New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


NSA and CISA Release Best Practices to Select and Harden VPNs

In an effort to reduce the potential threats to virtual private networks (VPN), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory sheet instructing organizations on how to select standards-based VPNs and best practices to harden the VPN against compromise.

VPNs allow users to encrypt data in a secure tunnel to permit remote authorized users to securely access resources on their organization’s internal network from the Internet. The encrypted connection helps ensure that sensitive data is safely transmitted, making it a reliable and trusted tool in corporate environments. The drawback of this technology lies within vulnerable VPNs, as access to a VPN server would potentially provide an entry point into protected networks, making these enticing targets for threat actors.

Earlier this year, Pulse Connect Secure experienced one of the most severe cyberattacks on a VPN infrastructure to date. The vulnerability allowed attackers to spy on high-value targets around the world, including defense contractors, financial institutions, and governments.

CISA and NSA note that the release of the advisory sheet is a step forward in helping secure the Department of Defense, National Security Systems and the Defense Industrial Base.

Analyst Notes

It is predicted that 22% of Americans will be working remotely by the year 2025. In concurrence with CISA and NSA’s advisory, it is crucial that best practices are put in place when selecting and managing a corporate or personal VPN:
• Choose reputable vendors when selecting standard-based VPNs
• Reduce the attack surface by utilizing strong cryptography
• Keep the VPN software up to date with security patches from the vendor
• Consider using a full tunnel VPN to encrypt all traffic
• Protect and monitor access to and from the VPN
• Alternatively, a private VPN server can be configured for further privacy and control