• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

VPN for restricting admin access?

Hi All,

A friend of mine told me that in their company they are using a VPN gateway to control administrative access to the DMZ in addition to allowing remote access to external users.  According to him they are using it for admin access as VPN gateway encrypts traffic and enforces strong authentication.  I would like to know whether it is a common practice to do this and if not, is there a better solution.

1 Solution
This is a valid solution. If you wish, you can set up a VPN which is required to be utilised from inside your network to be able to administer the DMZ. You then set up your firewall rules to only allow access to the admin interface from the VPN addresses.

This has the advantage of requiring an additional level of authentication to be able to connect to the admin interface rather than simply being inside the network. Other mechanisms could be to have a Terminal Server set up and anyone wanting access to the admin interface has to do this from a session on the TS. Either of these solutions will allow you additional logging and control over the access to the admin interface.

It isn't a matter of better solutions, but rather different solutions. There will be various trade offs (such as cost, convenience etc) and your requirements will determine what is best for your situation.

ISS_ExpertAuthor Commented:
Thanks a lot!

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now