In the third part of our VPN as-a-service video blog series, Ashur Kanoon takes us through a 3-minute tunnel discovery and configuration using Banyan Security.

[Transcript] In this video, we’re going to look at tunnel discovery for a VPN as-a-service (VPNaaS).

Tunnel Discovery

When you’re trying to configure a tunnel, you want to make sure that it’s as specific and granular as possible to ensure least-privilege access. You can see we have a few different tunnels configured. One of them is full tunnel, and this is typical for administrators, but you should not be using this for your standard users. For user tunnels, you wanna configure access to a specific server using IP address or domain, a specific protocol and a specific port only. We know organizations that deploy layer three often don’t know which of their users is accessing what internal resource. With tunnel discovery, you can learn exactly who’s accessing what, and then you can create a policy to lock down that network or access to that system. The tunnel discovery will find systems based on IP addresses and domains depending on how they’re being accessed.

VPN Configuration

It will also show the protocol and the port that is being accessed. Let’s look at an example here: you can see that there is access to a server with a 99 IP address, Using port 443 and the TCP protocol, we can also see who the user is and what device they’re coming from. Now we can go back to our Service Tunnel policies and either modify an existing one to add the system, or we can create a new one for a very specific set of users that allow access only to the system. Another option is to find systems based on DNS records or domains. This is especially helpful with SaaS applications. Here’s an example for Salesforce:

Banyan Security is here to make configuring VPNaaS easy to deploy in your organization – attend our weekly live demo to ask all your questions and see how we can help.