Layering network security with VPN proxy together
Why combine rather than compare: VPN | proxy
Do a web search for ‘VPN proxy’ and you’ll get back a list of sites that compare VPN and proxy to each other. From a consumer perspective, this is likely what they’re looking for. They want a way to secure their browsing online. They may choose between a VPN or proxy. However, from a business perspective, it’s more likely you’re searching for using the two together. VPN and web proxies make up important pieces in the multi-layered approach businesses need for strong cybersecurity. Here are the benefits of combining them; how to get started with OpenVPN Access Server and proxy, as well as a use case showing the two working together.
The benefits of combining VPN with proxy
VPN and proxy servers individually provide a layer of security for enterprises, but each alone cannot keep hackers out completely. Together, they’re able to address different areas of threat. Here are three of those areas:
Access control:
Proxy servers protect you from malicious websites - access out.
VPN protects you from malicious intruders - access in.
Increased productivity:
Proxy servers help limit the distractions from personal web browsing.
VPN provides secure access to business services so employees can work from anywhere in the world.
Reduced attack surface:
Proxy servers protect employees from the public network.
VPN creates a secure, private network.
Businesses rely on their employees to keep things secure. Unfortunately, they’re only human. We’ve found in recent surveys that show employees don’t always make the best decisions when it comes to cybersecurity.
It’s important for businesses to include human error in their cybersecurity risk mitigation plans. VPN and proxy servers both help keep employees practicing better cyber hygiene. Let’s dive a little deeper into that.
Blocking malicious traffic with a proxy server
Imagine an employee browsing online without any network security in place. Their computer connects with the public Internet through your enterprise Internet Service Provider (ISP). Their PC sits on your private network with an assigned IP address. It sends a request through your ISP to visit a website, which sits on the public network with an assigned IP address. Traffic flows freely from the private IP address to the public sites, and back again. This is a picture of data traffic flow on an open network. Without security in place, this is not a safe environment for businesses. It won’t take long before an employee accidentally visits a malicious site with malware in the code that infects their computer and spreads across the corporate network.
When you add a proxy server in between the private network and the public Internet these are some of the changes:
- The proxy provides a layer of anonymity.
- The proxy can block malicious traffic from getting into your private network.
- The proxy can also block outgoing traffic if a user (knowingly or unknowingly) attempts to access malicious sites.
- The proxy can log activity, letting you know if a user continually tries to access a malicious site, which could help you track down something like a malware infection.
The ability of proxy servers to protect your organization from malicious sites is reason, alone, to invest in this layer of security. When you combine the two, VPN-proxy security adds additional safeguards.
Blocking malicious intrusion with a VPN server
When you need to access your private network using the public Internet, you create an encrypted, private communication session using a Virtual Private Network. A VPN session allows you to safely send data across public networks thanks to the use of encrypted tunnels. The only way in is through a device with VPN client software installed and configured to connect to your VPN server(s).
While a proxy server protects your users when they wander out into the public Internet, a VPN provides a secure way to extend your private network; it provides a secure way in. Combining the two gives you the ability to expand your network protection beyond the immediate reach of your network cables and expand the protection of blocking users’ unintended, malicious web clicks.
You can safely extend the encrypted reach of your network and the protection of your proxy when you combine the two.
Getting started with an OpenVPN Access Server and Proxy
OpenVPN Access Server supports connections through a proxy. Looking for information on how to get started? Here are some helpful pages on our site:
- Connecting to an OpenVPN server via an HTTP proxy
- How do I configure OpenVPN to connect via an HTTP proxy?
- Can I have multiple proxies?
- How do I edit or delete a proxy?
- Can an OpenVPN server push proxy settings to an iOS device?
Your site-to-site network security mapped
Use Case: Expand your proxy to satellite locations with OpenVPN Access Server
You set up your web proxy at the company headquarters. The branch office needs the protection of routing traffic through the web proxy as well. By setting up a site-to-site VPN with OpenVPN Access Server, you can do just that.
- Connect the branch office to HQ using Access Server.
- All web traffic now goes to HQ web proxy through the VPN.
- The rules and browser settings set up at HQ are also applied to traffic from the branch office.
- The web proxy applies policies and acts as a web browser.
- It fetches web content from the Internet.
- It also acts as a web server and sends the content to the branch office employee’s browser.
What happens when an employee at the branch office tries to go to a blacklisted website? The browser blocks it and states a message such as “this site is blocked due to company policy.”
You are able to provide employees with the security of a transparent web proxy, protecting them from malicious websites and, in turn, protecting your company. Web filtering proxies are common tools used by businesses worldwide. They enforce web policies for Internet access as well as provide visibility into use of network bandwidth. OpenVPN Access Server provides you with a simplified UI for combining the encryption of your VPN with the protection of a proxy server. It’s important for businesses to create a layered approach to cybersecurity.
Additional Resources
Connecting to an OpenVPN server via an HTTP proxy
Can an OpenVPN server push proxy settings to an iOS device?
How browser fingerprinting keeps us from being sneaky online
Site-to-Site VPN: scale your business to new locations securely with a site-to-site VPN