and the data is not tampered with. More so, if tampering is
detected then it is dropped to ensure that integrity is met. IPsec
also authenticates the remote peers to make sure data comes
from the intended source and is received by the trusted receiver
(Mano et al, 2017).
Liyanage et al (2015), defines Point-to-Point Tunneling
Protocol as an extension which utilizes compression,
authentication and encryption mechanisms. PPTP uses dial-up
10. remote access. Point-to-Point Tunneling Protocol is commonly
used for single client to server connections. Considering that it
permits only a single point to point connection for every session
it is highly preferred. PPTP encapsulates point to point frames
into datagrams then transmits them over the IP network
(Liyanage et al,2015). While using the Point-to-Point Tunneling
Protocol the firewall is set to permit IP protocol 47. PPTP can
be used together with Generic Routing Encapsulation (GRE) in
which case the firewall will be set to allow IP protocol 47 and
TCP port 1723 (Liyanage et al,2015).
Layer 2 Forwarding (L2F) protocol is able to create a VPN by
tunnelling data link layer frames in protocols such as Serial
Line Internet Protocol (SLIP and Point-to-Point Protocol (PPP)
(Han, Gopalakrishnan, Ji & Lee, 2015). In addition, L2F can be
used on the server side for user authentication. For example,
when L2F is used with PPP the point to point protocol to
connect the network access server and the dial-up client.
Normally under PPP, when a client initiates a connection it ends
at the network access server located at the service provider of
the PPP. However, when using L2F the connection is extended
beyond the network access server to a node in a remote
destination (Han, Gopalakrishnan, Ji & Lee, 2015). In this
manner, the client connection can be connected directly to the
remote node rather than the network access server. Further,
when using L2F and PPP network access server function, it can
be used to forward point to point frames to the remote gateway
from the client.
Layer 2 Tunneling Protocol (L2TP) has replaced L2F since it is
a vendor-neutral solution for tunnelling (Comer, 2015). Just like
L2F, L2TP acts as an extension for the point to point protocol.
Layer 2 Tunneling Protocol (L2TP) can be used over IPSec
protocol as it provides security on the IPSec protocol over the
Layer 2 tunnelling protocol. L2TP is commonly used for remote
access VPNs (Comer, 2015). It is also used to provide dial-in
connections between the remote office and the access point to
users encrypted with IPSec.
11. Multiprotocol Label Switching (MPLS) protocol shapes the
network traffic by sorting and prioritizing data packets.
Normally, in a network, the routers have to perform an IP
lookup on the routing table of packets to determine the
destination. MPLS works within ingress mode within the router
in a way that data packets can be labelled as they enter the
network. Consequently, labelling data packets within the router
is able to easily know the destination of the packets (Nanog.org,
2015).
Remote access VPNs can use the AAA mechanism which stands
for Authentication, Authorization, and Accounting.
Authentication is used to verify that only the authorized user
uses the preconfigured VPN connection to access the company's
resources (Chamberlain et al, 2017). Authentication is
accomplished by the use of a username and password. These
username and password can further be stored on the VPN
terminal device or in the external AAA server. When a user
requests to connect to the tunnel using the dial-up access the
VPN device responds by prompting the user to enter their
username and password (Chamberlain et al, 2017). Once the
user enters the username and password, these details are sent to
the external AAA server which checks the user's identity, what
the user is allowed to access, and what the user is allowed to
do. It then allows the user to access the system by only
performing actions that they are allowed to do. The AAA
mechanism is important in ensuring non-repudiation. Once a
user is authenticated then he/she is responsible for all action
taken as long as they are under his/her authorized tasks for
allocated privileges (Chamberlain et al, 2017).
Site-to-Site VPNs can use Generic Routing Encapsulation
(GRE) protocol as the encapsulation protocol. GRE entails
information on the type of packet being encapsulated and the
information about the client-server connection (Mano et al,
2017). On the other hand, remote access VPNs using tunnels
takes place using point to point protocol (PPP). PPP is a part of
the TCP/IP stack and is used to carry the IP protocols during
12. communication between the remote system and the host over the
network (Salman, 2017).Generic Routing Encapsulation (GRE)
Generic Routing Encapsulation (GRE) is a non-secure site to
site VPN tunnelling protocol. Its main feature is that it can
encapsulate many different types of protocol packets inside an
IP tunnel (Liyanage et al,2015). GRE works over an IP network
by establishing a virtual point to point link to remote points at
Cisco routers.
GRE routing encapsulates many types of protocols within an IP
tunnel. To do so, the GRE tunnel supports a header for the
encapsulated carrier protocol such as GRE, the encapsulated
passenger protocol such as IPv6 / IPv4, and the transport
delivery protocol such as the IP (Liyanage et al,2015). The GRE
makes it possible to expand the network across a single
environment by connecting multiple protocols in a network into
a single network.
To configure a GRE tunnel, one requires specifying the source
and destination addresses of the tunnel. Further, one has to
configure the IP connectivity along the tunnel. The first thing
the network administrator should do is learn the IP addresses at
the endpoints (Han, Gopalakrishnan, Ji & Lee, 2015). Secondly,
the administrator should create an interface number where
he/she will specify the IP addresses of the source and the
destination (Han, Gopalakrishnan, Ji & Lee, 2015). Thirdly, the
network administrator should configure the tunnel interface IP
address. Lastly, the network administrator specifies the tunnel
interface mode as GRE tunnel mode (Han, Gopalakrishnan, Ji &
Lee, 2015). Also, the network administrator should test to
ensure that the GRE tunnelling is working properly by pinging
across the tunnel using the source and destination IP addresses
of the tunnel.
IPSec VPN
IPSec is a protocol used to secure traffic on IP networks such as
the internet. IPSec works by encrypting data between two
devices. These devices could be two routers, a firewall and a
13. router, and so forth. This makes the IPSec operate like an
internet layer over the protocol suite. The IPSec works by
creating a virtual tunnel that is used to connect two end-points.
Once configured, peers can send packets over the network
through the tunnel. All traffic within the VPN tunnel is
encrypted which makes it secure considering that other public
internet users cannot view communications (Salman, 2017).
Additionally, when a computer is connected virtually it can
view the entire network.
The IPSec is beneficial in that it provides data confidentiality
by preventing possible eavesdropping. Furthermore, IPsec also
ensures data integrity and authenticity is maintained through the
AH and ESP such that only the senders and the receivers can
view the data (Chamberlain et al, 2017). IPSec VPN provides an
end to end data encryption. Most importantly, IPSec offers
application transparency provided by the fact that IPSec
operates in layer 3 and hence does not impact the network layer
(Salman, 2017). Despite the advantages, IPSec faces some
disadvantages. The first one is that using an IPSec VPN requires
configuration and installation of a VPN client on all the
terminals. Further, managing these terminals becomes a
challenge since there is hardware and software installed on the
client side. The IPSec has three main components namely; (1)
Authentication Header (AH); (2) Encapsulating Security
Payload (ESP); and (3) Internet Key Exchange (IKE) protocols.
Authentication Header (AH)
The IP authentication header ensures connectionless integrity is
maintained, unauthorized retransmission of packets which may
be caused by anti-play attacks are prevented, and the origin of
data of IP datagrams is authenticated (Salman, 2017). AH can
be used in two modes; (1) transport mode; (2) tunnel mode.
Under the tunnel mode, the AH ensures every packet gets a new
header but under the transport mode AH does not create new
headers.
AH provides for authentication and integrity by placing the AH
14. header between the transport layer and IP header. However, the
Authentication header does not cater to confidentially since it
does not encrypt the data which makes it prone to access and
modification (Salman, 2017). Therefore, to be safe, the
authentication header is implemented with the IP Encapsulating
Security Payload (ESP). Using AH with ESP ensures that anti-
replay attacks are prevented and the integrity and
confidentiality are backed up.
Encapsulating Security Payload (ESP)
ESP provides integrity, confidentiality and authentication. It
protects data from unauthorized access, modification and
altering (Salman, 2017). Further, ESP protects the content of
the messages by implementing encryption. Encryption works by
translating a readable message into the unreadable message.
Encrypted messages are later decrypted by the authorized
receiver from the unreadable format to readable format. Similar
to Authentication header, the ESP can be used on tunnel mode
and transport mode. The ESP header is located before the IP
payload data or the transport layer header (TCP/UDP) (Salman,
2017).
Internet Key Exchange (IKE)
In the IPSec protocol, the IKE is used to establish a security
association (SA) through which keys are exchanged between
parties to be able to transfer data (Salman, 2017). This requires
the two computers to agree on how to securely exchange data by
protecting it from unauthorized access. The two computers use
the Internet Engineering Task Force (IETF) standard method
presented on how to exchange keys using IKE. IKE, therefore,
entails; providing a framework for managing security
association which saves time; generating and managing the
secret shared keys used to protect information access; and
lastly, using keys to make sure that only the sender and receiver
gain access to the message (Salman, 2017).
To ensure confidentiality, integrity and authentication, IPSec
uses Internet Key Exchange (IKE) to establish secure remote
15. access or Site to Site VPN tunnels. According to Comer (2015),
IKE is a framework that is provided by Key management
protocol and Internet Security Association to ensure data
security. To use IKE a number of steps are involved. First, a
secure bidirectional communication channel is created between
IPSec peers. At this point features such as the encryption
algorithms, authentication method, hashing algorithms and
vendor-specific attributes are negotiated (Mano et al, 2017).
Some of the encryption algorithms that are mainly used are;
Data Encryption Standard (DES); Triple-DES; and Advanced
Encryption Standard (AES). In addition, the hashing algorithms
used include; Message digest algorithm 5 (MD5); and Secure
Hash Algorithm (SHA) (Mano et al, 2017). In IPSec
authentication is ensured by using pre-shared keys whereby the
peers involved agreeing on the shared secret they will use by
using Public Key Infrastructure (PKI) (Mano et al, 2017).
Next, the negotiation of IPSec Security Associations (SAs)
takes place. Though the ISAKMP IPSec is protected by SA, the
payloads are encrypted such that data transmitted over the
tunnel is encrypted using two different protocols in IPSec
(Mano et al, 2017). These protocols include Authentication
Header (AH) and Encapsulation Security Payload (ESP). These
two protocols can be used in transport mode or tunnel mode.
The transport mode is used to authenticate and encrypt data
packets from the different peers, whereas the tunnel mode is
used to protect the entire IP packet. Further, the tunnel mode
authenticates and encrypts these IP packets as they originate
from the hosts (Mano et al, 2017). SSL VPN
Internet of Things (IoT) SSL-based VPNs are the most widely
used. The Secure Sockets Layer (SSL) virtual private network is
a VPN used with web browsers. The SSL VPN is used to give
secure connections to internet users. SSL is most popular for its
ability to launch browsers such as Firefox, Internet Explorer,
and Chrome used to connect to an address of a VPN device
(Liyanage et al,2015). Further, SSL makes it possible for users
to access portals, corporate intranets and emails from remote
16. locations. According to Bays et al (2015), most people allow
SSL over their firewalls by opening the TCP port 443. In
addition, vendors such as CISCO provide devices that support
lite-client and clientless SSL VPN. A client using SSL VPN
allows remote users to enjoy the benefits of IPSec without
having to install and configure IPSec VPN client on the
computer, but rather authenticate the VPN device using SSL
encryption present on the remote computer (Bays et al, 2015).
Therefore, unlike the IPSec VPN, SSL VPN does not require the
installation of client software on the terminals (Comer, 2015).
Some of the protocols used with SSL record protocol, alert
protocol and the handshaking protocol. The handshaking
protocol determines the conversation encryption parameters
between the server and the client (Comer, 2015). The record
protocol is tasked with the exchange of applied data (Comer,
2015). The alert protocol is responsible for terminating
conversations between hosts in case of an error (Comer, 2015).
An SSL VPN works by having VPN devices connect to the
internet using a web browser. The traffic between the SSL VPN
device and the web browser is encrypted using the SSL
protocol. SSL provides some very useful …
PART ONE: REPORT
Choose one (1) company that you would like to work for and
choose one (1) type of product or service that they offer in your
chosen field of expertise. Using the research skills you garnered
in your undergraduate study, collect, organise, interpret &
analyse the following customer service information from your
chosen company into a professional report. You may wish to
interview someone who is working in this company as a part of
your research. Please reference all valid sources of your
information (both on-line and non-electronic). Answer the
following questions in a professional business report style
format and upload in Moodle. (Minimum 750 and maximum
1000 words)
1. What is the name of the company, their vision & mission,
17. their location & the customer services and/or products that they
provide?
1. Who are their customers & what are their customer segments?
Describe how you researched this online using specific words
and phrases (Boolean operators) to ensure you got valid &
reliable information.
1. How does this company determine what their customer’s
needs are? (Use specific evidence-based research examples and
explain how this helps identify the customer needs).
1. Explain the role of promotional strategies in targeting
customer’s needs using a specific promotional strategy used by
this company for this product or service.
1. What procedures does the company have in place to ensure
that their promotional strategies are up to date and relevant to
the customer’s needs? Please include numerical data such as
sales figures etc
1. What products or services are offered by the company to each
segment & why? (Identify where the company meets the specific
needs of the customer in the service or the product and how
they match the product or service to these needs). Support this
answer with evidence & analysis from your research.
1. What are some areas of the customer’s need that may not be
met by this product or service? (Include any difficulties that
you can envisage with the way the product or service is
marketed? Support this answer with evidence & analysis from
your research.
1. What alternative products or services are there in the same
market? List three (3) and briefly describe their advantages &
disadvantages.
1. If you were working for this company describe how would
you assist your customer in determining what they needed from
this product or service? What alternatives could you offer them
in the product range? How would you prioritise what the
customer’s needs were?
1. What rights do the customers have with regards to faulty
products or unsatisfactory services? (Quote relevant legislation,
18. ethical obligations, Codes of Practice, Policies & Procedures,
Terms and Conditions, Product Disclosure Statements &
identify how & when they are applied and what each one means
for the consumer).
1. What procedures would you put in place if you were working
in this company to ensure that all referrals for the product or
service are relevant and matching to the needs of the customer?
1. What events and networks would you need to attend and/or
maintain to ensure that you had an ongoing pipeline of
referrals? Give two (2) examples one internal and one external
and why you consider these two be the most important.
1. Imagine you are the owner, manager or team member of the
company you have picked. Your task is to research current best
practice in maintaining customer records and customer
interaction history and then describe / suggest what your
company will do to achieve best practice in these areas. You
are required to document the process including how your
company manages customer satisfaction, customer
confidentiality and customer security? How do your
recommendations compare with what currently exists in the
company?
1. Finally, who would you distribute this report to if you were
working in this company and why? Who would you seek
feedback from to ensure that your findings were suitable &
sufficient for organisational requirements?
PART ONE: REPORT (STYLE GUIDE)
Ensure you include answers to the questions above in a report
format using the style guide provided below.
Structure of reports should be flexible but generally follow:
1. Title
1. Introduction
1. Body
1. Conclusion/Recommendations
1. Appendices
1. References
19. Introduction should do the following:
1. present an overview of the subject matter
1. describe the research methods
1. identify the findings (can use bullet points)
1. list recommendations (can use bullet points)
1. use language appropriate to audience and purpose.
Body text
Body text should be ordered into clear sections with sub-
sections if required. Text should contain analysis of findings
and should be written using paragraphs.
Language uses plain English as follows:
1. active verbs
1. present tense
1. accurate language with any jargon explained
1. formal English tone
1. no contractions
General presentation
1. use consistent format including fonts and styles
1. use font size 10-12 for body text
1. use 1.5 spacing
1. one line between paragraphs
1. justify text
1. use same font style for all headings
1. use section headings
1. your name and date in footer
1. include page numbers
1. use correct citation for all references used.