Author Topic: VPN for small office advice  (Read 1198 times)

VPN for small office advice
« on: 24 May, 2018, 02:39:36 pm »
I run a small business but I have a lot of sensitive data.
i am moving further away from the office for a few days each week and would like to be able to access my data.

i also have off site storage with a company in Poland but i do not know where their servers are so may be in breach of European data laws.  Off site storage even with daily backups is no more than 1TB.  Whilst this update is I think encrypted I am not certain.

I use virgin fibre broadband at office and both homes.

1. Would it be sensible to replace my offsite storage with a 2TB network pluggable hard drive at each home and use those for the nightly backups.  Double the redundancy and more easily accessible in the event of catastrophe.  (backups are done routinely with backup software on main office computer)

2. Would aVPN add extra security and allow access into the data.  Should this be a software VPN or a VPN device?  do I need 1,2 or 3 of these devices and will they work with a Virgin box?

Should add that the info is basically word documents. some pdfs and a few zip files.  All work will be on windows machines running a mixture of 7 and 10

Anybody in the Derby region who does consultancy at this level please pm me if interested.

thank you

Phil W

Re: VPN for small office advice
« Reply #1 on: 25 May, 2018, 06:40:28 pm »
Is your office computer always on and connected to the Internet and is it a server edition of Windows or other?
Are your home networks always connected to the Internet even when you are not there?

Re: VPN for small office advice
« Reply #2 on: 26 May, 2018, 07:47:25 am »
Hi
Yes I have 4 office computers 1 of which is permanently on and connected to the internet.  It has a spare hard drive and backs up all new and changed files 4 times per day.  overnight there is an updated file backup and every week there is a new complete backup.  This goes on for about 2 years and then i get a message that i am approaching my limit and delete the last years worth.

The home network is always on and connected as it is Virgin fibre.

I am getting the impression that this is rather hard to do than I anticipated given the silence.  I may just continue as I am with the backup.

I would still like advice about how to create a secure VPN between 2 homes and the office to access the data.  If this is something I need an expert for to do safely please tell me.

I used to have a maintenance contract with a computer firm locally but when I could solve a problem they couldn't I gave up on them!

Re: VPN for small office advice
« Reply #3 on: 26 May, 2018, 08:11:12 am »
Not actually hard, but ....

.... you clearly have  a better than average grasp of the importance of backup and you have a sensible regime that works for you. You are contemplating replacing a service that works without you worrying about it with something that depends on you to support. In my view that doesn't fit your modus operandi

.... you are suggesting providing your own remote access using VPN. There's a simple fact: any hole you punch in your security is just that, unless you need to, my inclination would be to leave well alone.

Instead, consider buying into to a professionally provided cloud service that you can access, preferably one that uses 2FA (two factor authentication) and move away from having your own systems. Box is a well regarded professional service that might well serve your needs. You can then run a regular backup to ensure that you have a copy of your data for a belt and braces.

Basically, these days, look to buy in the service you need rather than rolling your own (and yes, setting up your own VPN is easy, setting it up securely slightly more difficult)

ETA https://www.box.com/en-gb/pricing gives Box pricing

EATA - Note that with Box you don't even have to run a separate backup, along with the service you get "Box Synch" which transparently maintains synch between local and remote drives. I have no relationship with Box but the US Megacorp I work for has an alliance with Box, and I use it for work. Very impressed with its collaborative tools and overall reliability.

Re: VPN for small office advice
« Reply #4 on: 26 May, 2018, 09:32:41 am »
Thanks Ham, I suspect that you are right.  The off site backup works and has done for about 10 years.

I may still look at a VPN.  I currently live 5 minutes walk from my office so dropping in to do something is easy.  However i am going to be spending more time further away and would like to be able to do some work from there so access to the files would be useful.

It looks as if I need a VPN router device to allow this .  I will keep looking.  Thanks again for the sanity call.

Re: VPN for small office advice
« Reply #5 on: 26 May, 2018, 10:28:56 am »
I suspect you haven't quite understood how this works.

Here's how Box works for me.

Logging on to Box, there is 2FA which means that cracking my password alone would not give access to the files.

I have the directory I work with synched with box, both on my laptop and desktop. This works in the background and updates two way changes between the cloud copy and any number of remote copies. That way, I work in the office, at home, whatever, as long as I had Internet access when I was last making any changes I'm working on the same local files. If my laptop broke/got stolen (it's hard encrypted) I wouldn't miss a beat, moving to a new laptop/desktop is a matter of seconds and you have everything just as it was.

You can share a directory/file with a remote user by sending a link.

Not sure where this comes in the offerings, but we also have office online, that lets you work collaboratively and see changes in real time (much like google docs).

Box is not the only cloud offering, Google, Microsoft, others all do it but it is very much geared to business use.

The only reason not to use it or something like it for your office work is cost, if achieving the level of service you need costs too much. eg,  if you need the data held in the EU (or even UK) I know Box will provide, but I don't know where it falls in their pricing, probably not for their basic £12/month (3 users @ £4), the £36/month might, I dunno.

ETA as suspected, it's from the £20/user/min 3 user=£60/month offering "Box Zones" https://www.box.com/en-gb/zones if you need to have the location specified

Re: VPN for small office advice
« Reply #6 on: 26 May, 2018, 01:16:15 pm »
Hi Ham

I do collaborate with some colleagues using one drive and I have all my pdf files in dropbox so I can share or email easily.
I perhaps tried to simplify too much as the office runs a database which logs my activities, allows invoicing, etc.

Afasoas

Re: VPN for small office advice
« Reply #7 on: 27 May, 2018, 12:11:54 pm »
What you are asking is not hard to do. But it does require a bit of knowledge - there are countless resources online to assist you.

I would run pfSense firewall. Means putting your VM Superhub into modem mode and using a separate wireless access point.
Setup OpenVPN server on your pfSense firewall. Install the OpenVPN client export package on the firewall to make it easy to download VPN packages/configurations for PCs and mobiles.
You may need to setup dynamic DNS service to account for your IP address changing - although on my experience with Virgin Media it seldom does so you might get away without it.

You can get a Netgate SG-1000 pre-loaded with pfSense for ~ £100 in the UK

Like I said, there will be a bit of work to get going but I wouldn't be without it now. I use pfSense professionally and personally.

Morat

  • I tried to HTFU but something went ping :(
Re: VPN for small office advice
« Reply #8 on: 31 May, 2018, 09:43:25 pm »
If you're dealing with personal information, you will almost certainly need to have your cloud hosting located in the EU or the short list of countries who are regarded as "adequate" by the EU. (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en)

The ICO, as ever, have a handy guide on their site: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/

You are also meant to perform due diligence on the cloud hosting even within the EU but that's still in the very early stages. Initially there was talk of demanding access to datacentres to inspect the physical security - which doesn't make a huge amount of sense to me if every customer gets to traipse through the previously very private DCs.

In any event, you're on the hook for the security and the integrity of the personal data that you hold. I think you could make a case that the data is safer hosted on a cloud service in the EU (as long as the provider undertakes to abide by the GDPR) than rolling your own security at home. Of course, there is no case law.... but if you're really concerned there's nothing to stop you asking the ICO for advice (as long as you've got your other ducks lined up!)
Everyone's favourite windbreak