CISA and NSA Release Guidance on Selecting and Hardening VPNs

Original release date: September 28, 2021

The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors.

Exploitation of these devices can enable:

Credential harvesting
Remote code execution on the VPN device
Cryptographic weakening of encrypted traffic sessions
Hijacking of encrypted traffic sessions
Arbitrary reads of sensitive data (e.g., configurations, credentials, keys) from the device

The information sheet helps organizations select standards-based (rather than proprietary) VPN solutions and provides hardening guidance to prevent compromise and respond to attacks.

CISA encourages organizations to review and adopt recommendations in the information sheet to reduce risk.

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin

Next RCE Vulnerability in Hikvision Cameras (CVE-2021-36260) »

Previous « CISA Releases Guidance: IPv6 Considerations for TIC 3.0

This website uses cookies.

CISA and NSA Release Guidance on Selecting and Hardening VPNs

Recent Posts

CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices

Widespread Supply Chain Compromise Impacting npm Ecosystem

CISA Releases Advisory on Lessons Learned from an Incident Response Engagement

SonicWall Releases Advisory for Customers after Security Incident

CISA Releases Nine Industrial Control Systems Advisories

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems