In: Computer Science
Working with Vendors
Respond to the following in a minimum of 175 words:
Question: Why is due diligence necessary when dealing with external vendors?
Answer:A third party vendor is an entity that provides services and goods. While working with external vendors, due diligence is required to ensure :
Question:What is one suggestion you have regarding securing data as it is in-transit to and from these vendors?
Answer:The data while is it transit by means of vendor resources are vulnerable to attack that can leave enterprises broken. Therefore data protections that are robust across ends and networks to prevent data during its in transit and also at the final stage.So the best method to prevent data during vendor transit is data encryption.
The other methods of data in transit are:
Question: What are two security protocols that should be part of the vendor's data operations? For example, if the data includes PII/SPII information, is adherence to external regulations and guidelines the responsibility of the vendor or your organization
Answer:IPSec – Internet protocol security
• Encapsulates at Layer 3
• Mutual node authentication
• Can authenticate users, but requires L2TP
• Crypto implementation agnostic
• Client-to-client, or node-to-node (bulk)
• Mandatory for IPv6 implementation
• Does not work with NAT, unless NAT-Transversal (NAT-T) is used
GRE – Generic Route Encapsulation
• Encapsulates layer 3 packets in IP tunnel
• Used to secure VPNs
• Creates a virtual point-to-point link with destination
• Supports multicast protocols – IPSec doesn’t!