The NSA and CISA have published new advice for organizations on securing their VPNs against hacking.
The new Cybersecurity Information Sheet warned multiple nation-state hackers have exploited common vulnerabilities to gain access to VPN devices to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device.
“These effects usually lead to further malicious access through the VPN, resulting in large-scale compromise of the corporate network or identity infrastructure and sometimes of separate services as well,” the guidance read.
The agencies advised against using non-standard VPN solutions, including security products, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPNs.
“Using custom or non-standard features creates additional risk exposure, even when the TLS parameters used by the products are secure,” the guidance said.
Instead, organizations should use standardized Internet Key Exchange/Internet Protocol Security (IKE/IPsec) VPNs validated against standardized security requirements for VPNs.
Organizations should also use products from a vendor with a proven track record of supporting products. VPN products should also be hardened using “only strong, approved cryptographic protocols, algorithms, and authentication credentials.”
Other ways to reduce the attack surface of a VPN is to immediately apply patches and updates to mitigate known vulnerabilities and restricting external access to the VPN device by port and protocol.
RELATED RESOURCE
Organizations should also disable non-VPN-related functionality and advanced features that are more likely to have vulnerabilities. “Features such as web administration, Remote Desktop Protocol, Secure Shell, and file sharing are convenient, but not necessary for the operation of remote access VPNs,” the guidance said.
Firms were also urged to restrict management interface access via the VPN. “Malicious cyber actors that manage to compromise administrator credentials could try to authenticate into management interfaces and maliciously perform privileged operations,” said the agencies’ guidance.
“Remote access VPNs are entryways into corporate networks and all the sensitive data and services they have. This direct access makes them prized targets for malicious actors. Keep malicious actors out by selecting a secure, standards-based VPN and hardening its attack surface. This is essential for ensuring a network’s cybersecurity,” the advice concluded.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Securing your network in every direction with zero trustWhitepaper Webinar on the evolution of network security
-
Turning your log and incident data into real-time security insightsWhitepaper Integrate multiple data sources for a comprehensive security view
-
Do more with less: Optimizing servers with HPE to maximize VMware licensingWhitepaper Your trusted guide through the changes in the virtualization market
-
The impact of generative AI on businessWhitepaper Optimal and speedy GenAI computing performance
-
Fortify your future with HPE ProLiant Servers powered by IntelWhitepaper Enhance your security and manage your servers more effectively
-
Getting value from generative AIWhitepaper Become more productive and pursue innovation
-
The Gorilla Guide To… How HPE ProLiant Gen11 servers powered by Intel deliver trusted securityWhitepaper How systems, software, and connections are protected
-
Tech brief security bundleWhitepaper By Hewlett Packard Enterprise
