CISA, NSA: Here's how to bolster VPN security

By Mayank Sharma
published

Compromised VPN servers are gateways to further attacks, warn the agencies

A laptop screen displaying a VPN logo
(Image credit: Shutterstock)
Audio player loading…

The US Cybersecurity (opens in new tab) and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released a joint guidance document to help businesses select and harden virtual private network (VPN (opens in new tab)) solutions.

“VPN servers are entry points into protected networks, making them attractive targets. Multiple nation-state advanced persistent threat (APT) actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices,” observed (opens in new tab) the two agencies in the document. 

The agencies add that threat actors often exploit these unpatched CVEs as a gateway to all sorts of campaigns against corporate networks, for everything from stealing credentials to exfiltrating sensitive data.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

The document lists directions for businesses to help them select the VPN solution that adheres to industry standards and follows the best practices to ensure the integrity of its infrastructure.

Gateway to larger attacks

The document suggests using tested and validated VPN products that are listed on the National Information Assurance Partnership (NIAP) Product Compliant List. It also suggests looking for solutions that employ strong authentication methods like multi-factor authentication (MFA (opens in new tab)).

At the same time, the service shouldn’t exhibit laxity in applying patches (opens in new tab) and updates, and ensures it reduces the surface area for attacks on VPN servers by disabling non-VPN-related features.

“Exploiting remote access VPNs can become a gateway to large-scale compromise,” said Rob Joyce, Director of Cybersecurity at NSA in an email to BleepingComputer.

Parsing through the document, BleepingComputer notes that the agencies suggest VPN service providers employ strong cryptography and authentication mechanisms on their servers, run the bare minimum number of features, while protecting and monitoring access to and from the VPN.

Via BleepingComputer (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more VPN news