The Inner Circle

National Security Agency Cybersecurity Information Releases: Configuring IPsec Virtual Private Networks

  • 1.  National Security Agency Cybersecurity Information Releases: Configuring IPsec Virtual Private Networks

    Posted Jul 05, 2020 10:34:00 PM
      |   view attached
    Hi All,

    National Security Agency Cybersecurity Information Releases: Configuring IPsec Virtual Private Networks

    The previous NSA publication "Securing IPsec Virtual Private Networks" lays out the importance of IP Security (IPsec)
    Virtual Private Networks (VPNs) and outlines specific recommendations for securing those connections. It is critical that
    VPNs use strong cryptography.

    This NSA publication "Configuring IPsec Virtual Private Networks" goes deeper, providing device administrators with specific implementation instructions and example configurations.

    Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network
    administrators should perform the following tasks on a regular basis:
    • Reduce the VPN gateway attack surface
    • Verify those cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant
    • Avoid using default VPN settings
    • Remove unused or non-compliant cryptography suites
    • Apply vendor-provided updates (i.e. patches) for VPN gateways and clients


    ------------------------------
    Michael Roza CPA, CISA, CIA
    ------------------------------