Running head: Logical Security Architecture 1

SABSA-Based Component Security Architecture

G. Logan Gombar

University of San Diego

Ms. Michelle Moore

Security Architecture Development Process 2

SABSA-Based Component Security Architecture

Adopting security standards is one of the easier and better ways to ensure the best

policies are implemented, as well as a high level of interoperability with other systems.

Ecosystem-wide implementation of these sanctions a set of interoperability, as well as a level of

predictability of how to integrate new systems into all the existing architecture. To use a specific

example, implementation of IP Security (IPSec) in the form of a Virtual Private Network (VPN)

can ensure a layer of authentication and data confidentiality across the network. The below

sections will discuss the pros and cons of implementing this standard.

What is IPSec?

When the Internet was initially being created, minimal thought went into security, it was

initially a private network for networking researchers (TCP/IP Guide, n.d.). Because of this, and

the explosive growth of the Internet, the protocols weren’t built with much inherent security,

something that quickly became a very problematic situation. From this need, IPSec was born.

This is a set of defined protocols that can enable confidentiality and authentication services at the

network packet level. The protocols define standards by which encryption and authentication

efforts can be communicated across given, standard formats, enabling large networks that are

secure, confidential, and trusted. A very common implementation of IPSec is through VPN

software, especially common in remote corporate network environments. It enables the desired

confidentiality and authentication that most corporate environments would experience in an on-

premise environment, but with the added benefit of having employees around the globe.

Several standards organizations have adopted this standard. Specifically, the National

Institute of Standards and Technology (NIST), has written a guide on IPSec VPNs. This

document describes the need and demand signal for the suite of protocols, the benefits, and
Security Architecture Development Process 3

examples of implementation with helpful information on specifics (NIST, 2020). This document

outlines a lot of the considerations required for this discussion, including a section on possible

policy documents the organization may need, as well as case studies and alternatives protocols in

the event that IPSec didn’t fit the need.

Why They Should

A VPN is a very common protocol implemented by many companies around the world. A

major benefit of VPNs is the ability to work remotely while also being confidential (Osborn,

2020), with that advantage reaching multiple levels beyond allowing current employees to work

from home. Furthermore, implementation of a VPN (through the use of IPSec) provides a level

of authentication through the use of pre-shared keys or distributed certificates (Watchdog, n.d.).

By using this level of authentication, network security can be maintained by only allowing

cleared users and systems to access the network. Adoption of this security standard clearly

supports the operations of the entire cybersecurity ecosystem through authentication and

confidentiality through encryption protocols.

Why They Shouldn’t

VPNs have many positive and beneficial aspects that can be un. However, there are many

potential problems that can occur with the implementation of this protocol. For example, not

requiring authentication removes a majority of the benefit and confidentiality of the network

(Lewis, 2007). By not requiring any level of authentication, any rogue actor can join the network

and begin interacting with the files and systems. The problems here are quite obvious, given the

baseline assumption of most VPNs being that those on said network are trusted. Another

downside to implementing a VPN for remote access is the need for centralized architecture that

can bottleneck network traffic. This can be load balanced and disaggregated to reduce the
Security Architecture Development Process 4

impact, but these are considerations that need to be looked over when designing the network and

implementing this standard. Furthermore, there is the ever-present consideration that there is a

chance of human error during implementation and configuration.

Security Architecture Development Process 5

References

Lewis, M. J. (2007, December 3). Top 10 reasons why IPsec VPNs fail. Network

World. https://www.networkworld.com/article/2349931/top-10-reasons-why-ipsec-vpns-

fail-.html

NIST. (2020). Guide to IPsec VPNs (800-

77r1). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-77r1.pdf

Osborn, J. (2020, September 21). 7 benefits of using a VPN (Virtual private network). Man of

Many. https://manofmany.com/lifestyle/advice/benefits-of-using-a-vpn-virtual-private-network

Sherwood, J. (2005). Enterprise security architecture: A business-driven approach. CRC Press.

TCP/IP Guide. (n.d.). IPSec overview, history and

standards. https://www.tcpipguide.com/free/t_IPSecOverviewHistoryandStandards.htm

Watchguard. (n.d.). About IPSec VPN tunnel authentication

methods. https://www.watchguard.com/help/docs/help-center/en-US/Content/en-

US/Fireware/mvpn/general/mobile_vpn_tunnel_auth_c.html