As the organization adapts to Coronavirus, there is a spike in remote work. Organizations are required to connect to remote locations using the Virtual Private Network (VPN) to allow telework capability. A VPN helps users to establish private, encrypted links to another network over the internet. Corporations and other industries are frequently used as staff operate remotely to protect sensitive information from hackers. To maintain data security, a VPN requires good cryptography.
NSA’s advisory said, in particular, VPN gateways are” resistant to network scanning, brute force attacks, and zero-day vulnerabilities. VPNs alone are not a panacea, and VPNs can become a threat area if they are poorly configured or controlled. Through scanning the web and then gaining access through proven vulnerabilities to user accounts, the cyber hackers identify the prospective corporate target. The best way is to think that it is possible to breach all your security controls and, as such, do a risk analysis of what an attacker can do if he can breach your VPN.
Best Practices for Securing VPNs
- Urgent Guidelines for mitigation
- Review and update all patches and protected settings of any VPN or other edge/gateway system before connecting to your network or internet link.
- Activate multi-factor authentication (MFA) or two- factor authentication(2FA) for all user accounts that use VPN or RDP services to exploit external access; enforce daily reset of passwords that require a complicated password policy.
- Revoke and develop new keys and certificates for VPN servers
- To ensure that adversaries have not generated new accounts, check your network accounts
- Greatly reduce or remove remote access by VPN or RDP services for administrator accounts. Using a user account with restricted rights, then switch user accounts after you have signed in to your internal network
- Allow logging on all VPN and/or firewall appliances to monitor all user behavior, authentication activities, such as RDP connections, file access/downloads, and transmitted and received data volume (e.g., Cisco’s NetFlow protocol).
- Establish a process to review, validate and upgrade any edge / internet-connected devices periodically
Find below the NSA recommendations on how to maintain a secure VPN by the network administrators:
1. Reduce the VPN gateway attack surface.
2. Verify that cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant.
3. Avoid using default VPN settings.
4. Remove unused or non-compliant cryptography suites.
5. Apply vendor-provided updates (i.e. patches) for VPN gateways and clients.
Also, the Network Administrator can administer CCG Phen.AI to verify everything trying to connect to the network system, thereby enforcing strict traffic filtering rules to restrict network traffic to VPN devices via ports, protocols, and IP address.