I am setting up VPN on Windows Server 2012 for the first time ever. I have an application that I will be running which needs to be blocked from access unless a user authenticates using VPN. However now that I am involved in the process of setting this up I am starting to question if this will provide the level of protection that I need. Here are my concerns:
1. The application that I will be accessing is a web application that will connect to an MSSQL DB on the same server.
2. This server also has a publicly accessible web site, no VPN authentication required, that connects to MSSQL.
3. My concern is whether or not I can create a secure connection to this one web applicaiton and DB given the fact that the server already provides access over the web without VPN authentication.
There are probably several layers of questions here that I need answers to, but I am not 100% sure where to start given that I have never set up VPN before. Do I need to set special properties for the IIS site that will run the web application? Do I need to set up custom authentication for the MSSQL DB to protect it from access by malicious attacks that could come through the publicly accessible web site? Do I need to spin up a separate box altogether for this to work properly?