I posted on webmasters, but someone suggested I ask here…
We have developers who work remotely and servers at an ISP. I’m trying to determine the best security model for accessing the servers. Currently users login with SSH or SFTP to manage files or connect. The servers are behind a firewall that blocks ports but is not restricting IPs b/c a developer may work at different locations or from home where IPs change.
My thought was to have all developers connect to a corporate VPN that’s set up, then have the VPN make the connection to the servers through the firewall. I could block all IPs other than the VPN this way.
Is that a “standard” way to add security?
Well the “standard” way would be for each developer to have their own login id and credential set. Have a password policy that forces strong passwords, and a logging mechanism to determine who logged in, who change what, and when. You are already enforcing secure communications channels so thats are great start.
You could go the extra step of having the users VPN to a host, then have a firewall rule that only allowed connections to the web pool from conection originating from the VPN host, but I’m not sure that is necessary if the other policies above are in place and enforced.
- Offshore application development – Access to dev network (Security best practice)
- Several development servers behind a firewall – Would a VPN allow access?
- Connected to VPN, I can ping and remote into servers but cannot connect to http, svn or mssql
- Security of local Ubuntu development server
- Best practice for two site Active Directory through VPN