M.Comm. / Business have traditionally relied on private leased lines to link remote office together so that distant workers could share information over a Wide Area Network (WAN). However, while providing a high degree of privacy, leased lines are expensive to set up and maintain. The Internet is fast becoming a requirement for supporting business operations in the global economy. The major concern in using a public network, like the Internet, for data exchange is the lack of security. The Internet was designed to be an "open" network, accessible to anyone with low or none security consideration. Virtual Private Networks (VPN) using Point-to-Point Tunneling Protocol (PPTP) has emerged as a relatively inexpensive way to solve this problem. The primary objective of this dissertation is to evaluate validity and accuracy issues in electronic commerce using VPN as a secure medium for data communication and transport over the Internet. The inherent control features of PPTP were mapped to data communication control objectives and the control models show how these address validity, completeness and accuracy. After analysing and evaluating the inherent control features of PPTP, the overall result is that: PPTP enables a valid communication link to be established with restricted access (validity); the PPTP communication link remains private for the full time of the connection (validity); data can be sent accurately and completely over the PPTP connection and remains accurate during transmission (accuracy); and all data sent is completely received by the receiver (accuracy). By deploying a Point-to-Point Tunneling Protocol for virtual private networking, management can mitigate the risk of transmitting private company and business data over the Internet. The PPTP analysis and evaluation models developed intend to give the auditor a control framework to apply in practice. If the auditor needs to perform a data communication review and finds that a virtual private network has been established using PPTP, the control models can assist in providing knowledge and audit evidence regarding validity and accuracy issues. The auditor should however, not review PPTP in isolation. Validity and accuracy control features inherent to TCP/IP and PPP should also be considered as well as controls on higher levels, e.g. built-in application controls.
Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:9029 |
Date | 13 August 2012 |
Source Sets | South African National ETD Portal |
Detected Language | English |
Type | Thesis |
Page generated in 0.0019 seconds