CISA and NSA

3rd October 2021, Kathmandu

When users join another network online, a Virtual Private Network (VPN) increases data privacy and security by offering a secure connection.

Despite the benefits in terms of security, VPNs have become a popular target for cybercriminals.

Several state-sponsored actors have exploited unpatched flaws to get access to insecure VPN devices, ranging from the Chinese APT group’s vulnerability exploitation of Pulse Secure’s VPNs to the recent exposing of 500,000 Fortinet VPN account credentials on the black web.

VPN Protection

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) jointly released a Cybersecurity Information Sheet detailing how to select and harden remote access VPN solutions in order to combat rising security incidents and help organizations improve their VPN security defenses against cyberattacks.

The National Security Agency (NSA) stated that the cybersecurity information sheet was published to assist with the security of the Department of Defense, National Security Systems, and the Defense Industrial Base.

The exploitation of vulnerabilities in VPN networks enables bad actors to:

  • Credentials are stolen.
  • Execute code from a distance.
  • Weaken the cryptography of encrypted traffic.
  • Encrypted traffic sessions are being hacked.
  • Keep an eye on the device’s important data.
  • Compromise the corporate network on a wide scale.

What to Look for When Choosing a VPN Service for Remote Access

  • Non-standard VPN solutions, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPNs, should be avoided.
  • Validated VPNs can be found on the Product Compliant List of the National Information Assurance Partnership (NIAP).
  • Read the vendor documentation carefully to check that any potential products support IKE/IPsec VPNs.
  • When unable to establish an IKE/IPsec VPN, determine whether the product employs SSL/TLS in a proprietary or non-standards-based VPN protocol.
  • Examine whether the product supports strong authentication credentials and protocols by default and whether it disables weak certificates and protocols.
  • Ensure that the product incorporates anti-intrusion features such as signed binaries or firmware images, a secure boot procedure that checks boot code before it executes, and runtime process and file integrity checking.

How to Harden VPN Solutions for Remote Access

  • Use VPN products from the NIAP product list that have been thoroughly tested and approved.
  • Use strong authentication techniques such as multi-factor authentication (MFA)
  • Patches and updates should be applied on a regular basis.
  • Disable non-VPN-related functionality to reduce the VPN’s attack surface.
  • Set up strong encryption and authentication.
  • Only use features that are absolutely necessary.
  • Access to and from the VPN should be protected and monitored.
  • Protect the network’s entrance.

“Virtual private networks (VPNs) for remote access provide access to corporate networks and all of the sensitive data and services they include. Because of their direct access, they are desirable targets for malevolent actors. Choose a secure, standards-based VPN and harden its attack surface to keep hostile actors out. In an advisory, the agencies stated that this is “important for guaranteeing a network’s cybersecurity.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here