How do I secure my Linode so only people within my organization have access?
We'd like to add another Linode VPS to our account, but unlike our existing Linode, we'd like the new one to be accessible to only employees in our company and not publicly accessible. Do you have any recommendations on setting up something like that?
It’s important to keep in mind that any device with a public IP address is exposed to the public internet and open to attacks. After deploying a Linode you should always take the time to secure it.
With that said, there are several steps you can take to restrict access so only users within your organization have access to your systems.
If your company has a known range of IP addresses you can configure a firewall on the new Linode to whitelist that IP range and drop traffic from anything outside of it.
Your other option is to use a VPN to control access to the new Linode. In case you’re unaware, a VPN allows you to extend the the use of a private network across the public internet. Anyone accessing the VPN is able to send and receive data as if they were connected to your companies internal private network. You can learn more about VPN’s by checking out the links below.
If your company is already using a VPN then you’re in great shape. All you should have to do is set up a VPN endpoint on the new Linode and configure the firewall to drop all traffic that comes from outside the VPN's network.
If your company does not have a VPN then you’ll need to configure a second VPN endpoint at your office. Just like the method above, you’ll want to configure the firewall on the new Linode to drop all traffic that is outside the VPN's network.
At this point the new Linode can only be accessed by devices that are connected to VPN. The endpoint at your office will now be the gateway to that Linode. Anyone that needs to access the Linode will first need to connect to the endpoint in your office.
I’ve included some links below with additional information to help get you started.