NSA and CISA Release Security Tips Regarding VPN Security

The Agency (NSA) and the U.S. () have issued guidance for strengthening the security of virtual private (VPN) services.

The document was created by the two agencies to assist organizations in boosting their defenses, particularly against attacks from nation-state adversaries who have previously used bugs in VPN systems to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device.

VPN servers are entry points into protected networks, making them attractive targets. Multiple nation-state advanced persistent threat () actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices. Exploitation of these CVEs can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device. If successful, these effects usually lead to further malicious access and could result in a large-scale compromise to the corporate network.

Source

In the document is explained correctly select the VPN solutions that follow the industry standards, as well as the best practices for using strong authentication credentials.

It’s important for organizations to be well informed

Read More: https://heimdalsecurity.com/blog/nsa-and-cisa-release-security-tips-regarding-vpn-security/