Glamour Apartments, a real estate agency from France, uses multiple back-office systems to manage their work: 3 separate CRMs (for property purchases, sales and other needs) and a WordPress-based CMS for their website. Due to the nature of the work all these applications need to be accessed by employees from outside the office. Although all of these systems are business-critical, as a small business hiring a dedicated security engineer to maintain the apps and respective platforms with the latest security fixes would be a significant expense.

The agency chose ZenVPN to implement additional IP-based checks to prevent unauthorized access even to login pages of their applications and prevent their systems from even being discovered in mass scans in case a vulnerability is found in one of the platforms on which their applications are based.

Implementation

For CRMs, a firewall rule was used to allow access only from the VPN server IP address.

iptables -A INPUT -p tcp --dport 443 -s <VPN server IP> -j ACCEPT

(the default rule, not shown here, is to reject packets)

For the WordPress-based website, a blanket access restriction could not be implemented as the website is meant for the general public. Therefore, ZenVPN WordPress plugin was used to restrict access only to the admin section of the site.

Conclusion

Although application security maintenance remains a must, using ZenVPN allowed the agency to perform it on a more lax schedule thereby reducing the costs.