The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a guidance to help organizations address the potential security risks associated with using Virtual Private Networks (VPNs).
“VPN servers are entry points into protected networks, making them attractive targets. Multiple nation-state advanced persistent threat (APT) actors have weaponized common vulnerabilities and exposures (CVEs) to gain access to vulnerable VPN devices. Exploitation of these CVEs can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device. If successful, these effects usually lead to further malicious access and could result in a large-scale compromise to the corporate network,” the NSA said in a press release.
The joint CISA/NSA information sheet provides recommendations for selecting a remote access VPN, as well as actions to harden the VPN from compromise, including the use of strong, approved cryptographic protocols, algorithms, and authentication credentials, reducing the remote access VPN attack surface, and protecting and monitoring access to and from the VPN.
Last month, CISA released a guidance designed to help government and private sector organizations, as well as critical infrastructure organizations, prevent data breaches stemming from ransomware attacks.