<BackWhy does a VPN business need?
9/27/2022VPN, VPN, VPN ... This is the word that regularly appears at the time of blocking some social network, messenger or other foreign service.
But in fact, a VPN is not only a tool for accessing prohibited resources.
Issue
Imagine that you are the owner of the company LLC "Chudokorp". The company has servers with a website and a CRM system. The site has its own admin panel through which you can edit content - CMS.
Let these resources be available at the following addresses cms.chudocorp.com and crm.chudocorp.ru accordingly.
An impressive number of companies place their cloud resources on the general Internet. This means that they can be accessed from anywhere in the world and from any network, just enter the link in the browser. This is an erroneous policy that can lead to hacking and subsequent data leakage. For example, you can hack vulnerable services on the server and gain access to it, or you can, by brute-force credentials, gain access to the services themselves, especially if there is no protection against this. Most of us keep lists of customers, suppliers and other important information in CRM.
One of the ways to fix this problem is to make access to corporate services from certain IP addresses. This will solve the problem if you and your employees work from a network with "white" IP addresses and never connect to corporate resources outside the office. As you may have guessed, this is an inflexible solution. Let's upgrade it with a VPN.
Our task will look like this: "We want access to the cloud resources of Chudokorp to be closed to the entire Internet, except for the company's employees."
Solving
Here is the definition of VPN from Wiki:
VPN (Virtual Private Network) — a generic name for technologies that allow providing one or more network connections over another network, such as the Internet.
VPN has many purposes. In this article we will consider Remote-access assignment.
Remote-access is when a VPN is used to create a secure channel between corporate network resources and a single user who, working outside the office, connects to corporate resources from a home computer, corporate laptop, smartphone or other device connected to the network.
What does the scheme of working through a VPN look like:
The image suggests that access to corporate tools is only possible via VPN, all other connections will be rejected. The VPN connection is made using credentials or a certificate, which are quite difficult to crack.
In the image above, the VPN is designated as a separate remote server, but it can be embedded directly into the local network of the enterprise, or on a separate server with a corporate resource. There are many options, each is selected for a specific task.
Where to get a VPN service?
On this issue, the only recommendation is to deploy your own VPN server. There are wonderful and reliable open source solutions that will not require you to make additional investments to purchase a license.
You should not buy subscriptions to third-party VPN services, much less use free ones, for at least 3 reasons:
- the speed will not please you;
- VPN provider will be able to monitor your traffic;
- you will still not have control over the situation and flexibility.
To raise and configure a VPN is a simple task for an IT specialist, which does not take much time.
Conslusion
Our solution with access from certain IP addresses now looks like this: Instead of adding new IP addresses each time and depending on a static IP address, it is enough to allow access to the IP address of the VPN server to which you and your employees will connect to work with corporate resources.
I note that this is the most primitive solution head-on, but it copes well with its task.
Alternatively, if you have a large local enterprise network consisting of various resources, then a VPN server is created in it, to which you can connect from an external Internet network, and after connecting, the user gets access to local corporate resources.
Write to me, always ready to help with questions related to IT development and information security.
Lates
About graphs, simply.
12/18/2022In this article, we will begin our acquaintance with graphs, get acquainted with the breadth-first search algorithm (BFS) and implement the graph in the Rust programming language.
What is the difference between outsourcing development and outstaffing an IT employee for development?
10/17/2022In this article we will understand what outsourcing and outstaff development are.
UI/UX design: The creation process
4/9/2023In this article we will talk about the main steps in the process of creating UI/UX design.
UI/UX design: Introduction
3/29/2023In this article, we begin to get acquainted with UI / UX design. This is the most important stage in the development of any visual application interface.
Meet the Pentest
8/22/2022We are beginning to consider one of the main methods of assessing the security of computer systems and networks for potential vulnerabilities - penetration testing
Reducing the implementation period of MVP
12/8/2022Let's figure out the timing of the implementation of the MVP.
Choosing a programming language
3/17/2023In this article we will talk about choosing a programming language to study
Testing an MVP concept
1/9/2023We will figure out how not to waste the budget on MVP development in vain
Application Architecture Design: Introduction
3/6/2023In this article, we will talk about the process of creating the architecture of an IT solution.
The terms of references: Structure
2/17/2023In this publication we will consider the universal structure of ToR
Incorrect estimation of the cost of IT contractor services
9/10/2022Today we will talk about the incorrect assessment of the cost of developing IT solutions. This pain is one of the main ones for enterprises and startups, including IT contractors themselves.
Introduction to Design Patterns in Software Development
10/3/2022In this article, we will begin to dive into the world of optimizing application architecture using design patterns.
Choosing the direction of development for programming training
2/5/2023In this article, you will find out what areas of IT development there are, how they differ and in which they pay more
OSI Model Levels
9/6/2022In this article, we will take a closer look at each of the levels of the OSI model
Main types of application architecture
3/7/2023In this publication, we will look at what application architectures are
10 ways to use Rust Cargo
2/11/2023In this short article I have collected 10 ways to use the build system and package manager of the Rust programming language
Documenting code in the Rust programming language
8/24/2022In this article, we will look at how documentation takes place in Rust and consider a very useful opportunity - writing tests through documentation.
Introduction to the OSI model
8/19/2022In this article we begin to consider the fundamental model of network interaction - OSI
CSS animation ripple
8/31/2022A simple example of how to implement ripple animation using HTML and CSS
What is the purpose of an ER-diagram in the development process?
4/28/2023Let's discuss in general terms what an ER diagram is and what it is used for.
From concept to MVP
11/18/2022In this article, you will learn, by example, how to move from a concept to an MVP without unnecessary complications in the functionality of the product
What are UML diagrams used for?
5/23/2023In this article we will talk about what UML diagrams are, what they are and where they are used
Introduction to writing the terms of references
1/31/2023The Terms of Reference are an important part of the development process. In this article, we will begin to dive into this issue.
Introduction to software development
10/10/2022Today, most companies are faced with IT development and often do not get what they want. In this article, we begin to dive into the process of creating IT solutions.
From idea to concept
10/27/2022In this publication, we will talk about how the idea differs from the concept. Let's do this with an example of a specific goal
Weighted graphs
12/26/2022In this article, we will get acquainted with weighted graphs, Dijkstra's algorithm, and its implementation in the Rust programming language.