
The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet today detailing factors to consider when choosing a virtual private network (VPN) and top configurations for deploying it securely. “Selecting and Hardening Remote Access VPN Solutions” also will help leaders in the Department of Defense, National Security Systems and the Defense Industrial Base better understand the risks associated with VPNs.
VPN servers are entry points into protected networks, making them attractive targets. Multiple nation-state advanced persistent threat (APT) actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices. Exploitation of these CVEs can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device. If successful, these effects usually lead to further malicious access and could result in a large-scale compromise to the corporate network.
The Information Sheet details considerations for selecting a remote access VPN, as well as actions to harden the VPN from compromise. Top hardening recommendations include using tested and validated VPN products on the National Information Assurance Partnership (NIAP) Product Compliant List, employing strong authentication methods like multi-factor authentication, promptly applying patches and updates, and reducing the VPN’s attack surface by disabling non-VPN-related features.
NSA is releasing this guidance as part of our mission to help secure the Department of Defense, National Security Systems and the Defense Industrial Base.
For more details on how to select a secure VPN and further harden your network, read the full Information Sheet here.
For more cybersecurity guidance, visit NSA.gov/cybersecurity.
Fachartikel

Ist macOS besser geschützt als Windows?

Threat Intelligence, Extended Threat Intelligence … Alles gleicher Inhalt in unterschiedlichen Verpackungen?!

Welche Strategie schützt Ihre IT vor Ransomware?

Phishing for Compromise: Mithilfe von XDR Phishing-Angriffe erkennen und abwehren

Die Last mit den Altlasten – Mitigationsprojekte, Teil 2
Studien

Accenture-Studie: Störungen der Lieferketten könnten die europäischen Volkswirtschaften bis 2023 rund 920 Mrd. Euro ihres BIPs kosten

Bad Bots verursachen rund 40 Prozent des Internetverkehrs in Deutschland – Kontoübernahmen und Online-Betrug nehmen zu

IBM Studie: Nachhaltigkeit zählt zu den obersten Prioritäten von CEOs, aber fehlende Erkenntnisse aus Daten behindern den Fortschritt

Mangelnde Cybersecurity-Kenntnisse verantwortlich für 80 Prozent der Sicherheitsverletzungen

Bis zu 75 Zugriffsberechtigungen: Diese Apps aus dem Alltag wollen an die meisten privaten Daten
Whitepaper

Beitrag zur Prüfbarkeit von sicherheitskritischen KI-Anwendungen veröffentlicht

Report 2022: Ransomware-Bedrohung nimmt stark zu

Group-IB stellt sein jährliches Ransomware-Kompendium vor

Hybrid Cloud dominiert und Sicherheit steht ganz oben auf der To-Do-Liste im Canonical Kubernetes und Cloud Native Operations 2022 Report
