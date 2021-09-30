In an effort to highlight the security risks associated with the use of virtual private networks (VPN), the US National Cybersecurity Agency (CISA, for its acronym in English) and the US National Security Agency (NSA) are making available a step-by-step guide for companies to increase security around this technology.

VPNs are connections that hide the IP address of those who are connected to it, letting the network redirect them through a specially configured remote server that runs the VPN hosting.

Although, on paper, VPN seems like a safe option, some privacy issues, mainly depending on the provider from the redirect server, can put users of this type of connection at risk.

According to the guide provided by the agencies, VPN remote access servers allow users outside the connection scope to enter networks protected, making these access points vulnerable. Agencies claim that these vulnerabilities can allow criminals to collect credentials, remotely run code on devices, and read sensitive data from network-connected computers, such as settings or device passwords. CISA and the NSA also detail that several advanced persistent threats have already managed to master common VPN flaws, thereby gaining access to connected devices that are vulnerable. Recommendations of the guide500

The guide provided by the NSA and the CISA recommends that companies make use of VPNs from vendors that constantly update their platforms with vulnerability fixes, and that teams with network access follow practices to ensure strong authentication processes are in place.

The guide also shows that users can prevent VPN servers from being compromised, by taking certain steps to decrease the available surface for possible attacks.

In general, tips to prevent VPN servers from being compromised are as follows:

Apply patches and updates to all systems as they become available;

Follow all vendor recommendations on patching and updating;

Always update the VPN access credentials of users and administrators;

Restrict external access to VPN devices from port and protocol limitations.

The guide also recommends disabling non-VPN related features that may have known vulnerabilities to criminals. As an example, file sharing between computers on the network and the remote administration function are mentioned.

Finally, the guide also recommends that VPN network administrators should not have access to the management interface remotely. According to the guide, the safest way is when these administrators are making use of the company’s devices, where access is protected through the same protocols and updates on all company devices, thus avoiding possible invasions by vulnerabilities available on domestic machines .

The complete guide is available on the official NSA website.

Source: WeLiveSecurity, BleepingComputer