I manage an SMB across a couple of countries and am steadily trying to improve security across the offices as well as still allow the workers convenient access while on the road and in the office.
Over the past few weeks I am becoming increasingly concerned about the escalating number of 'firewall' events. Essentially both units geo-block anything outside their respective countries and each others. I realise geo IP can be gotten around with a VPN but it's a line of defence.
Ongoingly on these forums I read 'don't port forward/use a VPN' without anything further.
Questions I have for the 'turn of qnapcloud/upnp' argument which would help me move to a more secure environment:
- Yes I have VPN set up for remote 'from-home' workers, which works great, mapped drives etc but I still need to port-forward the VPN port don't I? So how does that help ?
Also, how does that help the worker on the way to the meeting that needs to access Qfile over his iphone app ? Yep, the QVPN connection works fine using Qbelt, but then what ?
- I'm trying to be as secure as possible whilst at the same time keeping some sense of usefulness for remote / mobile workers AND allowing me as admin access for back-ups/maintenance etc. Again, how would the well-working VPN allow me to access for instance HSB back ups/archiving ?
We also have a decent Cisco router in at least one of the offices with VPN/ACL/Firewall - wondering again if THAT VPN and/or ACL/geoIP be at least another line of defence.
The paranoia is real We've been hit once with ransomware many years ago - user error, clicked on a mail-link and boom At times it feels like we're the little boy with his fingers in the dyke and holes are springing out all over the place
Thanks for your advices and wisdoms in advance
J