Tag: VPN

Cybersecurity tactics for small teams – Business Security

November 6, 2021 /

In the last couple of months, we discussed how you could achieve a good level of personal security for your team members. We covered the topics of physical information security, home network security, and finally, your hardware devices cybersecurity. With this article, we shall cover the issue of how you can upgrade your cybersecurity defenses as a team. The article will cover the necessities of remote-first groups because they are harder to defend. You can use the same approach to protect your office or shared space-based team. Still, the focus will be on underfunded small groups. At the end of the article, I shall present a sample budget for your team infrastructure.

But before going to the budget, let’s analyze how a remote team of workers communicates and collaborates. I shall list down the different infrastructure requirements for a technical IT team. Keeping in mind how digitilized our World is, they will work fine for any other distributed team.

Communication Channels

For every remote-first team, it is essential to have a communication channel. We can categorize the different communication channels by their speed. But let’s do this in the following list:

  • Email: Email is usually categorized as an official communication channel, which we can use for communication inside and outside of your organization. It is heavily asynchronous, with messages response going from minutes to days. Usually, this kind of communication is used for strategic discussions and long-term plans. That’s the reason it could be the most valuable target for an attacker.
  • Online Chat: Online chats are a faster way of exchanging messages. Usually, they are used when you need a quicker response from your peer, and there is no good time for a short, not planned call. Usually, the rule of thumb is to spend no more than 15 minutes chatting, and if the issue is not resolved, move to something faster. This one will be the second most significant target after the email for an attacker.
  • Video Conferencing: This one is the fastest. Usually, it is used to exchange a burst of already prepared information. Most of the time, the data is a tactical one, and thus this way of communication is with the lowest priority for attackers.
You can see a standard corporation infrastructure on the upper part of the diagram, where you have multiple zones and a load balancer. On the lower part is the typical small team setup, where all the data for communication is going through one cloud provider and one zone

Information Storage and Sharing

These days everything is done using information and files. But, you must store these files first and, after that, share them with your team members. Doing this using the standard communication channels is no good because there are no excellent categorization and tagging tools implemented in these systems. In short, they are not appropriately tailored for this kind of activity. That’s the reason the IT industry created a good amount of tools for solving this problem. Our small team will use them as well. So let me list them:

  • Project/Product Management System: Project management software (PMS) can help plan, organize, manage resource tools and develop resource estimates. Depending on the sophistication of the software, it can manage estimation and planning, scheduling, cost control, and budget management, resource allocation, collaboration software, communication, decision-making, quality management, time management, and documentation or administration systems. As you can see, most of the vital information for your project/product will be in this system, making it an excellent target for an attacker.
  • Cloud Storage Solution: Project management systems are outstanding in documentation storage, but they lack some of the features a full-scale cloud-based storage solution can offer. In this kind of solution, you usually store big files in a format such as video, audio, high definition graphics, etc. As such, you can leave a big part of your intellectual property lying in such cloud storage, making it a good target for an attacker.
  • Automation System: Especially in IT teams, sometimes your team will need automated jobs to happen. If you have automation specialists, know how to write scripts, you can automate a big part of your daily routes. In the case of programming teams, this is usually building, deploying, and testing procedures for a new version of your product/project. It means that you have to give access from your automation system to your programming code, for example. And this makes it an excellent target for an attacker. 

As we already discussed in the upper paragraphs, you need at least these six types of systems working and secured to have a functional remote-first team. Coming back to our knowledge of network defenses, the ideal solution for these systems is to be defended by VPN or a similar solution and expose only port 25 of the email server to support external communication. 

Unfortunately, this kind of setup will be possible only if you deploy the services in your infrastructure. In the case of cloud providers, you don’t have much control of what is exposed to the Internet and how the cloud provider takes care of your security. Plus, the infrastructure is shared between multiple organizations, and there is no guarantee that these organizations follow such strict cybersecurity rules, such as your team.

Budget

 But anyway, let’s create a budget for on-premise deployment of your infrastructure, and we shall use a VPS provider because it will be cheaper for us. A virtual private server runs its copy of an operating system (OS). Customers may have super user-level access to that active system instance, so they can install almost any software that runs on that OS. For many purposes, it is functionally equivalent to a dedicated physical server and, being software-defined, can much more easily be created and configured.

The most famous VPS providers are Amazon Web Services and Microsoft Azure. Still, there are some smaller players, such as Digital Ocean and Hetzner. As we shall do the infrastructure for a small team, we shall need a VPS with a not big pool of resources and go for the lowest price, which means CX1 instance in Hentzer. So let’s list now the different servers we shall need. All the prices are per month.

  • Email And Chat Server(3.57$): As there will be no significant demand for these two services, we can place them on the same machine.
  • VPN Server(3.57$): We shall have one machine for the VPN server, and all of the services without port 25 will be behind this VPN.
  • GitLab Server(3.57$): Gitlab is a project management/automation system. As it can become quite a hungry beast, a standalone instance is a way to go.
  • Video Conferencing Server(3.57$): One more hungry beast, it is a good idea to have it as a standalone server.
  • Cloud Storage(9.31$): This one will be a CX1 instance + an additional 100GB to store larger files. For a small team, a total of 120GB will be enough.

With a total budget of around 23.59$ per month, we achieved a pretty good level of security. Still, a determined attacker can penetrate this setup, but it will take him more time and resources. We shall use the standard VPS provider firewall. Still, if we want to achieve a higher level of security, we could add a server that will serve as a software-based firewall and IPS solution. Additionally, there are Open Source solutions for all the services types, and they will cost us 0$ per month.

Why You [Don’t] Need a VPN in 2021?

May 13, 2021 /

In 2021, the VPN users are in their billions, with an average user growth of 8%. According to a recent study conducted in early 2021, 50% of the respondents claimed to be using a VPN regularly to access usually restricted entertainment content. These VPN users were predominantly younger, and 62% identified as male by gender. Geographically users in the Asia-Pacific region make up a majority of all those who access a VPN with 30%, compared with Europe and North America, who combined made up 32% of those accessing a VPN worldwide.

VPNs are getting pushed as a must-have multi-service product. Are they?

VPN stands for Virtual Private Network, and it gets used for a variety of things. It can protect your online privacy by hiding your traffic and location. It masks your IP address making it easier to bypass censorship and geo-blocks. But its primary purpose is to provide your organization an encrypted tunnel to your enterprise network.

On the diagram, you can see how different users connect to a VPN (black is for the local user network, and red is for the connection to the VPN). After that, the VPN server redirects your connection to the website you want to use. The website will see your IP as the VPN’s IP (blue connections).

A remote-access VPN creates a connection between individual users and a remote network.

Remote access VPNs use two key components: Network Access Server (NAS), a dedicated server, or a software application on a shared server connected to the business’s internal network. And the second component is VPN client – software installed on a user’s computer or mobile device.

VPN protocol secures the data you input when registering on websites and creating accounts. It ensures that even if attackers manage to sniff data from you, they will need more resources to decrypt it. Some VPNs even block malicious ads, trackers, and websites that stealthily download malware on your device without you even realizing it. That’s how VPNs get advertised, and on the surface, all that sounds useful, right? The critical thing is, you don’t need a VPN to do everything listed above.

With all that they do, many people wonder if VPNs are even legal. VPNs are legal in most countries, with only a few exceptions. Places that either regulate or outright ban VPNs are China, Iraq, North Korea, Oman, Russia, and the UAE, to name a few. A downfall of using a VPN is that your connection speed will suffer slightly. Many will also admit that setting up a VPN, especially for some specific business needs, could be time-consuming and may challenge your tenacity.

A negative aspect of VPNs is that while you may be keeping your data encrypted and safe from hackers, that doesn’t apply to the VPN company. Whichever provider you’re using, it has access to all of your information – location, IP address, which sites you frequent, all manner of sensitive data. Do you think it wise to trust a company with such private information?

You can ensure your online security without turning to the services of a VPN. There are a few key steps to follow.

As already mentioned, make sure only to visit secure websites – starting with HTTPS:// instead of HTTP://. Next, two-factor authentication is your best friend when logging into a site. Add an extra layer of protection. Physical keys are an excellent option for that task. They vary in price, but there are affordable options. If you can’t manage to get one, use an SMS or email authentication. Use whatever you can to ensure a two-step verification when accessing sites. It can save you a ton of trouble. A username and password aren’t enough.

Another helpful step to ensure security is not to use shared devices. Sharing a laptop or a PC with a third party is a terrible idea as it can open the floodgates to malware, keyloggers, and who knows what else. And, lastly, update regularly. That may sound like a no-brainer, but people tend to postpone updates indefinitely. Don’t do that. Timely updates go a long way.

But, if you want to use VPN, please use providers, which offer VPN over Tor and anonymous registration. They must take payments in cryptocurrencies as well. This setup provides you some privacy and a way to avoid firewalls. However, this setup can be categorized as a grey or black hat technique in many countries and could bring you troubles.

Does Your VPN Protect From Cybercriminals, or Invite Them In?

May 6, 2021 /

The Coronavirus pandemic forced a variety of new adjustments on people. Most offices had to close down, and workers had to turn to their home offices to do work. Schools, universities, most places of education did the same and introduced home learning. Most entertainment outlets were no longer accessible either – the movies, theatres, concerts, everything got canceled or delayed. Home computers and laptops became an essential piece of technology at home. We use them for work, study, and fun. But can you trust them to be secure enough not to lead to trouble? You might be thinking, ”Well, I have a VPN, I’m safe.” But are you?
What is a VPN, and what does it do? VPN stands for virtual private network, and its general role boils down to two words – connectivity and security. A VPN extends a private network across a public network and allows users to exchange data across shared or public networks as though their devices connect directly to the private network. VPNs shield your original IP address and protect your data. If you join a VPN to your router, it covers all your devices connected to said router. Like, phone, PC, laptop, gaming console, smart TV, and other IoT devices.

On the diagram, you can see a standard VPN network configuration. The blue lines represent encrypted tunnels from different networks to your company infrastructure. After packet inspection with the red line, your Firewall sends the traffic to your VPN server. Finally, the VPN server decrypts the traffic and sends it to your local corporate network.


In Corona-times, VPNs are a godsend for employees who aim to reach and use corporate resources. They connect to the company VPN and go about their daily business. The question is, do they use a company device to do their work, as a company PC or laptop, or do they use a home one? That makes all the difference. If you connect the company VPN on your home network, you expose your company to malware. Think about it. What if you, or a family member, carelessly clicked on something they shouldn’t have, and now malware lurks on the PC that you’re connecting to your corporate network?
Another issue with that scenario is what type of VPN the home-office employee turns to exactly? Is it a consumer VPN server based in a different country? That’s risky.
Employees find themselves in a completely new situation, unique to both them and their employer. What had previously gotten used only on rare occasions or emergencies is now used on a regular day-to-day basis, given that 100% of the workload gets done from home. That makes workers vulnerable to targeted attacks. There are already examples of that. According to Sultan Meghji, CEO of Neocova (a cloud-based suite of banking solutions company), several bank CFOs became victims of criminals and state-based attackers.
Cybercriminals are on the lookout for easy targets. They search for open WiFi and encryption that they can break easily. Don’t be that easy target! An excellent way to up your home cybersecurity is to update your router. Ask yourself whether the router you use daily is older than your phone. If yes, replace it ASAP.
Another way to keep the office and home systems safe is education. Employers should educate their employees on cybersecurity and the best practices to implement for the most protection.