<Back

Why does a VPN business need?

VPN, VPN, VPN ... This is the word that regularly appears at the time of blocking some social network, messenger or other foreign service.

But in fact, a VPN is not only a tool for accessing prohibited resources.

Issue

Imagine that you are the owner of the company LLC "Chudokorp". The company has servers with a website and a CRM system. The site has its own admin panel through which you can edit content - CMS.

Let these resources be available at the following addresses cms.chudocorp.com and crm.chudocorp.ru accordingly.

An impressive number of companies place their cloud resources on the general Internet. This means that they can be accessed from anywhere in the world and from any network, just enter the link in the browser. This is an erroneous policy that can lead to hacking and subsequent data leakage. For example, you can hack vulnerable services on the server and gain access to it, or you can, by brute-force credentials, gain access to the services themselves, especially if there is no protection against this. Most of us keep lists of customers, suppliers and other important information in CRM.

One of the ways to fix this problem is to make access to corporate services from certain IP addresses. This will solve the problem if you and your employees work from a network with "white" IP addresses and never connect to corporate resources outside the office. As you may have guessed, this is an inflexible solution. Let's upgrade it with a VPN.

Our task will look like this: "We want access to the cloud resources of Chudokorp to be closed to the entire Internet, except for the company's employees."

Solving

Here is the definition of VPN from Wiki:

VPN (Virtual Private Network) — a generic name for technologies that allow providing one or more network connections over another network, such as the Internet.

VPN has many purposes. In this article we will consider Remote-access assignment.

Remote-access is when a VPN is used to create a secure channel between corporate network resources and a single user who, working outside the office, connects to corporate resources from a home computer, corporate laptop, smartphone or other device connected to the network.

What does the scheme of working through a VPN look like:

The image suggests that access to corporate tools is only possible via VPN, all other connections will be rejected. The VPN connection is made using credentials or a certificate, which are quite difficult to crack.

In the image above, the VPN is designated as a separate remote server, but it can be embedded directly into the local network of the enterprise, or on a separate server with a corporate resource. There are many options, each is selected for a specific task.

Where to get a VPN service?

On this issue, the only recommendation is to deploy your own VPN server. There are wonderful and reliable open source solutions that will not require you to make additional investments to purchase a license.

You should not buy subscriptions to third-party VPN services, much less use free ones, for at least 3 reasons:

1. the speed will not please you;
2. VPN provider will be able to monitor your traffic;
3.  you will still not have control over the situation and flexibility.

To raise and configure a VPN is a simple task for an IT specialist, which does not take much time.

Conslusion

Our solution with access from certain IP addresses now looks like this: Instead of adding new IP addresses each time and depending on a static IP address, it is enough to allow access to the IP address of the VPN server to which you and your employees will connect to work with corporate resources.

I note that this is the most primitive solution head-on, but it copes well with its task.

Alternatively, if you have a large local enterprise network consisting of various resources, then a VPN server is created in it, to which you can connect from an external Internet network, and after connecting, the user gets access to local corporate resources.

Write to me, always ready to help with questions related to IT development and information security.