- May 4, 2019
- 801
The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.
Besides providing organizations with recommendations on how to secure IPsec tunnels, NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers.
Following these recommendations is especially important for organizations that moved the majority of their workforce to telework since the start of the pandemic.
"VPNs are essential for enabling remote access and securely connecting remote sites, but without proper configuration, patch management, and hardening, VPNs are vulnerable to attack," the NSA explains.
Among the measures network admins need to take to ensure a VPN's security, the NSA underlines the need to reduce the attack surface, to always customize the VPN's default settings, and to apply any security updates as soon as they're issued by vendors.
NSA releases guidance on securing IPsec Virtual Private Networks
The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.
www.bleepingcomputer.com