As the organization adapts to
Coronavirus, there is a spike in remote work. Organizations are required to
connect to remote locations using the Virtual Private Network (VPN) to allow
telework capability. A VPN helps users to establish private, encrypted links to
another network over the internet. Corporations and other industries are
frequently used as staff operate remotely to protect sensitive information from
hackers. To maintain data security, a VPN requires good cryptography.
NSA’s advisory said, in particular, VPN
gateways are” resistant to network scanning, brute force attacks, and
zero-day vulnerabilities. VPNs alone are not a panacea, and VPNs can become a
threat area if they are poorly configured or controlled. Through scanning the
web and then gaining access through proven vulnerabilities to user accounts,
the cyber hackers identify the prospective corporate target. The best way is to
think that it is possible to breach all your security controls and, as such, do
a risk analysis of what an attacker can do if he can breach your VPN.
Best Practices for Securing
VPNs
- Urgent Guidelines for mitigation
- Review and update all patches and protected
settings of any VPN or other edge/gateway system before connecting to your
network or internet link. - Activate multi-factor authentication (MFA) or
two- factor authentication(2FA) for all user accounts that use VPN or RDP
services to exploit external access; enforce daily reset of passwords that
require a complicated password policy. - Revoke and develop new keys and certificates for
VPN servers - To ensure that adversaries have not generated
new accounts, check your network accounts - Greatly reduce or remove remote access by VPN or
RDP services for administrator accounts. Using a user account with restricted
rights, then switch user accounts after you have signed in to your internal
network - Allow logging on all VPN and/or firewall
appliances to monitor all user behavior, authentication activities, such as RDP
connections, file access/downloads, and transmitted and received data volume
(e.g., Cisco’s NetFlow protocol). - Establish a process to review, validate and
upgrade any edge / internet-connected devices periodically
Find below the NSA
recommendations on how to maintain a secure VPN by the network administrators:
1. Reduce the VPN gateway attack
surface.
2. Verify that cryptographic
algorithms are Committee on National Security Systems Policy (CNSSP)
15-compliant.
3. Avoid using default VPN
settings.
4. Remove unused or non-compliant
cryptography suites.
5. Apply vendor-provided updates
(i.e. patches) for VPN gateways and clients.
Also, the Network Administrator
can administer CCG Phen.AI to verify everything trying to connect to the
network system, thereby enforcing strict traffic filtering rules to restrict
network traffic to VPN devices via ports, protocols, and IP address.
