This is Susan Bradley for CSO Online
today i'm going to talk about vpn
security during this time of work from
home you're probably using quite a bit
of vpn technologies
the attackers are going after that vpn
technology as well
they know that you're needing that more
than ever and they're going after it too
first and foremost make sure that you're
patching and using up-to-date vpn
software
make sure your firewall if that's what
you're going through is also up to date
earlier this year uscert noted that
attackers were using vulnerable pulse
vpn software
to attack and drop ransomware on the
networks the vulnerability was a worst
case scenario
it was a remote unauthentic
unauthenticated attacker
that was able to compromise a vulnerable
vpn server
the attacker was then able to gain
access to all active users
and call out their plain text
credentials
it could even be possible for the
attacker to execute arbitrary commands
on
the vpn clients thus the attacker was
able to get complete access to the
network
by scanning for and finding vulnerable
vpn servers
the only way to protect your network in
this situation was to apply
the available patches even if you don't
have systems that are vulnerable it's
wise to go back and review
your vpn connections to see if they are
as secure as they can be
remember to review your settings to
ensure the maximization of management
systems
early this year on cso online i
discussed the issue of split tunnel vpn
and the use of office 365. as i said at
the time for
many years the best practice was to
tunnel all traffic
for the network through the vpn tunnel
but with so many people remoting in from
home
and with office 365 and click to run
patching technologies
it's now recommended to split the
traffic have management
and updating go through the local users
connection while the rest of the traffic
needed for the office work is directed
over the vpn
if you use always on vpn provided by
microsoft and you have windows 10
enterprise edition 1709 or later
with the client device join the dev
domain you can set up device tunnel
feature
this allows computers to establish an
always-on vpn connection
prior to the user logging on this will
allow you to let users cache credentials
without concern
and risk this is important especially
with these days
with so many new users remoting it from
home who are logging into the devices
for the first time remotely
some of you are setting up laptops and
delivering these systems remotely
without people coming into the office
for training and setup
the device tunnel is also key for remote
support as it allows administrators
to manage remotely connected always-on
vpn clients
without having a user logged on finally
the device tunnel can assist with user
issues that are caused by self-sign
self-service password reset or sspr
but as i said earlier with so many of us
using vpn from remote technologies it's
time to review this
recently the national security agency
released two documents regarding
securing vpn
the first is called securing ipsec
virtual private networks
and discusses the regular tasks you
should do
for example reduce the vpn gateway
attack service
verify that cryptographic algorithms are
compliant
avoid using the default vpn settings
remove
any unused or non-compliant cryptography
suites
and apply vendor provided updates for
vpn gateways and clients
if you can set up strict traffic
filtering to limit the ports protocols
and ip addresses of network
traffic to vpn devices if you can't
filter
to a specific ip address and clearly at
this time it's very hard to do that
ensure that you have your firewall set
not to just open the port for vpn but to
provide inspection
and monitoring for ipsec traffic and
inspect ip
ip6 session negotiations next
check your cryptographic settings and
make sure the suites you're using are
the most secure they can be
if you use out of date settings
attackers can both breach the connection
and also breach that confidentiality and
lose the credentials
information so you can review the
current ipsec essays by
reviewing the ones in use check your
vendor firewall documentation
i've included some for cisco but you'll
need to check with your your normal
firewall vendor
the second document put out by the
national security agency is more
detailed as to configuring ipsec virtual
private networks
again they talk about the bare minimums
and go into a little more details
with specific vendor recommendations
and once again i can't stress this
enough to provide
or excuse me to apply vendor provided
updates it's so key to make sure that
you
have up-to-date software on your vpn
clients and gateways
it's disheartening to see when a vendor
releases a
security update for their product in
this case the pulse vpn software was out
in april of 2019
and in august there was already 14 500
vulnerable vpn servers still unpatched
in january 2020 cyber criminals
targeted unpatched vpn servers to
install
ransomware and again think of how
damaging this was a remote
unauthenticated attacker was able to
compromise
a vulnerable vpn server and get into the
network
and provide ransomware to everyone in
the network
you don't want to be there you don't
want to do that so make sure that you
review your vpn software
your settings don't take the defaults
and find
this video and more on the idg tech talk
out on youtube
until next time this is susan bradley
for cso online
you
