Remote Sites Procedure

Introduction

Security in computing is very important because of today’s widespread nature of cyber attacks that endanger the life of any organization. Many at times the attackers take advantage of the vulnerabilities of networks to accomplish their attacks. For that reason, the system, network, and security administrators have a crucial task of ensuring that their systems are secure and that the users work in a secure environment. Configurations on the system must be properly done, and policies should be documented to ensure that every user understands their responsibility in the security of the organizational information systems. In this paper, policies and procedures are developed for two technologies: direct access and Remote Ethernet Device.

The Direct Access

Direct Access is a set of Windows platform technologies which have been assembled to offer secure, flawless and transparent, always available, bi-directional network connectivity for Windows machines at remote locations (Microsoft Corporation, 2012). It means that remote users securely access the network resources including files, applications, and Web sites without the need to connect to a virtual private network (VPN). Users do not have to worry about connecting to the intranet, and the IT administrators manage the remote computers even when these computers are not connected to the VPN. It utilizes authenticated IPsec encryption to ensure integrity and confidentiality, while IPv6 is being used for transport. It leverages IPv6 transition and translation protocols to ensure compatibility with IPv4 hosts and networks.

General Policy

For a high level of assurance for Direct Access users, implement strong user authentication using smart cards (physical or virtual), One-Time Password (OTP) or RSA SecurID tokens. Employing custom configuration can also help in providing additional security. For instance, additional configuration enables the DirectAccess clients to carry out stringent validation checks as they establish Direct Access IPsec tunnels. This, in turn, ensures that these clients only connect to a Direct Access server which embodies a distinct tunnel endpoint IPv6 address as well as a certificate using a custom Object Identifier (OID). Further enhancement of overall security of Direct Access will include the deployment of a third-party Application Delivery Controller (ADC) as it offers a level of pre-authentication for the Direct Access clients (Celestix Networks, Inc, 2015). Also, encryption techniques that use stronger cipher suites, as well as Perfect Forward Secrecy (PFS), should be configured.

Procedure to connect the Sites

The procedure below is used in the configuration of the Direct Access deployment:

1.      Configure the infrastructure: the DNS settings should be configured, the server and the client machines should then be joined to a domain if necessary, as the Active Directory security groups are configured.

2.      Configure the Remote Access server and the network settings including the network adapters, the IP addresses, and routing.

3.      Configure the certificate settings: The Getting Started Wizard automatically creates self-signed certificates.

4.      Configure the network location server: The network location server installations take place on the Remote Access server.

5.      Draw a plan for the Direct Access management servers: System/network/security administrators can remotely manage the clients of the Direct Access network located outside the intranet using the Internet.

6.      Configure the Remote Access server: The Remote Access role should be installed, and the Direct Access getting Started Wizard be run to configure the Direct Access. 

7.      Verify the deployment: finally, the client must be tested to ensure that it has a stable connection to the internal network as well as the Internet using Direct Access.

Remote Ethernet Device (RED)

A RED is a small network appliance that is designed to be simple to deploy. The main purpose of this device is to offer a secure tunnel from the deployment location to a firewall such as the Sophos XG Firewall. The RED appliance does not incorporate a user interface. It is designed in a way that it can be fully configured and managed from the firewall. This device can be deployed to a remote location, connected to a DHCP link to the Internet, and be completely configured by a remote administrator who does not have any prior knowledge of the location, and without any need to walk the local personnel via the technical setup steps (Sophos Community, 2017). When a RED if configured in a firewall, the configuration options the administrator selects have to be uploaded to the provisioning servers. The configuration at a minimum must contain the following: the firewall’s address to which it will tunnel, the WAN Uplink Mode, the tunnel operation mode, unlock code, and if static uplink mode is selected, the RED WAN address settings (including the address, netmask, DNS server, and Default Gateway).

General Policy

The RED setup and communication issues must be diagnosed by examining packet drops as well as the IPS events. The administrator should be looking for activity summary report and probably a troubleshooting wizard that will help in debugging RED provisioning or tunneling problems (Sophos Community, 2017). The administrator must ensure that the configured UTM is correctly connected to the Web and that the RED settings for the RED ID have successfully been added. If there is any problem, mostly the RED reboots itself and attempts to reconnect again. The administrator should be conversant with the readings of the normal and error states to make the required corrections effectively. The user should also check if the assigned settings are working properly. When the device falls back to a static mode, it means that the DHCP settings cannot be obtained, perhaps due to the lack of a local DHCP server (Sophos Community, 2017).

In case the firmware flashing is interrupted, the RED hardware is permanently disabled.  The user should also check if the UTM host is a valid domain name or it is a valid public IP address of a target UTM. In case there is no DHCP connection available locally, it will be necessary to find a DHCP link to the Internet before configuring the RED. The most straightforward technique to validate the static address settings applied to the device is to test the same settings from another device. 

Procedure to connect the Sites

Below are the basic steps necessary to manually add a RED to a UTM:

1)      In WebAdmin, choose the RED Management option from the menu.

2)      Click on the Device Configuration tab

3)      Select the Add RED button

4)      Enter a branch name

5)      Enter the RED ID. This ID is found on the bottom the appliance.

6)      In case the device had been set up earlier on, an Unlock Code will be required to save the configurations.  This is displayed in the WebAdmin of the UTM with which the RED is currently joined.

7)      Enter the IP address of the UTM. This address will be used by the RED when locating the UTM across the Internet.

8)      Select the Operation Mode you may wish to enable. The operation modes include standard/unified, standard/split, and transparent/split.

9)      Click Save.

References

Celestix Networks, Inc (2015). Security Considerations for Direct Access Deployments. White Paper. 

Microsoft Corporation (2012). Manage Remote Access.

Sophos Community (2017). Sophos RED (Remote Ethernet Device) Technical Training Guide. 

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in essay writing services. If you need a similar paper you can place your order from cheap assignment writing service services.