Seven VPN Strategies to Secure Your Data
Seven VPN Strategies to Secure Your Data
Keep your VPN secure, keep your organization safe.
Join the DZone community and get the full member experience.Join For Free
Companies that have given access to their network to their employees as well as contractors through VPNs, or at least through their free VPN trial versions, may witness an immediate boost in their productivity levels but find it tricky to keep their network secure.
This is because their network becomes even more vulnerable and easily accessible to attackers and hackers. So, if you are worried about the security of your data, then take a look at these seven VPN strategies for securing your data.
You may also like: The Four Most Common VPN Protocols Explained and Compared.
1. Use a Strong Method for Authenticating VPN Access
This would depend on your company’s network infrastructure. It is important that you keep a tab on your VPN or OS documentation to know your options.
For instance, if your company’s network is with Microsoft servers, then the ideal secure authentication is offered by (EAP-TLS) or Extensible Authentication Protocol-Transport Level Security used along with smartcards.
2. Use a Strong Encryption Method
If you have a network that runs on Microsoft server, a strong method of encryption is L2TP or Layer Two Tunneling Protocol over IPsec or Internet Protocol security. It is important to understand that PPTP or Point to Point Tunneling Protocol is much weaker unless the client passwords are really strong.
It is also important that companies limit their VPN access to only those people or parties that have a valid or business reason behind the same.
Remember, your VPN connection is essentially a window to your company’s LAN and must be opened only when it is really required.
Also, companies must discourage remote employees from accessing the VPN through the day for checking email. Remote contractors and employees must always be asked to avoid VPN for downloading commonly required files.
3. Permit Access to Files via Extranets or Intranet and Not VPNs
An HTTP secure website that uses a safe password for authentication exposes a selected few files on the server and not the entire network. Besides, it scales much better when compared to a VPN. Companies must ensure that they implement a strong policy for the password.
Remember, when 2-factor authentication is not absent, then using biometrics or smart cards won’t help you in securing your data and network. Hence, it is important to have a strong password for your VPN. You shouldn’t allow anyone to keep the password on a permanent basis. It is better to use any word that is easily found in the dictionary for creating your password.
For instance, you can keep any number that is related to their social security number or telephone number. Alternatively, you can use the name of a pet or family member.
In addition to this, you must also ensure that the password isn’t easy to guess (by anyone). Your password should also be long and contain large characters that may be difficult to hack and guess. Apart from this, even the administrators should use a very long and tricky password with several characters in it.
4. Enable Access to Email Without the Need for Accessing VPN
Another VPN strategy that companies can use for securing their data is to set an exchange proxy server on Microsoft servers. This will enable Outlook to easily access Exchange through RPC or remote procedure call with protection from SSL encryption.
Apart from this, on the other email servers, they must enable POP3 or Post Office Protocol 3 or/and IMAP i.e. Internet Message Access Protocol mail receipt, as well as SMTP or Simple Mail Transfer Protocol e-mail, sending. Companies can use SPA and SSL encryption for improving the security of the mail systems.
5. Use a Strong Anti-spam, Anti-virus as well as Personal Firewall
It is crucial that you provide strong anti-spam, anti-virus, and personal firewall protection to the remote users and ensure that they utilize it. Remember, each and every personal computer that is connected to the VPN can easily spread infections across the network. If hacked, it would result in loss of data and also bring your company/business down.
If you are worried about the security of your data, then you must quarantine your users from the moment they connect with the VPN until their system is verified and safe to use.
When the client computer initiates a VPN session, it must not have complete access to your network until the time it has been verified for compliance in accordance with your network policies. This must also include verifying for existing antispam and antivirus signatures, the OS completely patched against major security flaws as well as no actively used remote control software, Trojans or key loggers.
However, the disadvantage of performing such as a scan at the time of login is experienced in the form of a delay in work for a couple of minutes. But, this can be improved by ensuring that the server remembers every computer’s scanning history as well as reduces the level of scan for many days post every successful scan.
6. Don’t Expose Your Network to Other VPNs or Remote Controlled Software
For obvious reasons, you would not want your network to get exposed to any other network. Most of the VPN software set the client’s routing to utilize the default gateway of the network after by default connection. However, this is mostly optional.
By installing a firewall as well as client for the proxy firewall can help companies to access remote network safely without causing any slowdown to the internet connection. Apart from this, organizations can also create an accurately written policy regarding what is acceptable internet use while VPN is connected.
7. Securing Remote Wireless Network
Employees of many organizations work from remote locations or homes and often utilize laptops that are connected to a DSL modem or cable via their wireless access point. However, often the wireless routers aren’t configured securely.
In fact, they are simply connected as well as turned on. Hence, it is important to teach employees to configure their computer and wireless routers for WPA using a pre-shared key. You must also teach them to configure their firewalls and the importance of keeping their home networks safe and secure.
Opinions expressed by DZone contributors are their own.