You are asked to write a VPN usage and security policy for a company (create a fictitious company for
the purpose of this assignment).
The guidelines for this assignment:
Enterprise-Class Security Considerations
Develop virtual private network (VPN) usage and security policies to the exact scale and scope of the
network.
Ensure that only approved individuals and authorized third-parties can access and use the VPN service
by performing the following:
Establish strong authentication mechanisms. For example, token devices, private keys, or
passphrases.
Establish VPN usage restrictions, like who may use it and how it may be used.
Force VPN traffic through the VPN tunnel and drop all other traffic.
Enforce strong password selections and idle user logon timeouts.
Enforce strict VPN client usage and maintain updates on mandatory security software (that is,
antivirus.)
Remember to notify remote users that they are subject to the company’s network rules and regulations.
Develop a roadmap to check, recheck, configure, update, and service VPN components as per the
schedule. VPN policies cover everything from security practices to maintenance routines.
Sample Solution
