Pool of Words
change management controls
A SOC engineer has just received a Priority 1 Change Request from a customer that wants to setup an IPSEC __________ tunnel.
Before beginning the configuration on the firewall, the engineer makes sure of a few things:
- Does the person who submitted the change have the proper __________ rights?
- Can this change be done immediately, or will it require a __________ window?
- Is there a document attached to the request that outlines their necessary __________ for the VPN tunnel?
Then she will make sure the proper parameters are provided:
- The customer wants to use the symmetric encryption algorithm __________
- The __________ of the data will be handled by SHA-1
- The tunnel will be using Diffie-Hellman Group 2 for __________
- Firewall authentication will take place using a pre-shared-key of __________
- The IP address of the peer side of the tunnel, the other firewall endpoint, is 184.108.40.206
- The tunnel will not be using Perfect Forward Secrecy in Phase 2
- The __________ network (the networks behind the firewall that will utilize this tunnel)
- The remote network (the networks behind the peer side firewall)
- Some of the local network IPs are using a static NAT, so a __________ will need to be in place
After setting up the VPN tunnel, the SOC engineer has to get approval from a senior engineer, in accordance with proper __________. Change management is extremely important because it provides accountability, and keeps a record of changes done on customer devices. Without a record, __________ changes on firewalls or routers will be tagged as suspicious and investigated. Proper change management is an effective security tool.
As stated in Sybex 7th Edition on page Chapter 16, page 680, “The primary goal of change management is to ensure that changes do not cause outages”.
After the tunnel has been created, some troubleshooting issues occur. Paul, who is in the local network, is trying to ping across the tunnel to the remote network, but his pings are failing. Checking the logs, the SOC engineer sees that Phase 1 of the VPN is up, but Phase 2 is not. Then looking deeper into the packet captures, Paul’s traffic wasn’t even being __________.
Checking back with the configuration settings, it was found that Paul’s IP wasn’t even in the local networks section of the VPN configuration. The SOC engineer had to make a few quick changes on the firewall, after which Paul was able to ping across the tunnel…his traffic was being encrypted.