Answer the question
In order to leave comments, you need to log in
How to secure access to the server as much as possible
Good day.
To be honest, I am somewhat far from protecting networks, which is why I am writing here.
I am now helping friends in opening a new office and the following question arose. How to make a secure connection from outside the company's employees?
Given:
1. Windows Server 2012 Essentials
2. A network with a fixed IP
3. 5 employees who need to connect to the server at any time and get the necessary data.
Purpose: To protect the data stored on the server as much as possible.
I plan to make a remote connection via VPN (what should I choose OpenVPN, PPTP, L2TP or IPSec?). Is there any other way to secure the process of connecting to the server? If so, in which direction should I look (settings on the server, additional software, SSL certificates, etc.)? Is it worth looking in the direction of software, ala Kerio?
Essno the budget for this whole thing is not very large, but for the sake of protecting information, they are ready to spend money.
Thanks in advance for your replies.
Answer the question
In order to leave comments, you need to log in
VPN is easiest to do on the router using keys or complex passwords with keys, or on the 12th server itself, if it sticks out. Well, to prohibit RDP and in general all connections for external IP firewall.
And then let them work with what they want.
Set IIS with a blank page, limit on the number of connections, flows + OpenVPN on port 80, authorization by keys and passwords + with compression, generate certificates for each user. Comm. antivirus with firewall and centralized management.
* Specify network structure
Sorry for the quality, I whipped up a network diagram.
Now
What is planned?
I'm still thinking about a router with keys and complex passwords. It seems to be ready to take a tsiska in the region of 15-16 kilorubles.
I would secure the network with a Mikrotik router and set up a VPN server on it for outside connections.
VPN type - either PPTP with ProxyARP (available in Windows, quickly configured, but less resistant to hacking),
or OpenVPN (configured a little more difficult).
Mikrotik model - RB / 951 or one of RB / 2011, depending on whether you need sfp, usb, wifi, an external antenna, etc.
Choose on mikrotik.rf
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question