A VPN is a great idea to secure your remote server (or any remote server for that matter). A VPN is an encrypted tunnel where the data from your software to the server and back is both encrypted and secure. Some of the benefits of a VPN include…
- Ports that are on the server that indicate you have a database installed (for our database and most MySQL / MariaDB users the default port is 3306 TCP) cannot be scanned from the outside because they are blocked. There are many bots on the internet that will port scan ip ranges and if it finds a known port that is open like port 3306 it will try to brute force passwords and might even encrypt your database for ransom if it succeeds. A VPN will prevent this type of attack because the bot will not have access to break into the database.
- Strong data protection. Unless the connection is encrypted any type of Client / Server software system will send packets in plain text. Having a VPN will encrypt those packets allowing your data to stay safe. Even if there is a man in the middle attack!
- PCI compliance. Having open database ports on the server will fail a PCI compliance audit.
- Prevents data throttling. Your Internet Service Provider might throttle your connection if it can determine what types of packets you are sending through our software. This is called deep packet inspection. Since the VPN is an encrypted tunnel it is protected from throttling because there is no way to tell exactly what it is…since it is encrypted.
The only real disadvantages to using a VPN are…
- Possible slower connection speeds due to the overhead of the VPN. We use a lightweight but powerful cypher on our VPN systems and the speed difference is minimal.
- Our VPN hosting prices are a bit more expensive when using a VPN because the server needs more resources available in order to support it. A bigger server with larger resources will always be a bit more costly than one that does not need it.
- Might be a bit more difficult to manage for remote users as the VPN software needs to be connected to the server before they can login with Collections MAX.