#CISA and #NSA Release Guidance on Selecting and Hardening VPNs

Read Time48 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

09/28/2021 02:00 PM EDT

 

Original release date: September 28, 2021
The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors.

Exploitation of these devices can enable:

  • Credential harvesting
  • Remote code execution on the VPN device
  • Cryptographic weakening of encrypted traffic sessions
  • Hijacking of encrypted traffic sessions
  • Arbitrary reads of sensitive data (e.g., configurations, credentials, keys) from the device

The information sheet helps organizations select standards-based (rather than proprietary) VPN solutions and provides hardening guidance to prevent compromise and respond to attacks.

CISA encourages organizations to review and adopt recommendations in the information sheet to reduce risk

About Post Author

Robert Williams

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: