0

I have been tasked to setup a vpn into our company. We have a single windows 2016 server that is acting as everything. A DC, AD, File Server, Web Server, SQL Server, and now perhaps a VPN Server. I know its not best practice to have all this in one place. I am just one man who does IT stuff on the side. Trying to get multiple machines for everything wont be possible for me to sell to management.

My question is really geared towards the security aspect of opening a port for SSTP VPN into the network. I know little enough to not know what the concerns are doing this. I am not so much worried about the traffic between the clients and server, I am worried about outside attacks and vulnerabilities and unauthorized people gaining access. Right now nothing is exposed to the outside world.

I am not knowledgeable enough to be able to even spot if this had occurred to be honest. None the less, they want some form of remote access.

I can setup the server for SSTP VPN, I just dont know if I should. Would installing OpenVPN on this server be any different?

I would like any help working thru this. Suggestions, Concerns, etc.
I appreciate it.

changedsoul
  • 1
  • Hi, Can you change the router ? even for a free VM like pfsense or sophos utm that could support VPN to the router, and after your user naviguate what you give them access to ? – yagmoth555 Mar 27 '20 at 19:41
  • I can change the router, and that was a thought I had too was to install pfsense in a vm. I use pfsense at home for my vpn and it works well. I just have concerns opening things like this up for a business. Actually, after thinking about it, the purpose was to gain access to the web server for running on the server, but opening up the port for sstp would be the same as opening up the web server too on https, so it seems pointless to even implement the vpn. Then the question is, how secure is the web site and software running on it. – changedsoul Mar 27 '20 at 20:42
  • I would err on the side of putting this on a separate device for the reason that if somebody manages to break out of the vpn they will just be on the router whereas if they break out of the windows environment they'll own the entire shop instantly. – Rowan Hawkins Mar 27 '20 at 23:21
  • I will take this advice and suggest they purchase some more hardware for this. Thanks for the help. – changedsoul Apr 03 '20 at 16:10

0 Answers0