View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How do I secure my Linode so only people within my organization have access?
Log in to Ask a Question

How do I secure my Linode so only people within my organization have access?

firewall vpn security
Linode Staff

We'd like to add another Linode VPS to our account, but unlike our existing Linode, we'd like the new one to be accessible to only employees in our company and not publicly accessible. Do you have any recommendations on setting up something like that?

1 Reply

Linode Staff

It’s important to keep in mind that any device with a public IP address is exposed to the public internet and open to attacks. After deploying a Linode you should always take the time to secure it.



- https://www.linode.com/docs/security/securing-your-server/
- https://www.linode.com/docs/security/


With that said, there are several steps you can take to restrict access so only users within your organization have access to your systems.



If your company has a known range of IP addresses you can configure a firewall on the new Linode to whitelist that IP range and drop traffic from anything outside of it.


Your other option is to use a VPN to control access to the new Linode. In case you’re unaware, a VPN allows you to extend the the use of a private network across the public internet. Anyone accessing the VPN is able to send and receive data as if they were connected to your companies internal private network. You can learn more about VPN’s by checking out the links below.



- https://en.wikipedia.org/wiki/Virtual_private_network
- https://www.youtube.com/watch?v=1mtSNVdC7tM

If your company is already using a VPN then you’re in great shape. All you should have to do is set up a VPN endpoint on the new Linode and configure the firewall to drop all traffic that comes from outside the VPN's network.

If your company does not have a VPN then you’ll need to configure a second VPN endpoint at your office. Just like the method above, you’ll want to configure the firewall on the new Linode to drop all traffic that is outside the VPN's network.

At this point the new Linode can only be accessed by devices that are connected to VPN. The endpoint at your office will now be the gateway to that Linode. Anyone that needs to access the Linode will first need to connect to the endpoint in your office.

I’ve included some links below with additional information to help get you started.


—Firewalls—



- https://www.linode.com/docs/security/firewalls/
- https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/
- https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/



—VPN—



- https://www.linode.com/docs/networking/vpn/
- https://www.linode.com/docs/platform/one-click/one-click-openvpn/
- https://www.linode.com/docs/networking/vpn/tunnel-your-internet-traffic-through-an-openvpn-server/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct