Bad Actors Can’t Attack What They Can’t Find
Intrinsic protection for your private networks and applications using multi-tenancy, cloaking, and network segmentation.
You Don’t Have to Sacrifice Safety For the Benefits of the Cloud.
Cloud services deliver unmatched scalability and save both time and money. But exposing your cloud assets to the public internet comes with security concerns (e.g., DDoS) that require hardening. An OpenVPN Cloud wide-area private network (WPC) is a better way to secure network connectivity and keep applications and services private.
ZTNA or Zero Trust Network Access is a network security model that operates on 3 core principles:
- Always verify – Do not assume an entities identity
- Least privilege – Give access to only the resources the user, device, or application should have
- Assume breach – A proactive approach to network security that includes reducing the attack surface and isolating potential threats
OpenVPN Cloud allows Owners and Administrators to:
- Use SSO Authentication with LDAP, and SAML to connect to their WPC.
- Limit access to only specific resources by configuring access controls to select User Groups, Networks, or Hosts with Access Groups.
- Provide access to applications using domain names instead of the network to reduce your attack surface — eliminating lateral movement to other network resources from potential threats.
Network lateral movement is a technique used by cybercriminals to move through a compromised network to search for additional vulnerabilities and data.
In network security, Micro-Segmentation is the practice of separating network subnets. This provides a reduced attack surface for potential threats and allows administrators to isolate and contain potential breaches.
Tenant means a customer. A service or equipment is called multi-tenant when the same equipment can serve multiple customers by logically separating them instead of using multiple instances of the same equipment and dedicating each instance to one customer. The servers in an OpenVPN Cloud PoP are shared by multiple customers/tenants and isolated by virtualization.
Domain-based routing is an OpenVPN patent pending feature that allows network administrators the ability to route traffic to different connected networks using FQDN (Fully Qualified Domain Names) assigned to applications hosted in those networks instead of using the network’s IP address subnet. To learn more about domain-based routing, read OpenVPN Cloud Launches Domain Routing Feature.
Cyber Shield content filtering is a feature of Domain Filtering that analyzes the domain names in DNS queries received from WPC clients only when domain filter monitoring is turned on. When Monitoring is active, Cyber Shield checks which content category each domain name being queried belongs in. If a domain name is matched to any of the 43 Cyber Shield Domain Filtering Categories that is configured to be blocked, the domain name is not resolved as expected and a “This site can’t be reached” page is displayed. Content can be blocked by chosing any of those categories or by using 1 of 3 domain filtering preset modes:
- Safe Browsing
- High Productivity
Cloaking hides the private IP address ranges of your network from discovery. Even after connection to OpenVPN Cloud, the IP address ranges of connected private networks are not pushed to the connected device as routes when exclusively using Application Domain Name routing.
Multi-tenancy allows high scalability, reduced setup time, and better cost-effectiveness than single-tenant solutions.
CloudConnexa DIVE is an additional security control to enforce Least Privilege, by allowing Owners and Administrators to restrict user access to only trusted devices. This is accomplished by establishing a 1:1 relationship with a user’s connection Profile and the device’s UUID - restricting profile re-use from an unregistered Device.
If you have not already done so:
- Create your Wide-area Private Cloud based on your use case:
- Define your trusted Applications and IP Services
- Define trusted Users and Devices. To learn how to activate Device Enforcement, read our User Guide - Device Identity Verification & Enforcement (DIVE).
- Define Access Policies
- Shield against cyber threats
Yes, your users must have the OpenVPN client running the minimum client version for their Operating System to enable Device Enforcement.
Minimum Client Version
|Windows||OpenVPN Connect 3.3.7|
|Mac OS||OpenVPN Connect 3.4.2|
|Android||OpenVPN Connect 3.3.2|
|iOS||OpenVPN Connect 3.3.3|
The following are the minimum client versions to enable Device Enforcement for users within their respective WPC:
Minimum Client Version
Connect to OpenVPN Cloud now with three free connections
OpenVPN helps you easily create a secure, virtualized, reliable network that ensures secure communications between your networks, applications, devices, and workforce.