In an effort to reduce the potential threats to virtual private networks (VPN), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory sheet instructing organizations on how to select standards-based VPNs and best practices to harden the VPN against compromise.
VPNs allow users to encrypt data in a secure tunnel to permit remote authorized users to securely access resources on their organization’s internal network from the Internet. The encrypted connection helps ensure that sensitive data is safely transmitted, making it a reliable and trusted tool in corporate environments. The drawback of this technology lies within vulnerable VPNs, as access to a VPN server would potentially provide an entry point into protected networks, making these enticing targets for threat actors.
Earlier this year, Pulse Connect Secure experienced one of the most severe cyberattacks on a VPN infrastructure to date. The vulnerability allowed attackers to spy on high-value targets around the world, including defense contractors, financial institutions, and governments.
CISA and NSA note that the release of the advisory sheet is a step forward in helping secure the Department of Defense, National Security Systems and the Defense Industrial Base.