CISA and the NSA have released guidance for increasing the security VPN solutions. Multiple attacks against private organizations and government entities, were carried out by threat actors by exploiting vulnerabilities in popular VPN systems.l like Fortinet, Ivanti, SonicWall.
Researchers pointed out that compromised VPN devices represented the entry points into protected networks, for this reason, multiple nation-state actors have weaponized common known vulnerabilities to gain access to vulnerable VPN servers.
The VPN hardening guidance suggests to select only industry-standard solutions, do not choose non-standard VPN solutions, including a class of products referred to as SSL/TLS VPNs.
Select only solutions that support strong authentication credentials and protocols, and disables weak credentials and protocols by default. It is important to use multi-factor authentication.
The guidance also provided the following recommendations to reduce the remote access VPN attack surface:
- Immediately apply patches and updates to mitigate known vulnerabilities that are often rapidly exploited;
- Restrict external access to the VPN device by port and protocol;
- Disable non-VPN-related functionality and advanced features that are more likely to have Vulnerabilities.
- Restrict management interface access via the VPN;
- Government experts recommend to protect and monitor access to and from the VPN, using IPS, WAF.
It is important enabling local and remote logging to record and track VPN user activity and to implement network segmentation and restrictions to limit access only to services that really needed to be remotely reachable via the VPN.
Remote access VPNs are entry ways into corporate networks and all the sensitive data and services. This direct access makes targets readily available for malicious actors. Keep malicious actors out by selecting a secure, standards-based VPN and hardening its attack surface. This is essential for ensuring a network’s cybersecurity.