Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network
via a secure tunnel. Through this tunnel, users can take advantage of the internal
services and protections normally offered to on-site users, such as email/collaboration
tools, sensitive document repositories, and perimeter firewalls and gateways. Because
remote access VPN servers are entry points into protected networks, they are targets
for adversaries. This joint NSA-CISA information sheet provides guidance on:
- Selecting standards-based VPNs from reputable vendors that have a proven
track record of quickly remediating known vulnerabilities and following best
practices for using strong authentication credentials. - Hardening the VPN against compromise by reducing the VPN server’s attack
surface through:
Read more…
Source: U.S Department of Defense