Your own Proxy server as a remote access server serves as a good solution for ensuring security of access to server services due to the presence of an external static IP address.
You can allow access in the firewall only from the IP of the proxy server, be it:
- SSH service
- administrative section of the site
- and other services
This way you will secure 1 or several servers on the firewall itself and the ports will not be available for hacking - after all, the best protection begins with preventing the threat.
The proxy is also good in terms of ease of use - after all, this is also a kind of balance, when convenience decreases - many people turn off part of the security rules, as they add fatigue in everyday use.
Many people use a VPN for this solution - it’s very similar, but a proxy is much more convenient, since it does not require a separate connection, you simply configure a second browser, for example Firefox, to work with a proxy and also other services including an SSH client. Thus, you do not add additional actions to everyday use while increasing the security of your IT infrastructure; configuration will only be required 1 time.
Another plus is that, using squid and sarg as a proxy, you will receive comprehensive statistics for each user. By removing a user from the proxy server, you stop the user’s access to corporate resources instantly and from anywhere via the Internet, the VPS server will be available worldwide.
The following guides will help improve the security of your server:
- Configuring iptables for SSH service with ip limitation
- Configuring restrictions on the administrative section of the site by ip in nginx