Tuesday, January 26, 04:03
Home security NSA: Gives instructions for protecting VPNs from attacks!

NSA: Gives instructions for protecting VPNs from attacks!

His pandemic COVID-19 has led many organizations to recommend remote work to their employees, in an effort to reduce the chances of the virus spreading and ensure security their. On the occasion of the new conditions, the National Security Service USA (NSA) has published some guidelines that organizations must follow to enhance the security of virtual private networks (VPNs) and IPsec tunnels from possible attacks. In addition to providing advice to organizations on how to secure IPsec tunnels, NSA's guidance on VPN also highlights the importance of using strong encryption to protect sensitive and confidential information contained in traffic, crossing unreliable networks when connecting. to distant ones servers.

The NSA states that VPNs are necessary to enable remote access and secure connection to remote sites, but without proper configuration and patch management, VPNs are vulnerable to attack. Among the measures that network administrators need to take to ensure the security of their VPNs, the NSA emphasizes the need to reduce the level of attack, adjust the default VPN settings and implement any security updates released by suppliers.

More specifically, the NSA recommends that organizations follow the following guidelines to ensure the security of their VPNs:

• Reduce the VPN gate attack area.
• Make sure the cryptographic algorithms comply with CNSSP.
• Avoid using default VPN settings.
• Remove "unused or non-compliant" suites encryption.
• Apply updates provided by suppliers, ie code updates, for gates and VPN customers.

Initially, administrators are advised to apply strict traffic filtering rules designed to restrict ports, protocols, and IP addresses that can be used to connect to VPN devices. If this is not possible, an Invasion Prevention System (IPS) can help by monitoring the unwanted movement of Ipsec. Managers must also ensure that ISAKMP / IKE and IPsec policies do not allow outdated encryption algorithms to prevent confidential data breaches. As for the default VPN settings, NSA recommends avoiding the use of wizards, scripts or defaults provided by suppliers, as they may form non-compliant ISAKMP / IKE and IPsec policies.

The removal of non-compliant and unused encryption suites is another measure recommended for defense against attacks, where VPN endpoints are forced to negotiate non-compliant and unsafe cryptographic suites by exposing encrypted VPN attempts. Another measure that is very important for organizations to follow is to make sure that the latest code updates provided by a supplier are implemented as soon as possible to mitigate errors recently discovered security and affect both portals and VPN customers. The NSA has also issued instructions providing managers with examples of IPsec VPN configurations and specific instructions on how to implement the above measures and ensure the most secure VPN configurations.

In late 2019, the NSA warned many state-sponsored APT (Advanced Persistent Threat) hackers who exploit the vulnerabilities CVE-2019-11510, CVE-2019-11539 and CVE-2018-13379 to compromise vulnerable VPN devices. The NSA has also issued mitigation instructions to customers of Pulse Secure, Palo Alto and Fortinet VPN to enhance the security of their VPNs. In early 2020, CISA warned organizations to fix their Pulse Secure VPN servers to bolster their defenses against attacks attempting to exploit a vulnerability remote code execution (RCE) identified as CVE-2019-11510. This was followed by another warning issued by CISA in October 2019 and others issued by the National Security Service (NSA), the UK's National Cybersecurity Center (NCSC) and the Canadian Center for Security. in cyberspace.

That same month, an FBI security alert said state hackers had breached the networks of a U.S. financial entity and a U.S. municipal network after exploiting servers that were vulnerable to vulnerabilities identified as CVE-2019-11510.
Shortly afterwards, CISA reported that hackers had successfully developed ransomware in US hospital systems and government agencies, with the help of thieves credentials by Active Directory, months after the exploitation of Pulse Secure VPN servers that was unpatched against the vulnerability identified as CVE-2019-11510. In March, CISA also shared a series of tips, in an effort to help home-based organizations insure their corporate VPNs properly. hackers they were expected to focus their attacks on workers who resorted to remote work.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...