CISA and NSA Jointly Release VPN Cybersecurity Information Sheet

CISA and NSA
Share It On:

3rd October 2021, Kathmandu

When users join another network online, a Virtual Private Network (VPN) increases data privacy and security by offering a secure connection.

Despite the benefits in terms of security, VPNs have become a popular target for cybercriminals.

Several state-sponsored actors have exploited unpatched flaws to get access to insecure VPN devices, ranging from the Chinese APT group’s vulnerability exploitation of Pulse Secure’s VPNs to the recent exposing of 500,000 Fortinet VPN account credentials on the black web.

VPN Protection

The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) jointly released a Cybersecurity Information Sheet detailing how to select and harden remote access VPN solutions in order to combat rising security incidents and help organizations improve their VPN security defenses against cyberattacks.

The National Security Agency (NSA) stated that the cybersecurity information sheet was published to assist with the security of the Department of Defense, National Security Systems, and the Defense Industrial Base.

The exploitation of vulnerabilities in VPN networks enables bad actors to:

  • Credentials are stolen.
  • Execute code from a distance.
  • Weaken the cryptography of encrypted traffic.
  • Encrypted traffic sessions are being hacked.
  • Keep an eye on the device’s important data.
  • Compromise the corporate network on a wide scale.

What to Look for When Choosing a VPN Service for Remote Access

  • Non-standard VPN solutions, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPNs, should be avoided.
  • Validated VPNs can be found on the Product Compliant List of the National Information Assurance Partnership (NIAP).
  • Read the vendor documentation carefully to check that any potential products support IKE/IPsec VPNs.
  • When unable to establish an IKE/IPsec VPN, determine whether the product employs SSL/TLS in a proprietary or non-standards-based VPN protocol.
  • Examine whether the product supports strong authentication credentials and protocols by default and whether it disables weak certificates and protocols.
  • Ensure that the product incorporates anti-intrusion features such as signed binaries or firmware images, a secure boot procedure that checks boot code before it executes, and runtime process and file integrity checking.

How to Harden VPN Solutions for Remote Access

  • Use VPN products from the NIAP product list that have been thoroughly tested and approved.
  • Use strong authentication techniques such as multi-factor authentication (MFA)
  • Patches and updates should be applied on a regular basis.
  • Disable non-VPN-related functionality to reduce the VPN’s attack surface.
  • Set up strong encryption and authentication.
  • Only use features that are absolutely necessary.
  • Access to and from the VPN should be protected and monitored.
  • Protect the network’s entrance.

“Virtual private networks (VPNs) for remote access provide access to corporate networks and all of the sensitive data and services they include. Because of their direct access, they are desirable targets for malevolent actors. Choose a secure, standards-based VPN and harden its attack surface to keep hostile actors out. In an advisory, the agencies stated that this is “important for guaranteeing a network’s cybersecurity.”


Share It On:

Recent Posts

WT20I Triangular Series 2025: Nepal, Netherlands, Thailand – Sponsored by Yamaha

WT20I Triangular Series 2025: Nepal, Netherlands, Thailand – Sponsored by

Share It On:30th January 2025, Kathmandu Yamaha Nepal, a brand synonymous with performance, reliability, and excellence, proudly announces its Title

Samsung Galaxy S25 Series Pre-Order Nepal: Best Deals, Price, Specs & AI

Samsung Galaxy S25 Series Pre-Order Nepal: Best Deals, Price, Specs

Share It On:30th January 2025, Kathmandu Samsung Nepal announced that customers can pre-order its latest Galaxy S25 Ultra, Galaxy S25+,

Startup Funding Nepal: Challenges, Sources, Venture Capital, & Bank Loans

Startup Funding Nepal: Challenges, Sources, Venture Capital, & Bank Loans

Share It On:30th January 2025, Kathmandu Nabil Bank’s Senior Deputy Chief Executive Officer (DCEO), Manoj Gyawali, spoke at the Nepal

KP Oli’s Export Growth Targets and Infrastructure Development Plans for Nepal’s Economic Success

KP Oli’s Export Growth Targets and Infrastructure Development Plans for

Share It On:30th January 2025, Kathmandu Prime Minister KP Sharma Oli has called on Nepal’s business community to scale up

Nepal Corruption Probe Demanded: Pun Calls for Investigation of Top Politicians

Nepal Corruption Probe Demanded: Pun Calls for Investigation of Top

Share It On:30th January 2025, Kathmandu Barshaman Pun, Deputy Secretary of the Maoist Centre, has demanded an investigation into various

Bipin Joshi, Nepali Hostage: Alive in Gaza, But Release Not Confirmed

Bipin Joshi, Nepali Hostage: Alive in Gaza, But Release Not

Share It On:30th January 2025, Kathmandu Bipin Joshi, a Nepali student held by Hamas since October 2023, has been confirmed