10 Tips to Secure Client VPNs

ExpressVPN Banner

Remote network access comes with its fair share of security concerns. Keeping a network secured gets trickier every day as hackers find smarter ways to hack into systems. Every uncontrolled remote access created a potential avenue for attacks.

Giving employees and contractors access to the company network virtually with a VPN client is one of the best ways to ensure productivity, regardless of where the employee is. Allowing virtual collaboration in a company is one of the best ways to cut costs and take advantage of the mass pool of talent available through virtual service delivery.

To ensure you enjoy the benefits associated with virtual collaboration, here are ten timely tips for securing your client VPN.

10 Tips to Secure Client VPNs

1. Using strong authentication methods

Your network infrastructure determines the type of authentication method you can use on your system. You can learn which method is best by checking the Operating System or VPN documentation.

If your network uses Microsoft servers, the best choice would be EAP-TLS (Extensible Authentication Protocol-Transport Level Security), which uses smart cards. For these to work, they need PKI (Public Key Infrastructure) for secure encoding and smart card distribution.  

2. Using the strongest encryption methods

To secure a network that used Microsoft servers, you can run OpenVPN, SSL layer VPN with TLS sessions authentication, SHA1 authentication, and Blowfish or AES-256 encryption. Other protocols, such as L2TP over IPsec are too weak unless they are used with strong client passwords.

3. Only allow VPN access to authorized users.

A VPN connection is a gateway to your LAN, which can give hackers access to company files and important data. Therefore, your VPN connection should only be shared with employees who need it when they need it.

You should also discourage employees working remotely from using the VPN connections for simple tasks or for downloading common files.  

4. Give access to files through extranets and intranets.

Using HTTP Secure (HTTPS) website with safe authentication protocols for passwords ensures exposure of only a few files per server as opposed to the entire network, this can be better than the use of VPN servers when accessing common files.

5. Enabling email access without the need for VPN access

When using Microsoft Exchange servers, you can set up an Exchange proxy server that allows Microsoft Outlook access to the Exchange via RPC (remote procedure call) protocol over HTTP. This can be protected by SSL encryption.

For mail servers, you can enable POP3 (Post Office Protocol 3) or IMAP (Internet Message Access Protocol), and SMTP (Simple Mail Transfer Protocol) to improve the mail system quality in your network.

6. Enforcing a strong password policy

When you cannot use a two-factor authentication process or biometrics, client VPN network can be secured using strong passwords. Employees should be encouraged to use very strong passwords. These can be created using strong characters that include numbers, characters and letters. Remember, your VPN network is as weak as the weakest password.

Client VPN access network passwords should be difficult to guess, even by people closest to the users. This is especially important for administrators.

7. Using string antispam, antivirus and firewall protection protocols

Every computer connected to the client VPN network has the potential of spreading viruses and malicious infections through the entire network. Any virus attack is a risk factor that can bring the company operations to a halt.

To prevent this, you need to ensure all the computers are protected using antivirus and antispam programs. Also, ensure you set up strong firewall protections for each machine. This minimizes the risk of virus attacks in the network.

8. Quarantining users until their computers are verified

Whenever a network client initiates a VPN session, the computer they use should not be allowed full access to the network before scanning and verification. This includes checking for present antispam and antivirus signatures, checking for patching against security flaws in the operating system and checking to ensure there are no key loggers and Trojans.

To ensure the VPN server does not waste time running these checks every time, you can set up the system to remember each computer scan history, which reduces the total scan needs to every few days.

9. Control the use of other remote control software or VPN servers while using your client VPN

It is important to ensure that your client VPN network is not exposed to other networks. This can be achieved by prohibiting users from using other VPN servers while on the client VPN network.

10. Securing remote wireless networks

Employees working remotely often have to connect their computers to a DSL modem or wireless internet connections. Unfortunately, most of these connections are not configured for security, which makes them a risk factor. Ensure your employees understand the importance of securing their networks and how they can configure their networks for security.If your employees are working remotely from China, you can find out about china VPN to learn how to enhance better collaboration.

Leave a Comment