User Guide - Protecting your users and your network using Cyber Shield

Overview

In this document, we examine OpenVPN Cloud being used to meet the needs of a fictitious scenario. Owen is in charge of IT and Networking for a technical college. Owen is looking for a solution that does not require him to manage, install, and maintain servers to achieve the following:

  • Provide staff and students remote access to the college’s campus network
  • Ensure that the remote users follow the college’s policies on appropriate content and activities while accessing the campus network
  • Keep the network safe from internet threats because research labs and students operate outside of strict IT security policies

Setup

Owen completed the signup process as shown here. Owen then followed the steps shown below to meet his objectives:

  1. Configured a Network to represent the college’s campus network and entered the IP subnets belonging to the campus networks as the Subnets for the Network. See, How to add a Network
  2. Clicked on the Deploy button next to the Connector created for the Network to reveal various options and selected Operating Systems - Linux from the options list. He completed the installation of the Connector on a computer, running Debian, connected to the campus network. See, Installing Linux Connector
  3. In order to prevent staff and students from accessing malicious websites while connected to the college’s network and to follow college internet use policies, Owen turned ON Cyber Shield domain filtering capability and selected Adult Content, Hacking and Cracking, Malware and Ransomware categories to be blocked. See, Configuring Cyber Shield Domain Filtering
  4. Owen added certain research website domain names in the Allow list so that those domains could always be accessible even if they could fall under Adult Content category. He also added specific domain names that led to heavy bandwidth usage in the Block list. See, Ensuring that specific domains are always accessible using the Allow List and Creating a custom domain filtering category using the Block List
  5. To prevent threats from malware, ransomware, worms, trojan, and intrusion activity from or to remote user’s devices, Owen turned ON Cyber Shield traffic filtering capability to act as an IDS/IPS and selected Malware and Ransomware, Intrusion Activity category to be blocked. See, Configuring Cyber Shield Traffic Filtering for Blocking Threats
  6. Owen logged into the OpenVPN Cloud Administration Portal at least once a week to look at the Cyber Shield statistics. He noticed a spike in the blocked malware traffic one day and decided to investigate. He turned the Investigation Mode and drilled-down to find the device generating traffic identified as a worm. The IP address belonged to a computer in an R&D lab. Owen notified the lab owner to take corrective action. See, the Analysis and Investigation section of Cyber Shield