You work for a network consulting firm. Your client wants to implement a VPN system that supports PPTP, SSTP, and L2TP based VPN's. The system will be used primarily for remote client access.
You need to prepare a report (1-1.5 page) for the client that explains the implications of providing this functionality in terms of firewall configuration. The report must address the protocols and ports that need to be considered as the firewall policy is created.
Go to www.sans.org/reading_room/whitepapers/webservers/comparative-study-attacks-corporate-iis-apache-web-servers_33734. Read the entire article, including the appendices.
Answer the following questions;
1. What was the purpose of the research project?
2. What did the research demonstrate about the relative security of the IIS and Apache software?
3. What do you think detracted from the credibility of the report?
4. What were the main findings of the study?
5. What did the results of the study imply about the frequency of automated attacks versus the frequency of manually controlled attacks against Web servers?
6. Based on the results of the study, what policies and procedures would you recommend for Web server security?
7. Based on this study, which operating system is easier to attack; Windows or Linux?