Hi All,
National Security Agency Cybersecurity Information Releases: Configuring IPsec Virtual Private Networks
The previous NSA publication "Securing IPsec Virtual Private Networks" lays out the importance of IP Security (IPsec)
Virtual Private Networks (VPNs) and outlines specific recommendations for securing those connections. It is critical that
VPNs use strong cryptography.
This NSA publication "Configuring IPsec Virtual Private Networks" goes deeper, providing device administrators with specific implementation instructions and example configurations.
Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain a secure VPN, network
administrators should perform the following tasks on a regular basis:
- Reduce the VPN gateway attack surface
- Verify those cryptographic algorithms are Committee on National Security Systems Policy (CNSSP) 15-compliant
- Avoid using default VPN settings
- Remove unused or non-compliant cryptography suites
- Apply vendor-provided updates (i.e. patches) for VPN gateways and clients
------------------------------
Michael Roza CPA, CISA, CIA
------------------------------