This post is maybe a bit offtopic but I would really be interested in your opinions and answers.
I am currently testing RoyalServer in our smaller company running mainly windows server and active directory. Due to NIS2 law we need to improve our security and I think royalserver could be a big improvement to the current situation.
I really like the idea of deplying royalserver behind a firewall, using it for document storage and mainly as secure gateway.
Accessing the royalserver only works via MFA for one specific admin-user. With the firewall I can make sure that only a specific device connects to the royalserver.
All administrative actions have to be taken trough royalserver. I would use it for connections from lan and also from WAN (via VPN). So far so good.
This concept would make royalserver highly valuable target for attackers. But at least it is one specific channel that could be monitored several ways.
What do you think about this setup? How do you use royalserver in relation to your security concept?
1 Comment
Stefan Koell
said
4 months ago
Seems like a perfectly valid concept. Make sure you check the gateway security configuration's IP blocker settings to tighten security even further:
MSP
Hello everyone,
This post is maybe a bit offtopic but I would really be interested in your opinions and answers.
I am currently testing RoyalServer in our smaller company running mainly windows server and active directory. Due to NIS2 law we need to improve our security and I think royalserver could be a big improvement to the current situation.
I really like the idea of deplying royalserver behind a firewall, using it for document storage and mainly as secure gateway.
Accessing the royalserver only works via MFA for one specific admin-user. With the firewall I can make sure that only a specific device connects to the royalserver.
All administrative actions have to be taken trough royalserver. I would use it for connections from lan and also from WAN (via VPN). So far so good.
This concept would make royalserver highly valuable target for attackers. But at least it is one specific channel that could be monitored several ways.
What do you think about this setup? How do you use royalserver in relation to your security concept?