NSA-CISA Guidance: Selecting and Hardening Remote Access VPN Solutions

Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network
via a secure tunnel. Through this tunnel, users can take advantage of the internal
services and protections normally offered to on-site users, such as email/collaboration
tools, sensitive document repositories, and perimeter firewalls and gateways. Because
remote access VPN servers are entry points into protected networks, they are targets
for adversaries. This joint NSA-CISA information sheet provides guidance on:

  • Selecting standards-based VPNs from reputable vendors that have a proven
    track record of quickly remediating known vulnerabilities and following best
    practices for using strong authentication credentials.
  • Hardening the VPN against compromise by reducing the VPN server’s attack
    surface through:

Read more…
Source: U.S Department of Defense