I'm an intern working on prototyping an external security operations center (SOC). At the current stage of my work, I'm focused on writing out some requirements for a VPN solution. Those requirements will then be used later when I will be trying to decide which VPN would be best.
Since the SOC will be offered as a service to other businesses, I decided to place a VPN software on a server on the customer side and a VPN concentrator on the SOC side. The reason for a VPN concentrator is because with many different customers, the concentrator will be able to differentiate the VPN connections.
The customer VPN will only be sending log/audit data to our SOC. So it's only used for secure communication.
I don't have any formal experience with VPNs so I'm not sure how to write the requirements for this. I'm trying to have the requirements so that when I'm actually researching different VPN solutions, I will be able to score the VPN solutions by seeing if each of them meets my requirements or not. For example a requirement might be: "the customer VPN software shall use a secure encryption method." I would then use this requirement to score a VPN.
Once again, I don't have much knowledge on this so I appreciate any help.
No comments:
Post a Comment