Hi All,
NSA just published NSA Selecting and Hardening Remote Access VPN Solutions
Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network
via a secure tunnel. Through this tunnel, users can take advantage of the internal
services and protections normally offered to on-site users, such as email/collaboration
tools, sensitive document repositories, and perimeter firewalls and gateways. Because
remote access VPN servers are entry points into protected networks, they are targets
for adversaries. This joint NSA-CISA information sheet provides guidance on:
Selecting standards-based VPNs from reputable vendors that have a proven
track record of quickly remediating known vulnerabilities and following best
practices for using strong authentication credentials.
Hardening the VPN against compromise by reducing the VPN server's attack
surface through:
- Configuring strong cryptography and authentication
- Running only strictly necessary features
- Protecting and monitoring access to and from the VPN
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------