OUR COMPANY has recently expanded its infrastructure and now needs to ensure that authorized employees are able to access the intranet. We have many of our staff frequently traveling to remote locations, which means they need access to company documents stored on our intranet file server. By enabling our employees to access company information remotely, we need to ensure that this data is secure and that not just anyone is remotely accessing company resources. As such I think now would be a good time to talk about the various protocols we could use to help us achieve this. THE FIRST OF THESE PROTOCOLS IS L2TP which stands for layer two tunneling protocol. As such, this protocol operates at the data link layer of the OSI model. L2TP consists …show more content…
Other protocols such as secure socket layer (SSL) which operates at the transport layer enable server authentication as well as client authentication and encrypted communication. Using SSL, we could ensure that the information being sent from our companies’ server and any remote clients is secure. However, it is worth pointing out that SSL has a successor known as transport layer security (TLS). As a successor to SSL functionality, wise TLS is very similar. Some of the improvements made in TLS at least TLS v1.2 include less vulnerabilities compared to SSL as well as new algorithm’s . For example, SSL is vulnerability to POODLE and Beast attacks. POODLE IS A VULNERABILITY in SSL and earlier versions of TLS that more or less enables an attacker to steal confidential information such as cookies or passwords and is credited as reason a lot of websites stopped relying on SSL. Beast is similar in that it also enables an attacker to steal information. Both SSL and TLS version 1.0 remain vulnerable to these attacks. With these vulnerabilities in mind, I do not recommend that we implement SSL and instead implement TLS version 1.2, as this protocol is not anywhere near as vulnerable to POODLE and Beast as SSL (Kangas,